Insider Threats, Anomalies and wrong behavior in Networks eTrust Solutions and Techniques to cope wi

1
Insider Threats, Anomalies and wrong behavior in
Networks eTrust Solutions and Techniques to
cope with CyberCrime and IT/Communication Fraud

• Presented to you by Andreas Wagner
• Principal Consultant (Chief Security Advisor) -
  MEA

2
Agenda

• Introduction Andreas Wagner
• CSI/FBI 2005 Cyber Crime Security Study
• Nightmares for CSOs, CEOs and Shareholders
• Live presentation of CyberCrime Analysis
• eTrust Security Solutions to ease Nightmares
• The different point of view (Summary)
• Questions Answers

3
Introduction Andreas Wagner

• Andreas Wagner
• Security Expert Consultant, Author, Chief
  Security Advisor
• 46 yrs., married, 2 Kids
• 26 yrs. in IT
• 11 yrs. in Security
• IBM/370, PC, Networks, Internet, Security,
  Computer Network Forensics, Lawful
  Interception, CyberCrime
• andreas.wagner_at_ca.com

4
Introduction Andreas Wagner

• Customers requested either / or
• Presentations
• Consulting
• Reorganization / Reconstruction
• GAP Analysis
• Trainings
• Executive Coaching
• Investigations
• Man Hunt
• Search for Evidence
• Anomaly Behavior Analysis
• Securing of Evidences
• IT-Forensic (Network and Computer)
• Network Interception
• Context Analysis
• Security Motivation
• Penetration test (Logical / Physical)
• Human Hacking (Social Engineering)
• Assessments

Finance 1. Bank Austria Bank Austria Post
Austria Swiss Life Swiss Re HUK Coburg
Insurances Polish National Bank Greek National
Bank Government Ministry of Finance
(Austria) Ministry of Interior
(Germany) Ministry of Interior
(Macedonia) Security (Secret Service, Police
Defence) Austria Slovakia Czech Republic
Macedonia Croatia Sultanate of
Oman Sultanate of Brunei Dubai Royal Air Force
GB Global Security Command Control German
Army Bulgarian Army NATO FBI Germany Customs
Control Germany Several State Polices in
Germany Manufacturing BMW Krones
AG Spinner Adva Optical Balfour Beatty Rail
Systems Telecom BT Northern Ireland T-Mobile
Germany Vodafone UK O2 Germany Saudi Telecom
Corp.
5
CSI/FBI 2005 CyberCrime Security Study
6
CSI/FBI 2005 Cyber Crime Security Study
7
The Reason for Nightmares
Your Network (Micro Internet)
The Big / Bad Internet
IP-Based Dangerous Criminals Worldwide Medium
fast Connect only with restrictions No ownership
IP-Based Trusted Employees Local to
Worldwide Fast No restrictions Your ownership
Perfect Workspace for Hackers, Insider etc.
Workspace of Hackers etc.
8
Nightmares for Companies and Shareholders

• Insider Threats (Info Leakage, Eco Spys, Social
  Engineering)
• BotNet Attacks to eCommerce and eBanking
• Viruses, Worms, Trojans, Spyware, Spytools
• Illegal installed WLANs
• Lost / Stolen / Misused Laptops
• Unknown Communication Behaviour
• Unacceptable use of the Internet
• NN-1 Communication between Windows-Machines
• Too many vulnerabilities
• eCommerce Apps. quite easy to hack !
• Infrastructure helps Attackers/Insiders to hide
• No internal Security Perimeters / Firewalls
• No Desktop / Server Firewalls
• Too many Logfiles to analyze
• Weak capability of correlation in the brain
• Not well trained Security Personnel
• Too many false positives
• No Security Awareness Training for Employees
• Ignorance

Proprietary information theft resulted in the
greatest financial loss (70,195,900 was lost
among 530 surveyed companies, with the average
reported loss being approximately 2.7 million),
which are mostly coming from internal
unauthorized access. (CSI/FBI 2003)
9
What Bad Guys use !!
10
Memory Sticks, Gadgets Co.
11
For the Cracks
12
For the lazy Cracks
13
Enough with Theory, lets become live !

• Analysis Technologies by Visualizing data
• Context Analysis on eMail
• Profiling of Network Objects for Man Hunt
• Outperforming CyberCrime by thinking like your
  Enemy
• Precautions in Networks to prevent CyberCrime
• Tips, Tricks and Cases already happened !!

14
Consequence Lesson learnt !

• You need endpoint Security to get Triggers
• Triggers have to be correlated into an
  Information System, to recognize alarms
• Become ahead of CyberCrime by thinking like your
  Enemy
• Logical penetration tests are usefull as they
  involve human factors
• There is no such thing as ROI on Security, or is
  there a ROI of an unused Fire Extinguisher ?

15
eTrust Security Solutions

• eTrust Security
• Who has access to what?
• What is happening in your environment?
• Who / What causes it?
• How can you address it?
• Perfect overall protection !
• In depth investigation of cases !
• Enabled by a world-class research team !
• Tailored to your needs with a world class
  consultant team !
• Integration with network and systems management
  tools !
• On-demand security management !
• Real Time Protection !!

16
Evolution of Security
4th Generation Proactive
Complexity/Management
3rd Generation Enablement
2nd Generation Reactive
1st Generation Gates, Guns, Guards
Time
17
The Vulnerability Problem is Growing
Through 2008, 90 percent of successful hacker
attacks will exploit well-known software
vulnerabilities. - Gartner
Gartner CIO Alert Follow Gartners Guidelines
for Updating Security on Internet Servers, Reduce
Risks. J. Pescatore, February 2003 As of
2004, CERT/CC no longer tracks Security Incident
statistics.
18
Managing Your Assets Vulnerabilities
VPN
PC
On average, it will take 43 staff hours to
manually address 170 vulnerabilities for 4
technologies. Source Based on a study
conducted by a third-party consultant.
Switch
Internet
Router
Switch
Firewall
Firewall
Hub
Database Server
Load Balancer
IDS
Server
Switch
Server
Web Server
19
Security is a Process IAM
Access Accounts Created
Marge Greene Director, Human Resources
WORK FLOW PROCESS
Department Manager Gives - OK
Enterprise Critical Reliability Unlimited
Scalability and more
New Hire
Robert Stone EVP, Sales New Division
20
eTrust Security Management
Hackers
Customers
Malware
Partners
Spam
Contractors
21
Security Data

• Challenges
• Too much security data
• Unable to prioritize events
• Costly to control incidents
• Unable to meet auditing and compliance
  requirements

22
Security Information Management

• Solutions
• Turning data into information that can be used to
  take action
• Help ensure incidents dont impact business
• Providing security views that enable compliance
• Comply with Basel II, HIPAA, Sarbanes-Oxley,
  internal standards or others

23
Security Event Management
Alerts eTrust Security Command Center of
Security Events
eTrust Security Command Center
Unicenter ServicePlus Service Desk
Deploys Technician
1.
2.
4.
Check Point Firewall
Lists Assets Vulnerable to Exploit
Unicenter Software Delivery
Internet Security Systems (ISS) Scan
eTrust Intrusion Detection
Requests Assets Affected by Exploit Vulnerability
Deploys Patch or Configuration via Embedded or
External Unicenter Software Delivery for
Implementation on Assets
5.
3.
eTrust Vulnerability Manager
24
eTrust Security Solutions to ease Nightmares

• Network Forensic, Tiny Firewall Suite, IAM
• Anti Virus, Pest Patrol, Secure Content Mgr.
• Wireless Site Manager (Unicenter)
• Tiny Firewall Suite
• Tiny Firewall Suite, Network Forensic, SIM
• Secure Content Mgr., Network Forensic, IAM
• Tiny Firewall Suite
• Vulnerability Manager, Tiny Firewall Suite
• Tiny Firewall Suite, Site- Transaction Minder
• Tiny Firewall Suite
• Tiny Firewall Suite
• Tiny Firewall Suite
• Audit, SCC
• Audit, SCC, Network Forensic
• eTrust Security Products
• eTrust Security Products
• Better reporting from all products through SIM

• Insider Threats (Info Leakage, Eco Spys,)
• Viruses, Worms, Trojans, Spyware, Spytools
• Illegal installed WLANs
• Misused Laptops
• Unknown Communication Behaviour
• Unacceptable use of the Internet
• NN-1 Communication between Windows-Machines
• Too many vulnerabilities
• eCommerce Apps. quite easy to hack
• Infrastructure helps Attackers/Insiders to hide
• No internal Security Perimeters / Firewalls
• No Desktop Server Firewalls
• Too many Logfiles to analyze
• Weak capability of correlation in the brain
• Not enough well trained Security Personnel
• Too many false positives
• No Security Awareness at C Level

All Events have to be centralized by SCC or Audit
25
The different point of View (Summary)

• Security is a strategy process, perfectly
  supported by the eTrust product suite !
• Think like your enemy ! Reduce the possibility of
  Security breaches by the most comprehensive
  Suite eTrust Products
• Reduce the Workload through eTrust SIM
• Expect the unexpected, strong Content, Border and
  Endpoint Security by Threat Management protects
  you from surprises !
• I dont know what I dont know ! With Network
  Forensic you will !!
• Security is the ART to open systems in a way,
  that they are perfectly close ! IAM and the Tiny
  Firewall Suite are the Solution
• Security without enough sensors and SIM is like
• Finding a needle in a haystack, without knowing
  which color the
• needle has and in which barn the haystack is !
• Identify before you let someone Access anything!!
  Siteminder and IAM are the solution !
• Do not secure or detect in the middle of your
  network, secure the endpoints with Tiny Firewall
  Suite and IAM

26
CyberCrime already hit your company, but you were
not able to detect it !The complete solution
with eTrust Products to prevent being a Victim !

• Presented to you by Andreas Wagner
• Principal Consultant (Chief Security Advisor)
  MEA
• Andreas.Wagner_at_ca.com
• 966 500 107 693 KSA mobile
• Or 8821 6777 09769 Worldwide mobile