Confidence In A Connected World

Transcription

Confidence In A Connected World
Confidence In A
Connected World
Ezad Ezanee
Senior Technical Consultant
Symantec Corporation Malaysia
CONFIDENCE IN A
CONNECTED WORLD
Security Threat Landscape
Know your enemy and know yourself; in a
hundred battles, you will never be defeated.
When you are ignorant of the enemy but know
yourself, your chances of winning or losing are
equal. If ignorant both of your enemy and of
yourself, you are sure to be defeated in every
battle. -- Sun Tzu
2
CONFIDENCE IN A
CONNECTED WORLD
APJ - ISTR XII
Top countries of attack origin
Over the first six months of 2007, the United
States was the country of origin of the most
attacks against APJ-based computers,
accounting for 29 percent of attacks detected by
sensors in the region
3
CONFIDENCE IN A
CONNECTED WORLD
APJ - ISTR XII
Top countries targeted by DoS attacks
Over the first six months of 2007, China was the
APJ country most frequently targeted by DoS
attacks, accounting for 74 percent of attacks in
the region
DoS attacks are a major threat to Internetdependent organizations. A successful DoS
attack can render Web sites or other network
services inaccessible to customers and
employees.
4
CONFIDENCE IN A
CONNECTED WORLD
APJ - ISTR XII
Bot-infected computers by city
The top six cities for bot-infected computers in
the APJ region were located in China
Guess which city is at the 7th spot??
5
CONFIDENCE IN A
CONNECTED WORLD
APJ - ISTR XII
Top ten malicious code samples
Gampass targets online gamers. Clear evidence
of identity theft.
The total annual wealth created within virtual
worlds has been placed at approximately 10
billion USD.
Largest online community is estimated at 8
million users.
6
CONFIDENCE IN A
CONNECTED WORLD
APJ - ISTR XII
Threats to confidential information
Some malicious code programs are designed
specifically to expose confidential information that
is stored on an infected computer.
Existence of underground market that trades
confidential information such as credit card
information, user accounts etc.
Commercial exploit frameworks available to
assist hackers.
7
CONFIDENCE IN A
CONNECTED WORLD
Online Interactions Changing and Increasing
GAMES
MUSIC
CALENDAR
FILE SHARING
INSTANT
MESSAGING
2ND GENERATION
CHAT
BLOGS
Online Centric
PC Centric
LATE
1990’s
EARLY
FINANCES
2000’s
CURRENT
SOCIAL NETWORKS
PICTURES
VOIP
8
COLLABORATION
CONFIDENCE IN A
CONNECTED WORLD
Threats Will Continue to Evolve
Financial /
Criminal
Motivation
Phishing
Spyware
Crimeware
Spam
Bots &
Botnets
Curiosity /
Technical
Interest
1985
Worms
Vulnerabilities
Viruses
1995
Mainstream Timing
9
Zero Day
Exploits
& Threats
2005
CONFIDENCE IN A
CONNECTED WORLD
Our Vision
Symantec gives you the
freedom to work and play
in the connected world—
on your own terms
10
CONFIDENCE IN A
CONNECTED WORLD
Symantec : Managing IT Risk
Availability
Compliance
Keep The Systems Up
Ensure Rapid Recovery
Ensure Adequate Controls
Automate Evidence Collection
IT Policy &
External Regulation
Internal & External
Malicious Threats
Keep Bad Things Out
Keep Important Things In
Security
11
Information
IT
Infrastructure
Natural Disasters
& System Failures
Application
Response Times
Optimize Resources
Ensure Correct Configuration
Performance
CONFIDENCE IN A
CONNECTED WORLD
Pervasiveness of Connectivity
Evolving Technology Landscape
• Reputation
• Social Interactions
• Collaborations
• User Community Development
• E-Commerce
• Innovation & Knowledge Sharing
• Videos
• Photos
• Voice and Sound Files
• Documents & Email
• Databases
• Mobile, Tracking Devices
• PCs
• Servers
• Storage Devices
• Data Center
INFRASTRUCTURE
INFORMATION
Technology Adoption Evolution
12
INTERACTIONS
CONFIDENCE IN A
CONNECTED WORLD
Trusted Environment Maximizes Business Value
New Challenges Require A Trusted Environment To Protect Assets And Create
Business Value
Pervasiveness of Connectivity
• Reputation
• Social Interactions
Protecting the Interactions
• Collaborations
• User community development
• E-Commerce
• Innovation & Knowledge Sharing
• Videos
• Photos
• Voice and sound files
• Documents & Email
• Mobile devices
• PCs
• Servers
• Storage devices
• Data Center
INFRASTRUCTURE
Protecting the Information
Protecting the Infrastructure
INFORMATION
Technology Adoption Evolution
13
INTERACTIONS
CONFIDENCE IN A
CONNECTED WORLD
Security 1.0 – Protecting The Systems
CrimeWare
SpyWare
Viruses
Worms
System
Devices
Loose
Privileges
Buffer
Overflows
Back
Doors
1010101
1010101
1010101
Cell Phone
14
Laptop
Desktop
File Server
Application Server Messaging Server
Database Server
CONFIDENCE IN A
CONNECTED WORLD
Security 2.0 – Protecting The Information
Information Security
Security Foundation
Cell Phone
15
Laptop
Desktop
File Server
Application Server Messaging Server Database Server
CONFIDENCE IN A
CONNECTED WORLD
Security 2.0 – Building On The Vision
16
Infrastructure focus
Information focus
Vulnerability exploits
People-based exploits
Point solutions –
silos, complex
Operationalizing security
(central view, simple)
Inhibitor –
locks down systems
Enabler – balances risks
CONFIDENCE IN A
CONNECTED WORLD
Control access from the endpoint
The Symantec Security
2.0 Landscape
Internal endpoints
External endpoints
End point Management
Messaging Security,
Filtering and access
control
Control Compliance
Information
& Events
Manageme
nt
Prevent the leakage of data
Endpoint Access
Control & Data
Leakage Protection
Compliance
Solution
Employees, Visitors & Partners
Database
security
Corporate data bases
OnOn-Demand
Policy
Manager
Endpoint
Management
Endpoint Access Control
& Data Leakage
Protection
Archiving
Solution
17
Inside Employees
Applications
CONFIDENCE IN A
CONNECTED WORLD
Compliance and Security Management
Customer Challenges
Define
Control
Determine risk and develop
appropriate policies
Monitor compliance and
remediate problems
WRITTEN
POLICY
PROCEDURAL
CONTROLS
18
TECHNICAL
CONTROLS
Govern
Demonstrate due care
and optimize controls
CONFIDENCE IN A
CONNECTED WORLD
Compliance and Security Management
Define
REGULATIONS
FRAMEWORKS
Control
STANDARDS
CORPORATE POLICIES
Govern
IT CONTROL CHECKS
MEASURE
REPORT
SOX
HIPAA
JSOX
ASCI
GLBA
33
FISMA
Base I
Basel ll
Internal policies
Operating Systems
COBIT
OSA
PCI-DSS
-
Databases
ISO17799
NIST
CIS
Applications
Privacy
COSOAct
Spam
NISTAct
BS
NIST
7799
NSA
Determine risk and develop
appropriate policies
19
RECORD
Directories
People
Monitor compliance and
remediate problems
Demonstrate due care
and optimize controls
CONFIDENCE IN A
CONNECTED WORLD
Information is an Asset
Protect employee,
customer & patient data
Demonstrate
regulatory compliance
Social security
HIPAA, GLBA
Corporate IP
Credit cards
PCI
Sensitive information
Account information
Regional data
privacy regulations
Source code
20
Prevent loss of
intellectual property
CONFIDENCE IN A
CONNECTED WORLD
Direct and Indirect Costs of a Publicly
Reported Data Breach
Remediation costs can run $100 -300 per
lost customer record
Customer notification
Offer of credit monitoring
IT remedial Action
Audit fees
Significant indirect costs
Loss of brand, customer trust and
reputation
Lawsuits, drop in share price, Chapter 11
Expected customer and revenue losses
Loss of Information is Costly
14%
12%
10%
8%
6%
4%
2%
0
100
1,000
10,000
100,000
Number of employees
*July 2007, IT Policy Compliance Group
21
CONFIDENCE IN A
CONNECTED WORLD
Today’s News Headlines
22
CONFIDENCE IN A
CONNECTED WORLD
Information Risk Management
Customer Challenges
1 2 3 4 5
Keep Costs
Down
23
Keep Bad
Things Out
Keep Important
Things In
Keep Things As Find Things And
Long As Needed
Mine Them
CONFIDENCE IN A
CONNECTED WORLD
Corporate Information
Structured Information In Databases
Unstructured Information In Email & File Servers
Source Code, Employee & Customer Records etc.
File Server
24
Messaging Server
Database Server
CONFIDENCE IN A
CONNECTED WORLD
Information Risk In Database Systems
In 2005 There Were 130 Reported Data Breaches
57,000,000 Records Were Affected
File Server
25
Messaging Server
Database Server
CONFIDENCE IN A
CONNECTED WORLD
Database Security
Keep An Audit Trail Of All SQL Activity
SELECT Credit_Card, FROM Customers
Audit
SQL Audit Trail
Policies
File Server
Messaging Server
26
Database Server
CONFIDENCE IN A
CONNECTED WORLD
Database Security
Detect Potential Threats From Insiders & Outsiders
SELECT Credit_Card, FROM Customers
27
Fraud Detection
Fraud
Policies
SQL Audit Trail
Audit
Policies
Database Server
CONFIDENCE IN A
CONNECTED WORLD
Database Security
Detect Leakage Of Confidential Information
SELECT Credit_Card, FROM Customers
Data Leakage
Fraud Detection
Extrusion
Policies
Fraud
Policies
Audit
SQL Audit Trail
Policies
File Server
Messaging Server
28
Database Server
CONFIDENCE IN A
CONNECTED WORLD
Database Security In Action
Exchange and OCS Servers
Messaging Security
and Web Filtering
Data in Motion
Corporate data bases
External user gets
anomalous access to
data base
Watches transactions,
dynamically learns &
updates patterns of use
Legal
Archiving Solution
Database Security
Employee
IT
Internal user accesses
“protected data”
29
Policies are created to
monitor protected data
transactions
IT alerted with
for
investigation
intruder
address
information
Database Security detects
and logs all databases on
network
CONFIDENCE IN A
CONNECTED WORLD
Information Risk In Messaging Systems
Email – A Mission Critical Application
75% Of All Intellectual Property Is Contained In Email
75% Of All Litigation Involves Some Kind Of Email Discovery
File Server
30
Messaging Server
Database Server
CONFIDENCE IN A
CONNECTED WORLD
Mail Security – Keep Bad Things Out
Spam made up 61% of all monitored email across the
Internet during this period
In APJ 70% of all monitored email traffic was spam
84% of all email originating in Malaysia was spam
31
CONFIDENCE IN A
CONNECTED WORLD
Top Ten Attacks Targetting Government Sector
32
CONFIDENCE IN A
CONNECTED WORLD
Mail Security – Keep Important Things In
Credit Cards, Patient Records, Employee Information
Scan Within Email Message Body Or Attachments
Malicious Code
File Server
Anti-Virus
Fraud Prevention
Spam
Traffic Shaping &
Spam Filtering
Phishing
Messaging Server
I recently left Acme, and
believe your engineering
team have stolen your #1
competitors intellectual
property. You might want
to let your lawyers see
this
I recently left Acme, and
believe your engineering
Bob
team have stolen your #1
competitors intellectual
property. You might want to
let your lawyers see this
Database Server
Bob
33
CONFIDENCE IN A
CONNECTED WORLD
Messaging Security In Action
4. Administrator verifies policy
Exchange and OCS Servers
Messaging Security
and Web Filtering
2. Email is filtered and held
by Messaging Security
Legal
Archiving Solution
Employee
IT
1. Email containing sensitive
information is sent
34
3. Administrator is notified
regarding Policy Violation
CONFIDENCE IN A
CONNECTED WORLD
Messaging Security In Action
Exchange and OCS Servers
Messaging Security
and Web Filtering
6. Legal department is notified
and research information is
forwarded
5. Administrator analyzes
details of email policy
violation
Legal
Archiving Solution
Employee
IT
8. Related violations are
discovered and content is locked
in the archive
35
7. Administrator checks for
related IM and web policy
violations.
CONFIDENCE IN A
CONNECTED WORLD
Information Risk In User Files
1 In 50 Files Contain Confidential Information
1 In 400 Messages Contain Confidential Information
Alert
HTTP
FTP
FTP >>
File Server
Messaging Server
FTP
Database
Server
Audit
Trail
36
CONFIDENCE IN A
CONNECTED WORLD
Symantec Endpoint Protection:
Next Generation Symantec AntiVirus
Network Access
Control
Results:
Device Control
Increased
Protection, Control &
Manageability
Intrusion
Prevention
Firewall
Reduced
Cost, Complexity &
Risk Exposure
Antispyware
AntiVirus
Symantec Endpoint
Protection 11.0
Symantec Network
Access Control 11.0
Single Agent, Single Console
37
37
CONFIDENCE IN A
CONNECTED WORLD
Redefining Antivirus Protection
Symantec
Endpoint
Protection
v11.0
Network Access
Control
Device Control
Intrusion
Prevention System
Firewall
Single Agent
Antispyware
Antivirus
38
Competitive Products
B
C
A
●* ◔ ○ ○
●
●
●
●
●
○
◔
◔
●
●
○
○
◔
●
●
○
○
◒
●
●
38
CONFIDENCE IN A
CONNECTED WORLD
Single Agent, Small Footprint
39
A
75 MB
○
◒
○
○
○
◔
●
●
B
○
○
○
○
○
◔
●
●
C
○
○
○
○
○
◒
●
●
Maximizes
System
Resources
SNAC-ready
Easy to deploy
25 MB
21 MB
Single Agent
●
●
●
●
●
●
●
●
Competitive
Products
50 MB
Symantec
Endpoint
Protection
v11.0
39
CONFIDENCE IN A
CONNECTED WORLD
Proactive Threat Scan
Detects ~1,000 threats/month not detected by
top 5 leading antivirus engines
• 6 months testing with Norton consumer technology
• Very low false positive rate (0.004%)
• Only 40 FP for every 1M computers
• No set up or configuration required
40
40
CONFIDENCE IN A
CONNECTED WORLD
Device Control
• Restrict Access to devices
(USB keys, CD-RW drives, etc.)
• Prevents data Loss (slurping), social engineering
• Security Policies for user groups
41
Endpoint Security
41
CONFIDENCE IN A
CONNECTED WORLD
Network Access Control Ready
• Agent is included in Symantec
Endpoint Protection, no extra
agent deployment
• Simply license SNAC when
ready
• More enforcement options
and flexibility
42
Endpoint Security
42
CONFIDENCE IN A
CONNECTED WORLD
Symantec Endpoint Protection
Controlling leakage at the source
1. Location Based Policy uploaded to Client
Symantec
Endpoint Protection
Manager
R
Symantec Security Information Manager
3. Client reports policy activity
upon reconnection to Corporate Network
43
2. Remote Location Policy prevents USB access
CONFIDENCE IN A
CONNECTED WORLD
Symantec Network Access Control
1. Administrator creates
Symantec On-Demand Agent
Symantec On-Demand
Policy Manager
3. Visitor
connects to
network
SNAC Gateway Server
Remediation
Visitor
4. Symantec On-Demand
Agent downloads
On Demand Server
2. Administrator uploads
On-Demand Agent
44
Partner
CONFIDENCE IN A
CONNECTED WORLD
Symantec Network Access Control
Symantec On-Demand
Policy Manager
Ant
iVir
Firew us & A
nti
a
Patch ll & IPS Spy w
a
PDac e s
&S
evks
erv
Co ice &
ic
ntr
o l Softw e
ar e
re
5. Symantec On-Demand
Agent verifies host integrity
SNAC Gateway Server
6. Malicious Code Protection
scans for Key Loggers &
Screen Scrapers
Remediation
Visitor
On Demand Server
Partner
45
CONFIDENCE IN A
CONNECTED WORLD
Symantec Network Access Control
7. On-Demand
launches the Virtual
Desktop
8. Visitor securely
interacts with
corporate data
Symantec On-Demand
Policy Manager
9. When Virtual Desktop is
closed all data is erased
SNAC Gateway Server
Remediation
Visitor
On Demand Server
46
Partner
CONFIDENCE IN A
CONNECTED WORLD
Things To Remember
Security 1.0 Was About Protecting Systems
Security 2.0 Is About Protecting Information
Real Time Filtering Of Database, Email & Web Information
Analysis Of Historical Data Through Archiving
ISTR Vol XII
http://www.symantec.com/enterprise/theme.jsp?themeid=thr
eatreport
47
Ezad Ezanee
[email protected]
+60122889887