Confidence In A Connected World
Transcription
Confidence In A Connected World
Confidence In A Connected World Ezad Ezanee Senior Technical Consultant Symantec Corporation Malaysia CONFIDENCE IN A CONNECTED WORLD Security Threat Landscape Know your enemy and know yourself; in a hundred battles, you will never be defeated. When you are ignorant of the enemy but know yourself, your chances of winning or losing are equal. If ignorant both of your enemy and of yourself, you are sure to be defeated in every battle. -- Sun Tzu 2 CONFIDENCE IN A CONNECTED WORLD APJ - ISTR XII Top countries of attack origin Over the first six months of 2007, the United States was the country of origin of the most attacks against APJ-based computers, accounting for 29 percent of attacks detected by sensors in the region 3 CONFIDENCE IN A CONNECTED WORLD APJ - ISTR XII Top countries targeted by DoS attacks Over the first six months of 2007, China was the APJ country most frequently targeted by DoS attacks, accounting for 74 percent of attacks in the region DoS attacks are a major threat to Internetdependent organizations. A successful DoS attack can render Web sites or other network services inaccessible to customers and employees. 4 CONFIDENCE IN A CONNECTED WORLD APJ - ISTR XII Bot-infected computers by city The top six cities for bot-infected computers in the APJ region were located in China Guess which city is at the 7th spot?? 5 CONFIDENCE IN A CONNECTED WORLD APJ - ISTR XII Top ten malicious code samples Gampass targets online gamers. Clear evidence of identity theft. The total annual wealth created within virtual worlds has been placed at approximately 10 billion USD. Largest online community is estimated at 8 million users. 6 CONFIDENCE IN A CONNECTED WORLD APJ - ISTR XII Threats to confidential information Some malicious code programs are designed specifically to expose confidential information that is stored on an infected computer. Existence of underground market that trades confidential information such as credit card information, user accounts etc. Commercial exploit frameworks available to assist hackers. 7 CONFIDENCE IN A CONNECTED WORLD Online Interactions Changing and Increasing GAMES MUSIC CALENDAR FILE SHARING INSTANT MESSAGING 2ND GENERATION CHAT BLOGS Online Centric PC Centric LATE 1990’s EARLY FINANCES 2000’s CURRENT SOCIAL NETWORKS PICTURES VOIP 8 COLLABORATION CONFIDENCE IN A CONNECTED WORLD Threats Will Continue to Evolve Financial / Criminal Motivation Phishing Spyware Crimeware Spam Bots & Botnets Curiosity / Technical Interest 1985 Worms Vulnerabilities Viruses 1995 Mainstream Timing 9 Zero Day Exploits & Threats 2005 CONFIDENCE IN A CONNECTED WORLD Our Vision Symantec gives you the freedom to work and play in the connected world— on your own terms 10 CONFIDENCE IN A CONNECTED WORLD Symantec : Managing IT Risk Availability Compliance Keep The Systems Up Ensure Rapid Recovery Ensure Adequate Controls Automate Evidence Collection IT Policy & External Regulation Internal & External Malicious Threats Keep Bad Things Out Keep Important Things In Security 11 Information IT Infrastructure Natural Disasters & System Failures Application Response Times Optimize Resources Ensure Correct Configuration Performance CONFIDENCE IN A CONNECTED WORLD Pervasiveness of Connectivity Evolving Technology Landscape • Reputation • Social Interactions • Collaborations • User Community Development • E-Commerce • Innovation & Knowledge Sharing • Videos • Photos • Voice and Sound Files • Documents & Email • Databases • Mobile, Tracking Devices • PCs • Servers • Storage Devices • Data Center INFRASTRUCTURE INFORMATION Technology Adoption Evolution 12 INTERACTIONS CONFIDENCE IN A CONNECTED WORLD Trusted Environment Maximizes Business Value New Challenges Require A Trusted Environment To Protect Assets And Create Business Value Pervasiveness of Connectivity • Reputation • Social Interactions Protecting the Interactions • Collaborations • User community development • E-Commerce • Innovation & Knowledge Sharing • Videos • Photos • Voice and sound files • Documents & Email • Mobile devices • PCs • Servers • Storage devices • Data Center INFRASTRUCTURE Protecting the Information Protecting the Infrastructure INFORMATION Technology Adoption Evolution 13 INTERACTIONS CONFIDENCE IN A CONNECTED WORLD Security 1.0 – Protecting The Systems CrimeWare SpyWare Viruses Worms System Devices Loose Privileges Buffer Overflows Back Doors 1010101 1010101 1010101 Cell Phone 14 Laptop Desktop File Server Application Server Messaging Server Database Server CONFIDENCE IN A CONNECTED WORLD Security 2.0 – Protecting The Information Information Security Security Foundation Cell Phone 15 Laptop Desktop File Server Application Server Messaging Server Database Server CONFIDENCE IN A CONNECTED WORLD Security 2.0 – Building On The Vision 16 Infrastructure focus Information focus Vulnerability exploits People-based exploits Point solutions – silos, complex Operationalizing security (central view, simple) Inhibitor – locks down systems Enabler – balances risks CONFIDENCE IN A CONNECTED WORLD Control access from the endpoint The Symantec Security 2.0 Landscape Internal endpoints External endpoints End point Management Messaging Security, Filtering and access control Control Compliance Information & Events Manageme nt Prevent the leakage of data Endpoint Access Control & Data Leakage Protection Compliance Solution Employees, Visitors & Partners Database security Corporate data bases OnOn-Demand Policy Manager Endpoint Management Endpoint Access Control & Data Leakage Protection Archiving Solution 17 Inside Employees Applications CONFIDENCE IN A CONNECTED WORLD Compliance and Security Management Customer Challenges Define Control Determine risk and develop appropriate policies Monitor compliance and remediate problems WRITTEN POLICY PROCEDURAL CONTROLS 18 TECHNICAL CONTROLS Govern Demonstrate due care and optimize controls CONFIDENCE IN A CONNECTED WORLD Compliance and Security Management Define REGULATIONS FRAMEWORKS Control STANDARDS CORPORATE POLICIES Govern IT CONTROL CHECKS MEASURE REPORT SOX HIPAA JSOX ASCI GLBA 33 FISMA Base I Basel ll Internal policies Operating Systems COBIT OSA PCI-DSS - Databases ISO17799 NIST CIS Applications Privacy COSOAct Spam NISTAct BS NIST 7799 NSA Determine risk and develop appropriate policies 19 RECORD Directories People Monitor compliance and remediate problems Demonstrate due care and optimize controls CONFIDENCE IN A CONNECTED WORLD Information is an Asset Protect employee, customer & patient data Demonstrate regulatory compliance Social security HIPAA, GLBA Corporate IP Credit cards PCI Sensitive information Account information Regional data privacy regulations Source code 20 Prevent loss of intellectual property CONFIDENCE IN A CONNECTED WORLD Direct and Indirect Costs of a Publicly Reported Data Breach Remediation costs can run $100 -300 per lost customer record Customer notification Offer of credit monitoring IT remedial Action Audit fees Significant indirect costs Loss of brand, customer trust and reputation Lawsuits, drop in share price, Chapter 11 Expected customer and revenue losses Loss of Information is Costly 14% 12% 10% 8% 6% 4% 2% 0 100 1,000 10,000 100,000 Number of employees *July 2007, IT Policy Compliance Group 21 CONFIDENCE IN A CONNECTED WORLD Today’s News Headlines 22 CONFIDENCE IN A CONNECTED WORLD Information Risk Management Customer Challenges 1 2 3 4 5 Keep Costs Down 23 Keep Bad Things Out Keep Important Things In Keep Things As Find Things And Long As Needed Mine Them CONFIDENCE IN A CONNECTED WORLD Corporate Information Structured Information In Databases Unstructured Information In Email & File Servers Source Code, Employee & Customer Records etc. File Server 24 Messaging Server Database Server CONFIDENCE IN A CONNECTED WORLD Information Risk In Database Systems In 2005 There Were 130 Reported Data Breaches 57,000,000 Records Were Affected File Server 25 Messaging Server Database Server CONFIDENCE IN A CONNECTED WORLD Database Security Keep An Audit Trail Of All SQL Activity SELECT Credit_Card, FROM Customers Audit SQL Audit Trail Policies File Server Messaging Server 26 Database Server CONFIDENCE IN A CONNECTED WORLD Database Security Detect Potential Threats From Insiders & Outsiders SELECT Credit_Card, FROM Customers 27 Fraud Detection Fraud Policies SQL Audit Trail Audit Policies Database Server CONFIDENCE IN A CONNECTED WORLD Database Security Detect Leakage Of Confidential Information SELECT Credit_Card, FROM Customers Data Leakage Fraud Detection Extrusion Policies Fraud Policies Audit SQL Audit Trail Policies File Server Messaging Server 28 Database Server CONFIDENCE IN A CONNECTED WORLD Database Security In Action Exchange and OCS Servers Messaging Security and Web Filtering Data in Motion Corporate data bases External user gets anomalous access to data base Watches transactions, dynamically learns & updates patterns of use Legal Archiving Solution Database Security Employee IT Internal user accesses “protected data” 29 Policies are created to monitor protected data transactions IT alerted with for investigation intruder address information Database Security detects and logs all databases on network CONFIDENCE IN A CONNECTED WORLD Information Risk In Messaging Systems Email – A Mission Critical Application 75% Of All Intellectual Property Is Contained In Email 75% Of All Litigation Involves Some Kind Of Email Discovery File Server 30 Messaging Server Database Server CONFIDENCE IN A CONNECTED WORLD Mail Security – Keep Bad Things Out Spam made up 61% of all monitored email across the Internet during this period In APJ 70% of all monitored email traffic was spam 84% of all email originating in Malaysia was spam 31 CONFIDENCE IN A CONNECTED WORLD Top Ten Attacks Targetting Government Sector 32 CONFIDENCE IN A CONNECTED WORLD Mail Security – Keep Important Things In Credit Cards, Patient Records, Employee Information Scan Within Email Message Body Or Attachments Malicious Code File Server Anti-Virus Fraud Prevention Spam Traffic Shaping & Spam Filtering Phishing Messaging Server I recently left Acme, and believe your engineering team have stolen your #1 competitors intellectual property. You might want to let your lawyers see this I recently left Acme, and believe your engineering Bob team have stolen your #1 competitors intellectual property. You might want to let your lawyers see this Database Server Bob 33 CONFIDENCE IN A CONNECTED WORLD Messaging Security In Action 4. Administrator verifies policy Exchange and OCS Servers Messaging Security and Web Filtering 2. Email is filtered and held by Messaging Security Legal Archiving Solution Employee IT 1. Email containing sensitive information is sent 34 3. Administrator is notified regarding Policy Violation CONFIDENCE IN A CONNECTED WORLD Messaging Security In Action Exchange and OCS Servers Messaging Security and Web Filtering 6. Legal department is notified and research information is forwarded 5. Administrator analyzes details of email policy violation Legal Archiving Solution Employee IT 8. Related violations are discovered and content is locked in the archive 35 7. Administrator checks for related IM and web policy violations. CONFIDENCE IN A CONNECTED WORLD Information Risk In User Files 1 In 50 Files Contain Confidential Information 1 In 400 Messages Contain Confidential Information Alert HTTP FTP FTP >> File Server Messaging Server FTP Database Server Audit Trail 36 CONFIDENCE IN A CONNECTED WORLD Symantec Endpoint Protection: Next Generation Symantec AntiVirus Network Access Control Results: Device Control Increased Protection, Control & Manageability Intrusion Prevention Firewall Reduced Cost, Complexity & Risk Exposure Antispyware AntiVirus Symantec Endpoint Protection 11.0 Symantec Network Access Control 11.0 Single Agent, Single Console 37 37 CONFIDENCE IN A CONNECTED WORLD Redefining Antivirus Protection Symantec Endpoint Protection v11.0 Network Access Control Device Control Intrusion Prevention System Firewall Single Agent Antispyware Antivirus 38 Competitive Products B C A ●* ◔ ○ ○ ● ● ● ● ● ○ ◔ ◔ ● ● ○ ○ ◔ ● ● ○ ○ ◒ ● ● 38 CONFIDENCE IN A CONNECTED WORLD Single Agent, Small Footprint 39 A 75 MB ○ ◒ ○ ○ ○ ◔ ● ● B ○ ○ ○ ○ ○ ◔ ● ● C ○ ○ ○ ○ ○ ◒ ● ● Maximizes System Resources SNAC-ready Easy to deploy 25 MB 21 MB Single Agent ● ● ● ● ● ● ● ● Competitive Products 50 MB Symantec Endpoint Protection v11.0 39 CONFIDENCE IN A CONNECTED WORLD Proactive Threat Scan Detects ~1,000 threats/month not detected by top 5 leading antivirus engines • 6 months testing with Norton consumer technology • Very low false positive rate (0.004%) • Only 40 FP for every 1M computers • No set up or configuration required 40 40 CONFIDENCE IN A CONNECTED WORLD Device Control • Restrict Access to devices (USB keys, CD-RW drives, etc.) • Prevents data Loss (slurping), social engineering • Security Policies for user groups 41 Endpoint Security 41 CONFIDENCE IN A CONNECTED WORLD Network Access Control Ready • Agent is included in Symantec Endpoint Protection, no extra agent deployment • Simply license SNAC when ready • More enforcement options and flexibility 42 Endpoint Security 42 CONFIDENCE IN A CONNECTED WORLD Symantec Endpoint Protection Controlling leakage at the source 1. Location Based Policy uploaded to Client Symantec Endpoint Protection Manager R Symantec Security Information Manager 3. Client reports policy activity upon reconnection to Corporate Network 43 2. Remote Location Policy prevents USB access CONFIDENCE IN A CONNECTED WORLD Symantec Network Access Control 1. Administrator creates Symantec On-Demand Agent Symantec On-Demand Policy Manager 3. Visitor connects to network SNAC Gateway Server Remediation Visitor 4. Symantec On-Demand Agent downloads On Demand Server 2. Administrator uploads On-Demand Agent 44 Partner CONFIDENCE IN A CONNECTED WORLD Symantec Network Access Control Symantec On-Demand Policy Manager Ant iVir Firew us & A nti a Patch ll & IPS Spy w a PDac e s &S evks erv Co ice & ic ntr o l Softw e ar e re 5. Symantec On-Demand Agent verifies host integrity SNAC Gateway Server 6. Malicious Code Protection scans for Key Loggers & Screen Scrapers Remediation Visitor On Demand Server Partner 45 CONFIDENCE IN A CONNECTED WORLD Symantec Network Access Control 7. On-Demand launches the Virtual Desktop 8. Visitor securely interacts with corporate data Symantec On-Demand Policy Manager 9. When Virtual Desktop is closed all data is erased SNAC Gateway Server Remediation Visitor On Demand Server 46 Partner CONFIDENCE IN A CONNECTED WORLD Things To Remember Security 1.0 Was About Protecting Systems Security 2.0 Is About Protecting Information Real Time Filtering Of Database, Email & Web Information Analysis Of Historical Data Through Archiving ISTR Vol XII http://www.symantec.com/enterprise/theme.jsp?themeid=thr eatreport 47 Ezad Ezanee [email protected] +60122889887