Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security - PowerPoint PPT Presentation

Loading...

PPT – Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security PowerPoint presentation | free to download - id: 40e808-ZTA1Y



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security

Description:

Network Intrusion Prevention Systems Comparative Test ... Layer Security Security Strategist at TippingPoint Director of Product Management at 3Com ... – PowerPoint PPT presentation

Number of Views:16
Avg rating:3.0/5.0
Slides: 45
Provided by: KenPa4
Learn more at: http://www.dataconnectors.com
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security


1
Know More About Threats, Risks and
Regulations Ken Pappas CEO True North Security
Prepared for
2
Ken Pappas BIO
Professional Career
  • Founder and CEO of True North Security
  • VP Marketing and Security Strategist at Top Layer
    Security
  • Security Strategist at TippingPoint
  • Director of Product Management at 3Com
  • Acquired TippingPoint IPS technology
  • General Manager Security Division Enterasys
    Networks
  • Acquired Security Wizards Dragon IDS technology
  • Acquired Indus River Remote VPN technology
  • Security Clearance, Department Of Homeland
    Security
  • Computer Forensics
  • CISM
  • InfraGard, Boston Chapter sponsored by the FBI
    and DHS
  • Appearance in Wall Street Journal, Fortune, etc.
  • BLOGgt http//secsystems.wordpress.com
  • Twittergt TruNorthSec

Personal
3
Agenda
  • Todays Reality
  • Future Threats Challenges
  • About Sourcefire
  • About True North Security

4
  • Todays Reality

5
Security Highlights
  • Over 285 million records stolen in 2008 vs. 230
    million between the years 2004 2007 with
    Education being the highest.
  • WHY?
  • Who do you think will be 1 in the next two
    years?
  • 31 more bot-infected computers per day in 2008
    vs 2007
  • 90 of breaches from organized crime targeting
    corporate information
  • Cyber crime cost companies more than 650 million
    worldwide
  • Majority of breaches caused by insider negligence
  • Users blurring their social life, personal life
    and work life with regards to Internet Usage

www.idtheftcenter.org
6
Recent Scams
  • Haiti Relief email
  • IRS Form W2 Spoof contains malware
  • Mortgage Fraud
  • Pop up Anti-Virus Advertisement contains virus
  • H1N1 email alert contains malware
  • FDIC email stating bank merger or that your bank
    is a failed bank. Click here? Get a surprise
  • 2010 Census by email
  • SURPRISE the Census bureau does not use email

7
Motivation
Auto Coordinated
Cross site scripting
Attack Sophistication
stealth / advanced scanning techniques
High
Staged
packet spoofing
denial of service
distributed attack tools
sniffers
sweepers
www attacks
automated probes/scans
GUI
back doors
network mgmt. diagnostics
disabling audits
hijacking sessions
burglaries
Attack Sophistication
exploiting known vulnerabilities
password cracking
self-replicating code
Intruder Knowledge
password guessing
Low
2000
1980
1985
1990
1995
Source Carnegie Mellon University
8
Whats Causing Rise In Cyber Crime
  • Recession
  • Social Media Sites
  • Younger/Older generation using computers
  • Availability of Sophisticated tools
  • Trickery Foolery

9
Zero Hour Threats Rising
  • Increase in specialized threats
  • Toolkits used to create virus attacks, making
    specialization of participants a lucrative shadow
    economy.
  • Sophistication of high end threats is evolving
    rapidly
  • Targeted threats attack specific companies,
    persons and systems.
  • Blended threats becoming more common
  • Carefully targeted attack may go unnoticed for an
    undetermined amount of time.

10
Harnessing The Power of Botnets
Source Symantec
11
Industrial Espionage Targeted Attacks
60 of recipients were of a high or medium-level
ranking
42 of recipients of targeted attacks were sent
to high ranking individuals
18 of recipients were of medium-level seniority
5 of recipients were of a lower-ranking security
19 of targeted attacks were directed at general
mailboxes such as info_at_
Individually Targeted Attacks Blocked Per Day
(Average)
Source Symantec
Source MessageLabs Intelligence
12
Targeted Trojans
Targeted trojans are specialized pieces of
malware written to extract high value information
from known subjects.
Source http//www.nypost.com/p/news/business/ hac
kers_targeting_UquyMBhuVAyl6wAn413lGJ
13
Targeted Trojans
Recent Peaks
357
Frequency
PER DAY
Payload
Source Symantec
Source MessageLabs Intelligence
14
Website Security Trends
New sites with malware in 2009 2,465/day
Unique domains hosting malware 30,000
Source Symantec
Source MessageLabs Intelligence
15
Web 2.0
16
Multitude of Threat Vectors
  • Social Media
  • Facebook, MySpace, Linkedin
  • Rogue 3rd Party Apps
  • Tiny URLs
  • Translations
  • RogueWare

17
No Industry Is Being Left Behind
  • Financial
  • Heartland
  • Retail
  • Hannaford's
  • Education
  • Harvard University
  • Oklahoma State University
  • Medical
  • Department of Veterans
  • Cedars-Sinai Medical Center
  • Government
  • North Korea Attacks American Networks
  • China hacking into NASA
  • Israel Attacking Iran

The cyber warfare HAS begun!
18
Space Programs
RUSSIA
USA
19
Easy Availability of Exploit Tools
20
Multitude of Regulations
  • PCI (Payment Card Industry)
  • GLBA (Gramm-Leach Bliley Act)
  • HIPAA (Health Insurance Portability and
    Accountability Act)
  • FISMA (Federal Information Security Management
    Act)
  • HITECH
  • MA 201 CMR 17
  • NERC

21
Perimeter Protection Is Not Enough
  • Communications between machines inside the
    corporate LAN and between choke-points are not
    filtered or protected by a perimeter firewall in
    front of each machine.
  • Servers in the DMZ, Kiosks, workstations used by
    temporary employees, and other hot spots
  • Mobile users are becoming the back door to the
    house
  • Telecommuters are becoming more popular, more
    risks being brought inside

22
Historical Firewall Configuration
To 115.13.73.1
From 66.121.11.7
FTP-21
HTTP-80
Sub 7-6776
Quake-26000
SMTP-25
23
Todays Firewall Configurations
FTP-21
BackOrifice-31337
SMTP-25
24
The Complacency of Fools Will Destroy Us
  • Future Threats Challenges

25
Next Inflection Point
CLOUD COMPUTING
IT resources and services that are abstracted
from the underlying infrastructure and provided
On-Demand and At Scale in a multi-tenant
environment
26
Clouds Blow Away
  • Where does your data go when the cloud blows away
  • When data is breached, who will be at fault?
  • Waiting for first court battle
  • Looks like, feels like SNA?
  • Make sure you have a solid SLA!

27
Next Generation Threats
  • Next Generation Threats Will Use Stealth Methods
    vs. Todays Threats
  • User Error will be the way of malware
  • Information Leakage due to negligence and theft
  • Domestic and International Terrorist stealing
    company technology and secrets
  • New Methods Will Evolve to Adapt to User Behavior
  • Tempt-to-Click Email
  • Tempt-to-Click IM
  • False pop-ups
  • New Computing Environments and Applications will
    be targets
  • VoIP
  • Cloud Computing
  • SaaS (Software as a Service)
  • Social Media
  • Protection Will Require Education And Technology

28
Protect Dysfunctional Users Against Themselves
  • How Do We Best Protect Ourselves and Our Data

29
What Companies Are Thinking About
Securing Virtualization
Virtualizing Security
30
SANS Recommends - Deploy IPS
31
Strategies To Defeat Threats
  • Anti-Virus Updates
  • Deploy an IPS Today!
  • IPS Filters Turned on and Updated
  • Encrypt Hard Drive Data
  • Operating System Security Updates
  • Educate Users
  • Institute Company Wide Security Policy
  • Implement Defense In Depth
  • IPS, Anti-Virus, Encryption, Multiple Passwords,
    Other

There is no silver bullet
32
  • About Sourcefire

Stop Threats and Start Partying!
33
About Sourcefire
Mission To deliver intelligent security
infrastructure for the most efficient, effective
risk management.
  • Founded in 2001 by Snort Creator, Martin Roesch,
    CTO
  • Headquarters Columbia, MD
  • Fastest-growing IPS vendor
  • Global Security Alliance partner network
  • NASDAQ FIRE

Best of Both Worlds
Open Source Community

Sourcefire Development
34
Powered by Snort
Most Widely Used IPS Engine Worldwide
  • 270,000 Users
  • 3.7 Million Downloads
  • 80 of Fortune 500
  • 40 of Global 2000
  • 100 Snort Integrators
  • 9,000 Snort Rules
  • Worlds Largest Threat Response Community

35
Problems With a Traditional IPS
Architecture
Accuracy
Intelligence
Operation
36
A New Approach
Architecture
Accuracy
Intelligence
Operation
37
Backed by Sourcefire Vulnerability Research Team
VRT
Unrivalled Protection Against Advanced
Persistent Threats
Private Public Threat Feeds
Snort Community Insight
300 New Threats per Month
20,000 Malware Samples per Day
Advanced Microsoft Disclosure
VRT Research Analysis
VRT LAB
gt150 million performance regression tests
1000s of software packages
100s of hardware platforms
Comprehensive Protection
38
Best-in-Class Detection
  • Based on Snortde facto IPS standard
  • Vulnerability-based, zero-day protection
  • Open architecture
  • Flexible custom rules
  • Ranked 1 in detection by NSS Labs

Network Intrusion Prevention Systems
Comparative Test Results, December 2009.
Comparison using a tuned policy.
39
NSS Labs Group IPS Test Block Rate Comparison
Source Graphic used with permission by NSS
Labs. Network Intrusion Prevention Systems
Comparative Test Results, December 2009.
40
Sourcefire Appliance Product Lines
VMware Virtual Appliances Virtual Defense
Center Virtual 3D Sensor
Sourcefire Defense Center
DC1000
3D9900 10 Gbps
DC3000
DC500
3D6500 4 Gbps
3D4500 2 Gbps
3D3500 1 Gbps
3D2500 500 Mbps
3D2100 250 Mbps
PERFORMANCE
3D2000 100 Mbps
Sourcefire 3D Sensor
3D1000 45 Mbps
3D5005 Mbps
41
Why Sourcefire?
  • Powered by Snort
  • Driven by Intelligence
  • Best-in-Class Detection
  • Open Architecture
  • Highly Automated

Stop Doing Things the Old Way! Leverage the
Only Intelligent IPS.
42
True North Security
  • Vulnerability Audits
  • Create / Enhance Security Policies
  • Network Data Protection Solutions
  • Security Awareness Training
  • PCI Compliance
  • Video Monitoring and Surveillance Solutions
  • kenpappas_at_truenorthsecurity.com
  • 978.846.1175

43
Summary
  • Cyber security attacks are common and costly
  • Attackers are sophisticated, well-financed and
    highly motivated
  • You have limited IT resources
  • Traditional security products cant keep up

44
Thank You Ken Pappas CEO True North Security
kenpappas_at_truenorthsecurity.com
Prepared for
About PowerShow.com