virtual security - Security Leaders

CYBERSECURITY STRATEGIES
What any company or enterprise must have in mind regarding cybersecurity.
SOME
NUMBERS
SECURITY INCIDENTS GROWTH
42.8
45
40
35
28.9
Million
30
22.7
25
24.9
20
15
9.4
10
3.4
5
0
Security Incidents
Million incidents per year
2009
2
2010
2011
2012
2013
2014
117,339 incoming
attacks per day everyday
MAKE SURE YOU ARE
NOT AN EASY TARGET
4 /5 75% 30%
cyber attacks rely on
bugs in outdated
software
3
of attacks are
opportunity
based
of computers are
already infected
WE ANALYZE &
PROCESS EVERY DAY
450 000
MALWARE
SAMPLES
4
35 000
ANDROID MALWARE
SAMPLES
6 BILLION
ONLINE REPUTATION
QUERIES
IF YOUR BUSINESS IS AT
STAKE, WE TAKE RISK
OUT OF THE EQUATION.
5
64%
more reported security
incidents in 2014*
700 000 €
1 100 000 €
Potential fine for being non-compliant with
Singapore Personal Data Protection Act
average financial loss for mid sized businesses
due to security incidents in 2014*
* PWC Global State of Information Security ® Survey 2015 – calculation for companies with 100 million $ - 1 billion $ yearly revenue
Based on “reported” incidents. Dark figures to be expected much higher.
CYBER SECURITY IS A PROCESS
Understand your risk,
know your attack surface,
PREDICT
PREVENT
uncover weak spots
React to breaches,
mitigate the damage,
analyze and learn
6
Minimize attack surface,
prevent incidents
Recognize incidents and
RESPOND
DETECT
threats, isolate and
contain them
OUR CYBER SECURITY OFFERING
VULNERABILITY & PATCH
MANAGEMENT
Riddler
 Threat level assessment
 Attack surface mapping
Radar
 Vulnerability scanning
 Vulnerability management
Software Updater
 Automatic patch management
SERVICES
ENDPOINT & NETWORK
SECURITY SUITES
ATTACK SURFACE ASSESSMENT
 Professional services
 Consulting & coaching
 For all areas of the security strategy
ADVANCED THREAT PROTECTION
Incident detection & response service
platform
 Security monitoring & alerting
 Incident response
7
PREDICT
RESPOND
PREVENT
DETECT
Protection Service for Business
 Device & server security
 Mobile security
 Central management
 As a service
Business Suite
 Device & server security
 Virtual Security
 Central management
 On-site
SECURITY WALLPAPER
#1 Get rid of
#2 Back-up and
#3 Protect the
#4 Assume that
#13 Educate, train,
Windows XP ASAP
Synchronize
mobile devices as
mobile devices will
get feedback
well
get lost
#5 Consider a VPN
#6 Up-to-date,
#7Patch Now and
#8 Ensure your
for you mobile
state-of-the art Sec
patch correctly
Virtual Environment
workers
Solution
#9 Control web
#10 Secure critical
#11 Block applets
#12 Protect your
acccess and content
transactions with an
from unknow
e-mail
extra layer
sources
8
is safe
#1 – GET RID OF
WINDOWS XP
#1 Get rid of
Support for Windows XP is already
finished. Basically any hacker knows
that patches won’t be released for
this O.S. Operating systems
launched after Windows XP were
designed with security as a priority,
so are a far better option
Windows XP ASAP
*Source: https://business.f-secure.com/one-year-of-windows-xp-eol/
9
#2 – BACK UP AND
SYNCHRONIZE
Ransomware malware is getting more and
more common; and once you get infected
there’s no sure way to break the
encryption. So, have a safe, offline backup
to ensure you can restore your operation.
#2 Back-up and
Synchronize
*Source: https://business.f-secure.com/3-key-learnings-ransomware-hits-a-concretemanufacturer/
10
#3, #4 and #5:
MOBILE DEVICES
F-Secure did two actions last year to raise
awareness about BYOD safety.
By placing a ‘free Wi-Fi’ hotspot on a
London financial center we could make
250 people log at it; we collected 30MB of
data in less than 30 minutes, including
POP3 e-mails, complete with sender e-mail
addresses and even passwords. Without
encryption there is no security
*Source: https://www.theguardian.com/technology/2014/sep/29/londoners-wi-fi-security-herod-clause/
11
#3 Protect the
#4 Assume
mobile
devicesthat
as
mobile
devices will
#5 Consider
a VPN
well
get lost
for you mobile
workers
The second one was with UK Parliament. We repeat
the experiment to test how politicians would protect
their privacy. The results when they logged to our
‘free wi-fi’?
 It was possible to hijack a social media account for
the first one
 As the second one was making a VoIP call we could
record his conversation. Easily.
 The third one we just got his e-mail and password.
Than it was possible to log as him in other web
services as well.
*Source: https://business.f-secure.com/the-great-politician-hack/
12
MORE DATA
 Only 36 percent of the researched
companies have a mobile device
management solution
 Only 37 percent provided mobile
security for phones and tablets
 Only 50 percent used VPNs
 Only 1 in 4 can remote wipe a lost or
robbed device.
And this got a lot worse for SMBs
13
*Source:https://business.f-secure.com/do-businesses-have-a-recipe-for-byod-security/
SO, WHAT TO
KEEP IN MIND ON
BYOD AND ONTHE-GO
WORKING?
14
FREEDOME FOR
BUSINESS
EXTENDING THE PSB SECURITY PLATFORM
TO MOBILE FLEETS
FOR ANDROID
AND IOS DEVICES
FREEDOME
VPN AND WIFI
PROTECTION
APP AND WEB
PROTECTION
MOBILE FLEET
MANAGEMENT
CONNECTION
PROTECTION
APPLICATION
PROTECTION
BROWSING
PROTECTION
MANAGED
ANTI-THEFT
SECURITY
MONITORING
PASSWORD
ENFORCEMENT
FLEET & DEVICE
INFO
TRACKING
PROTECTION
VIRTUAL
LOCATION
#6 – CHOOSE THE CORRECT
SECURITY SOLUTION
You need to guarantee a reliable, up-todate security solution that handles known
malware and zero-day threats as well. The
difference between a pure ‘antivirus’ and a
security solution is the difference between
99 and 99,9% filtering: that’s 43K
#6 Up-to-date,
malware!
state-of-the art Sec
Solution
*Source: https://business.f-secure.com/3-key-learnings-ransomware-hits-a-concretemanufacturer/
17
“AV IS DEAD?” – SO
CHOOSE A SECURITY
SOLUTION, NOT AN AV
Choose a solution that has:
18
1. URL/Web access filtering
2. HTTP, et cetera protocol scanning
3. Exploit detection.
4. Network ("cloud") reputation queries
5. Sandboxing and file based heuristics
6. Traditional file scanning (“The dead AV” –
still useful!)
7. Memory scanning
8. Runtime heuristics and memory scanning
#7
SOFTWARE UPDATER
FIREWALL
IDS/IPS
PORT
APPLICATION
BROWSING PROTECTION
CONNECTION CONTROL
#10
WEB CONTENT CONTROL
#9
WEB TRAFFIC SCANNING
MALWARE SCANNING
SIGNATURE
DEFINITIONS
ADVANCED PROTECTION
OBJECT REPUTATION
CHECKS (ORSP)
Proactive Protection - DEEPGUARD
19
#10
Key in reaching 100% detection
rate over 24 subsequent months
Unmatched protection against
advanced 0-Day threats
DEEPGUARD
.
Sophisticated technology, with heuristic,
behavior and reputation analysis
Global protection against emerging
threats in 60 secs from initial detection
Immediate coverage drastically reduces
the window of exposure to new malware
REAL-TIME
PROTECTION
Greatly reduces the lifetime & efficiency
of otherwise dangerous malware
Take something into account: Do you have
a dedicated IT person to handle the
security policies? If you do, consider an on
premise solution. If not, it is better to
choose a cloud-based solution with a
Security-as-a-Service model.
*Source: https://business.f-secure.com/3-key-learnings-ransomware-hits-a-concretemanufacturer/
22
OPTION 1 – CLOUD-BASED
PROTECTION SERVICEFOR
BUSINESS
Secure your Business.
Wherever it takes you.
WINDOWS | MAC | ANDROID | IOS | SERVERS
OPTION 2
BUSINESS
SUITE
PREMIUM
ONSITE
SOLUTION
WITH FULL
CONTROL
WORKSTATIONS
Client Security
Premium
VIRTUAL SECURITY
Scanning and Reputation
Server
WINDOWS SERVERS
Server Security
Premium
POLICY MANAGER
CITRIX AND TERMINAL
SERVERS
Server Security
Premium
SHAREPOINT
Email and Server
Security Premium
EXCHANGE
Email and Server
Security Premium
LINUX
Linux
Security
25
WEB TRAFFIC
Internet Gatekeeper
EMC STORAGE
Email and Server
Security Premium
#7 OUT-OF-DATE SOFTWARE
IS A SIGNIFICANT SECURITY
RISK
83%
83% of TOP10 malware
could have been avoided
with up-to-date software
26
AND YET
#7 Patch Now and
patch correctly
87%
87% of corporate computers
miss critical updates
IS WINDOWS BASED PATCH
MANAGEMENT ENOUGH?
Are in operating
system
12%
3% Miscellaneous
85%
Are in 3rd party
software
27
Source; https://business.f-secure.com/what-is-patchmanagement/
#8 ENSURE YOUR VIRTUAL
ENVIRONMENT (REALLY)
IS SAFE
#8 Ensure your
Virtual Environment
is safe28
A UK study shows that 85% of enterprises risk the
protection level in virtual environments by trusting the
same AV solutions as they do in their physical
environments. A Gartner study shows that 60% of
virtual environments are more open to security
risks
A virtual security solution can, however, be as secure
as the traditional solutions when the security agent is a
part of the solution. When optimized in the right way,
the performance level does not suffer but your
environment will still retain the best possible
protection level
*Source: https://business.f-secure.com/securing-your-business-is-not-just-aboutendpoints/
SECURITY FOR VIRTUAL AND
CLOUD ENVIRONMENTS
Policy
Manager
F-Secure
Applications
Server Security
S.O.
Virtual
Machine
Virtual
Machine
Virtual
Machine
Virtual
Machine
Aplicações
Aplicações
Aplicações
Aplicações
Client Security
Client Security Premium
Server Security
Server Security
Email and Server Security
S.O.
S.O.
S.O.
S.O.
Virtualization Platform
SECURITY FOR VIRTUAL AND
CLOUD ENVIRONMENTS (OPTIMIZED)
Policy
Manager
Appliance
Virtual
Aplicações
Server Security
Scanning and
Reputation Server
S.O.
S.O.
cache
Virtual
Machine
Aplicações
Virtual
Machine
Aplicações
Virtual
Machine
Aplicações
Virtual
Machine
Aplicações
Client Security
Offload Scanning Agent
Client Security Premium
Offload Scanning Agent
Server
Security
Server
Security
Offload Scanning Agent
Email and Server Security
Offload Scanning Agent
S.O.
S.O.
S.O.
S.O.
Virtualization Platform
F-Secure
#9 CONTROL WEB ACCESS AND
CONTENT
#9 Control web
acccess and content
You should guarantee that employees cannot access the
harmful sites in the first place as 90% of normal attacks
come through the web.
Source: https://business.f-secure.com/improved-security-is-a-business-opportunity/
31
IMPROVED
PRODUCTIVITY THROUGH
CONTROLLED ACCESS
A 20% INCREASE
COMPARED TO
LAST YEAR
69%
2013 of all respondents said they waste at
least some time at work on a daily basis.
32
89%
The number of people in this year’s
survey who reported wasting time at
work every day is up to a whopping 89%
Source: http://www.salary.com/2014-wasting-time-at-work/
4%
OF PEOPLE SURVEYED WASTE AT LEAST
HALF THE AVERAGE WORKDAY ON
NON WORK-RELATED TASKS.
WHERE’S THE WASTE?
89%
31% waste roughly 30 minutes daily
31% waste roughly 1 hour daily
16% waste roughly 2 hours daily
24% GOOGLE
33
Source: http://www.salary.com/2014-wasting-time-at-work/
15%
6% waste roughly 3 hours daily
2% waste roughly 4 hours daily
2% waste 5 or more hours
FACEBOOK
14%
LINKEDIN
#10 SECURE CRITICAL
TRANSACTIONS WITH AN EXTRA
PROTECTION LAYER
Secure connections matters as there is
financial loss when online banking credentials
and money from the bank account is stolen. Also
and maybe even wors, business secrets can be
stolen if cloud-based CRM credentials are stolen
#10 Secure critical
transactions with an
extra layer
34
CONNECTION CONTROL – STOP
THE ATTACKS BEFORE THEY ENTER
Banks have secured the connection from browser
to the bank and the online banking servers
The weakest links:
The online bank users and their browsers
Phishing
35
Trojans
#11 Block applets
from unknown
sources
#11 – BLOCK APPLETS
FROM UNKNOWN
SOURCES
Exploit kits are sets of tools that criminals use
to create crimeware campaigns, and largely
attempt to infect computers with malware
that exploits vulnerabilities in software.
Exploit kits have historically been proficient
at exploiting vulnerabilities in Java and older
versions of Microsoft Windows, but exploits
targeting Flash have become more
prominent in 2015.
Source: https://www.f-secure.com/documents/996508/1030743/Threat_Report_H2_2014
https://www.f-secure.com/weblog/archives/00002785.html
36
STOP MOST OF THE
WEB ATTACKS
Block 100% of Java applets and Windows malware
that come from unknown sources you do not trust.
Technologies
targeted by
exploit kits
in 2014-2015
33%
28%
10%
FLASH
JAVA
WINDOWS
Source: hxxp:// contagiodata.blogspot.fi/2014/12/exploit-kits-2014.html
37
© F-Secure Confidential
5%
SILVERLIGHT
#12 – PROTECT YOUR
E-MAIL –WHATEVER
IT IS
#12 Protect your email – whatever it is!
38
The most common ways for malware to manifest are still trough
browsing and e-mail. More and more we see macro-based and
spear-phishing e-mail attacks, so it is a general good idea to
simply avoid receiving such e-mails.
Protection begins first and foremost with strong email security,
as most of the attachments, files and links are delivered through
email. All standard best practices apply, but pay more attention
to capabilities such as attachment stripping and scanning, in
addition to link reputation checks and security.
It doesn’t matter if you have your e-mail in house or on-thecloud: Either protect your mail server or choose a gateway to
avoid spam and phishing messages.
Source: https://business.f-secure.com/3-key-learnings-from-a-cyberattack/
https://business.f-secure.com/macro-based-malware-is-back-in-business-6-tipis-how-to-keep-them-out/
CHOOSE YOUR OWN WAY TO GET
EMAIL PROTECTION
EMAIL ENCRYPTION
39
SPAM DETECTION
VIRUS PROTECTION
PROTECTION SERVICE
FOR EMAIL
MESSAGING SECURITY
GATEWAY
Cloud service, hosted by F-Secure
On site, self managed, appliance or VMware
#13 – EDUCATE, TRAIN, GET
FEEDBACK
Malware can easily breach all your barriers if the
employees do not adhere to basic security
practices, or do not know what to do. For example,
developers posting questions online about a
technical problem they have give valuable
information about the company and the systems
used.
Training also needs to be continuous, as the ways to
lure employees to risky behavior keep on
developing, and employees might not stick to the
#13 Educate, train,
guidance.
*Source: http://www.scmagazine.com/blue-coat-system-conducts-securitysurvey/article/415611/
40
get feedback