Escalating Cyber Security Threat - PowerPoint PPT Presentation

1 / 45
About This Presentation
Title:

Escalating Cyber Security Threat

Description:

downtime caused by security issues have ... Continental Airlines. Reservation system taken off-line. BMW. Assembly plants impacted ... The Unsecured Frontier ... – PowerPoint PPT presentation

Number of Views:238
Avg rating:3.0/5.0
Slides: 46
Provided by: bobe9
Category:

less

Transcript and Presenter's Notes

Title: Escalating Cyber Security Threat


1
Escalating Cyber Security Threat
Jack Sebbag Canadian VP General Manager January
31st, 2005
2
The Escalating Threat
  • Security threats in global business have become
    a board room issue
  • The consequences of networkdowntime caused by
    security issues have become financially
    significant

3
Major Business Case is Avoiding Downtime
4
  • Todays Malware Count 112195 (Jan 05)

Source McAfees VirusScan statistics
5
Virus Outbreak Count Medium and above
Source A.V.E.R.T
6
The Good old days
  • New Virus infects a company
  • Sample sent to lab
  • New Driver written
  • Customer gets fix
  • All customer updated
  • Maybe virus spreads
  • over next weeks/months

7
Today
  • Virus infects globally within hours
  • Sample sent to lab (30min)
  • New Driver written (1hr)
  • Customer deploys
  • update (hours/days)
  • Too late

8
The Speed Of Attacks Accelerates
  • SQL Slammer
  • Blended threat exploits known vulnerability
  • Global in 3 minutes
  • Enterprises scramble to restore business
    availability
  • Discovered 1/25/03

9
Propagation Explosion
Population Increase
7/17/01 9/18/01 12/04/01 1/25/03 8/11/03
Source IDC 2002
10
Market Drivers
Vulnerability Window
Time needed to deploy counter measures (in hrs)
11
Serious Business Impact
  • Bank of America
  • 14,000 ATMs down for over a day
  • Ford Motor Company
  • Many manufacturing facilities off-line, workers
    sent home
  • Continental Airlines
  • Reservation system taken off-line
  • BMW
  • Assembly plants impacted
  • Air Canada
  • Call center and check-in systems infected,
    required manual check-in
  • Cisco
  • Major internal infection, partners blocking email
    from Cisco.com

12
The Response Increased Security Spending
Source CIO Magazine
13
Shorter Time WindowFrom Patch to First Attack
Apr. 13, 2004 Patch MS00-078
April 30 2004
Sasser
17 Days
Oct. 16, 2003 Patch MS03-026
Aug. 11 2003
MSBlaster
26 Days
Jul. 24, 2002 Patch MS02-039
Jan. 25 2003
Slammer
185 Days
Oct. 17, 2000 Patch MS00-078
Sept. 18 2001
Nimda
336 Days
14
Enter The New Platform For Attack
15
Wireless Networks The Unsecured Frontier
  • 930 million current users, 140 million in United
    States (IDC)estimates 1.2 billion smartphones by
    2004
  • Wireless devices in business use to grow from 12
    million in 2004 to 39 million in 2006
  • 70 percent of wireless networks are not secure -
    New York Times, 3/4/04

16
Get Ready For 1.2 Billion Holes in the Global
Business Network
  • Handheld devices
  • 15 million to ship in 2002 (ABN AMRO)
  • Total by 2004 92 million (ABN AMRO)
  • Just becoming powerful enough to do damage
  • Smart Phones
  • Combination of mobile phone and PDA
  • Will hit North America, EMEA and APAC en masse
  • By 2004, 1.2B Smart Phones worldwide (IDC)
  • Proof of Concept
  • Japanese ISP infected, shuts down emergency
    phone systems

17
Example of Mobile virus
18
SPAM threat or nuisance?
  • Dramatic rise in spam growth rates
  • Aberdeen group survey results
  • 40 to 50 of all incoming emails today is spam

19
Why is SPAM growing
  • Cost
  • Efficiency
  • Access to large population via Internet

20
The 5 Costs of Spam
  • Users time to read the email productivity
    issues
  • Gartner Spam messages cost US organizations 1
    billion a year in lost productivity.
  • Bandwidth use
  • Data storage space
  • Standard Email continues to grow in size.
  • Legal and moral related issues
  • Already cases in US courts where employees suing
    their employers to keep them in clean safe
    working environment.
  • New delivery mechanism for trojans and viruses
    we have already seen Backdoors distributed via
    spam

21
Threats Ahead in 2005 and beyond
  • Phishing
  • Spyware
  • Distributed Denial of Service (DDOS)
  • Router worms
  • Spit storms

22
Is it Fishing or Phishing??
  • Phishing attacks use 'spoofed' e-mails and
    fraudulent websites designed to fool recipients
    into divulging personal financial data such as
    credit card numbers, account usernames and
    passwords, social security numbers, etc. By
    hijacking the trusted brands of well-known banks,
    online retailers and credit card companies,
    phishers are able to convince up to 5 of
    recipients to respond to them.
  • Before submitting financial information through a
    Web site, look for the "lock" icon on the
    browser's status bar. It means your information
    is secure during transmission.

23
(No Transcript)
24
(No Transcript)
25
Spyware
  • Spyware Covertly gathers user information and
    activity without the user's knowledge. Spy
    software can record your keystrokes as you type
    them, passwords, credit card numbers, sensitive
    information, where you surf, chat logs, and can
    even take random screenshots of your activity.
    Basically whatever you do on the computer is
    completely viewable by the spy. You do not have
    to be connected to the Internet to be spied upon.
  • McAfee provides Spyware, Adware, Dialers, Jokes,
    Keyloggers, Password Stealers and other PUP
    detection capabilities in VirusScan 8.0i
  • McAfee is providing AntiSpyware Enterprise in
    March 2005 that will enhance this technology to
    provide removal and realtime on access scanning
    to prevent Spyware from targeting a system

26
DDoS attacks Money, Money Money
  • Hi tech criminals now
  • using Network for extortion.
  • Online gambling company
  • targeted by extortionists,
  • threatening widescale
  • DDoS attacks.

27
Future Attack Technologies
  • Router worms
  • Spit storms

28
Where to start with Security protection?
Data Theft
Viruses
Spyware
Worms
PeerToPeer attacks
Bad Stuff
Adware
External Hacker
Internal Hacker
Spam
Exploits
DoS
User
Phishing
Identity Theft
Mailers
DDoS
Vulnerabilities
29
The Window Of Vulnerability
  • A combination of
  • The SPEED of attack
  • The BLENDED attack mechanism
  • The EVOLVING network environment
  • Reducing the window of vulnerability
  • Proactively reduce the speed of attack
  • Proactively reduce the chance of attack success
  • Proactively reduce the exposure to attack

30
Detecting the method - The attack life cycle
Proof of concept code posted
Attack written starts
Security issue discovered
Security Fix Posted
Signature Posted
VENDOR
CUSTOMER
CUSTOMER
Attack Vulnerability
Security Vulnerability
Time
Pro-Active
Re-Active
0 Security virus issues Discovered
31
The attack life cycle
Security Behaviour
Attack Behaviour
Traditional AV update
Proof of concept code posted
Attack written starts
Security issue discovered
Security Fix Posted
Signature Posted
VENDOR
CUSTOMER
CUSTOMER
Attack Vulnerability
Security Vulnerability
Time
Pro-Active
Re-Active
0 Security virus issues Discovered
32
Comprehensive AV Strategy
But AV is no longer enough
33
Management McAfee ePO
  • One Console For Your Security Needs
  • A single, powerful easy to use interface for both
    the
  • AV products AND security products
  • Policy Enforcement Control
  • Like AV, you need to be sure you are secure
  • Powerful admin template feature for fast adoption
  • Effective Maintenance And Visibility
  • ePOs reporting capabilities allow you to see, at
    a glance, who is at risk, and who is secure.

34
Discovery - Rogue System Detection
  • Deploy one sensor per subnet
  • Sensors passively listen to network broadcasts
    (Layer2 ARP, RARP, DHCP)
  • Sensor notifies ePO server of new system
    operating on network
  • ePO server determines if this is a known or
    unknown system by comparing ePOs database of
    managed systems.
  • ePO alerts or automatically deploys protection

3 New Rogue System Detected !!
ePolicy Orchestrator
35
McAfee Anti-Spyware Enterprise Edition Module
  • True corporate/business-grade Anti-Spyware
    technology for Windows-based PCs, that detect and
    remove potentially unwanted program software
    (PUPS) in real-time and tightly integrated with
    the next-generation anti-virus product for
    complete and transparent management of both
    products as a single agent.

Announcement November 15th, 2004 and
General Availability Q1 - 2005
Proactive
Enhanced Coverage
Lowers TCO
  • Real-time scanning
  • detects Spyware as it is being installed.
  • Memory Process Scanning
  • Traditional On-Demand scanning and removal.
  • Extensive database of Potentially Unwanted
    Programs (PUPS)
  • Registry scanning
  • Memory process scanning
  • Enterprise and SMB Management support
  • Automated update capability
  • Single Agent integrated with AV
  • Complete cleaning

36
Vulnerability Risk Management (Foundstone)
  • Security posture no longer an emotion but can now
    be a science
  • Identifies policies, assets, threats and risk
  • By understanding risk and vulnerabilities, begin
    to identify resources to secure infrastructure.

37
Desktop Firewall
  • Traditionally used for remote users to protect
    against hackers
  • Required today on all devices as part of your
    anti-virus defence
  • Stop malicious code and attacks
  • How?
  • Only allow your specified traffic on the network
  • Firewall prevents undefined applications from
    connecting
  • Bi-directional IDS stops malicious code
    spreading
  • to other PCs

38
Fighting Spam - SpamKiller
  • Rules Based - 750 processed rules that produce a
    weighted score based on view of header, body,
    structure, routing
  • Customizable threshold
  • Default 5 points
  • Heuristic Analysis
  • Engine is looking for email it doesnt know is
    SPAM
  • Probability scoring based on view of view of
    header, body, checksum, etc.
  • Black List / White List
  • Personal
  • Global
  • Content filtering
  • Runs e1000 appliance

39
Introducing Intrusion Prevention
  • Proactive security
  • Accurately detect and block attacks in real-time
  • Block attacks before they reach intended targets
  • Safety-net offering adequate time to patch end
    systems while managing exposure
  • Protection against both known unknown attacks
  • Stay a step ahead of the attackers
  • Put management back into patch management
  • Complements todays reactive security solutions
  • Firewall, anti-virus, IDS

40
IntruShield Next Generation IDSIPS
IDS researchers/developers have always envisioned
the RESPONSE capability as an integral part of
intrusion countermeasures Including packet
logging firewall configuration
  • Accurate detection and real-time prevention in
    one platform
  • Unprecedented Intrusion Intelligence
  • Comprehensive integrated protection
  • Advanced signature, anomaly, DoS detection
  • Scalability and deployment flexibility
  • Industrys richest set of deployment modes
  • In-line, Tap, SPAN, Port clustering, HA
  • Delivers Security Return on Investment (ROI)

41
McAfee Entercept - Host Intrusion Prevention
  • Safeguards the entire server including operating
    system, critical resources and applications
  • Blocks damage from known and unknown (Day-Zero )
  • malicious attacks
  • Protects against both the external and internal
    intruder
  • Protects against worms and buffer overflow
    exploits
  • Eliminates exposure between deployment of patches
  • Uses signature and behavior analysis to identify
    and block attacks.
  • Minimizes false positives

42
End-Goal - Protection-in-Depth
  • Best of Breed Intrusion Prevention to
  • Reliably STOP Known Unknown attacks
  • on your Information Technology infrastructure

43
Best Practices
  • Know your critical assets
  • Understand your threats
  • Know your protection needs
  • Address the cyber threat challenges
    systematically
  • Detection coverage vulnerabilities
    environment
  • Detection accuracy false positives false
    negatives
  • Layered defense with multiple methods
  • Complete protection with integrated responses,
    especially inline blocking
  • Well-defined policy
  • Real enforcement

44
Best practices
  • Security cant be treated as a phase.
  • Investment as of overall IT spending is
    warranted competitive advantage.
  • Its everybodys problem treat issue of security
    as an issue of insurance.
  • Practice safe computing.

45
Q A
Write a Comment
User Comments (0)
About PowerShow.com