know more about threats risks and regulations ken pappas ceo true north security l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security PowerPoint Presentation
Download Presentation
Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security

Loading in 2 Seconds...

play fullscreen
1 / 44

Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security - PowerPoint PPT Presentation


  • 276 Views
  • Uploaded on

Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security. Prepared for:. Founder and CEO of True North Security VP Marketing and Security Strategist at Top Layer Security Security Strategist at TippingPoint Director of Product Management at 3Com

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security' - bayle


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
know more about threats risks and regulations ken pappas ceo true north security

Know More About Threats, Risks and RegulationsKen PappasCEOTrue North Security

Prepared for:

ken pappas bio

Founder and CEO of True North Security

VP Marketing and Security Strategist at Top Layer Security

Security Strategist at TippingPoint

Director of Product Management at 3Com

Acquired TippingPoint “IPS technology”

General Manager Security Division Enterasys Networks

Acquired Security Wizards “Dragon IDS technology”

Acquired Indus River “Remote VPN technology”

Security Clearance, Department Of Homeland Security

Computer Forensics

CISM

InfraGard, Boston Chapter sponsored by the FBI and DHS

Appearance in Wall Street Journal, Fortune, etc.

BLOG> http://secsystems.wordpress.com

Twitter> TruNorthSec

Ken Pappas BIO

Professional Career

Personal

agenda

Today’s Reality

Future Threats & Challenges

About Sourcefire

About True North Security

Agenda
security highlights
Over 285 million records stolen in 2008 vs. 230 million between the years 2004 – 2007 with Education being the highest.

WHY?

Who do you think will be #1 in the next two years?

31% more bot-infected computers per day in 2008 vs 2007

90% of breaches from organized crime targeting corporate information

Cyber crime cost companies more than $650 million worldwide

Majority of breaches caused by insider negligence

Users blurring their social life, personal life and work life with regards to Internet Usage

Security Highlights
  • www.idtheftcenter.org
recent scams
Recent Scams
  • Haiti Relief email
  • IRS Form W2 Spoof contains malware
  • Mortgage Fraud
  • Pop up Anti-Virus Advertisement contains virus
  • H1N1 email alert contains malware
  • FDIC email stating bank merger or that your bank is a failed bank. Click here? Get a surprise
  • 2010 Census by email
    • SURPRISE the Census bureau does not use email
motivation
Motivation

Auto Coordinated

Cross site scripting

Attack Sophistication

“stealth” / advanced scanning techniques

High

Staged

packet spoofing

denial of service

distributed

attack tools

sniffers

sweepers

www attacks

automated probes/scans

GUI

back doors

network mgmt. diagnostics

disabling audits

hijacking

sessions

burglaries

Attack

Sophistication

exploiting known vulnerabilities

password cracking

self-replicating code

Intruder Knowledge

password guessing

Low

2000+

1980

1985

1990

1995

Source: Carnegie Mellon University

what s causing rise in cyber crime
What’s Causing Rise In Cyber Crime
  • Recession
  • Social Media Sites
  • Younger/Older generation using computers
  • Availability of Sophisticated tools
  • Trickery & Foolery
zero hour threats rising
“Zero Hour” Threats Rising
  • Increase in specialized threats
    • Toolkits used to create virus attacks, making specialization of participants a lucrative shadow economy.
  • Sophistication of high end threats is evolving rapidly
    • Targeted threats attack specific companies, persons and systems.
  • Blended threats becoming more common
    • Carefully targeted attack may go unnoticed for an undetermined amount of time.
industrial espionage targeted attacks
Industrial Espionage Targeted Attacks

60% of recipients were of a high or medium-level ranking

42%

of recipients of targeted attacks were sent to high ranking individuals

18%

of recipients were of medium-level seniority

5%

of recipients were of a lower-ranking security

19%

of targeted attacks were directed at general mailboxes such as “info@”

Individually Targeted Attacks

Blocked Per Day (Average)

Source: Symantec

Source: MessageLabs Intelligence

targeted trojans
Targeted Trojans

Targeted trojans are specialized pieces of malware written to extract high value information from known subjects.

Source:

http://www.nypost.com/p/news/business/

hackers_targeting_UquyMBhuVAyl6wAn413lGJ

targeted trojans13

2005

2006

2007

2009

2008

50

2

1

10

60

PER DAY AVG

PER DAY AVG

PER WEEK

PER DAY AVG

PER DAY AVG

Targeted Trojans

Recent

Peaks

Frequency:

357

PER DAY

Payload:

Source: Symantec

Source: MessageLabs Intelligence

website security trends
Website Security Trends

Unique domains hosting malware:

30,000

New sites with malware in 2009:

2,465/day

Source: Symantec

Source: MessageLabs Intelligence

multitude of threat vectors
Multitude of Threat Vectors
  • Social Media
    • Facebook, MySpace, Linkedin
  • Rogue 3rd Party Apps
  • Tiny URL’s
  • Translations
  • RogueWare
no industry is being left behind
Financial

Heartland

Retail

Hannaford's

Education

Harvard University

Oklahoma State University

Medical

Department of Veterans

Cedars-Sinai Medical Center

Government

North Korea Attacks American Networks

China hacking into NASA

Israel Attacking Iran

No Industry Is Being Left Behind

The cyber warfare HAS begun!

multitude of regulations
PCI (Payment Card Industry)

GLBA (Gramm-Leach Bliley Act)

HIPAA (Health Insurance Portability and Accountability Act)

FISMA (Federal Information Security Management Act)

HITECH

MA 201 CMR 17

NERC

Multitude of Regulations
perimeter protection is not enough
Communications between machines inside the corporate LAN and between choke-points are not filtered or protected by a perimeter firewall in front of each machine.

Servers in the DMZ, Kiosks, workstations used by temporary employees, and other “hot spots”

Mobile users are becoming the back door to the house

Telecommuters are becoming more popular, more risks being brought inside

Perimeter Protection Is Not Enough
historical firewall configuration
Historical Firewall Configuration

To: 115.13.73.1

From: 66.121.11.7

FTP-21

HTTP-80

Sub 7-6776

Quake-26000

SMTP-25

today s firewall configurations

HTTP-80

Today’s Firewall Configurations

FTP-21

BackOrifice-31337

SMTP-25

next inflection point
Next Inflection Point

CLOUD COMPUTING

IT resources and services that are abstracted from the underlying infrastructure and provided “On-Demand” and “At Scale” in a multi-tenant environment

clouds blow away
Clouds Blow Away
  • Where does your data go when the cloud blows away
  • When data is breached, who will be at fault?
    • Waiting for first court battle
  • Looks like, feels like SNA?
  • Make sure you have a solid SLA!
next generation threats
Next Generation Threats

Next Generation Threats Will Use Stealth Methods vs. Today’s Threats

  • User Error will be the way of malware
  • Information Leakage due to negligence and theft
  • Domestic and International Terrorist stealing company technology and secrets

New Methods Will Evolve to Adapt to User Behavior

  • Tempt-to-Click Email
  • Tempt-to-Click IM
  • False pop-ups

New Computing Environments and Applications will be targets

  • VoIP
  • Cloud Computing
  • SaaS (Software as a Service)
  • Social Media

Protection Will Require Education And Technology

what companies are thinking about
What Companies Are Thinking About

Securing

Virtualization

Virtualizing

Security

strategies to defeat threats

Anti-Virus Updates

Deploy an IPS Today!

IPS Filters Turned on and Updated

Encrypt Hard Drive Data

Operating System Security Updates

Educate Users

Institute Company Wide Security Policy

Implement Defense In Depth

IPS, Anti-Virus, Encryption, Multiple Passwords, Other

Strategies To Defeat Threats

There is no silver bullet

slide32
About Sourcefire

Stop Threats and Start Partying!

about sourcefire

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

..

.

.

About Sourcefire
  • Founded in 2001 by Snort Creator, Martin Roesch, CTO
  • Headquarters: Columbia, MD
  • Fastest-growing IPS vendor
  • Global Security Alliance partner network
  • NASDAQ: FIRE

Mission:

To deliver intelligent security infrastructure for the most efficient, effective risk management.

Best of Both Worlds

Open Source Community

+

Sourcefire Development

powered by snort
Powered by Snort

Most Widely Used IPS Engine Worldwide

  • 270,000 Users
  • 3.7 Million Downloads
  • 80% of Fortune 500
  • 40% of Global 2000
  • 100+ Snort Integrators
  • 9,000+ Snort Rules
  • World’s Largest Threat Response Community
problems with a traditional ips
Problems With a Traditional IPS

Traditional IPS

ClosedArchitecture

Architecture

Exploit-Based

Accuracy

None orLimited

Intelligence

ManualOperation

Operation

a new approach
A New Approach

Traditional IPS

Sourcefire IPS

ClosedArchitecture

Open Rules& IPS Engine

Architecture

Exploit-Based

Vulnerability-Based

Accuracy

None orLimited

Real-time,All-the-time

Intelligence

ManualOperation

Highly Automated

Operation

backed by sourcefire vulnerability research team vrt
Backed by Sourcefire Vulnerability Research Team VRT

Unrivalled Protection Against Advanced Persistent Threats

Private &PublicThreatFeeds

SnortCommunityInsight

Advanced Microsoft Disclosure

300 NewThreatsper Month

20,000MalwareSamplesper Day

VRT Research & Analysis

VRT LAB

1000s of

software

packages

>150 million

performance &

regression tests

100s of

hardware

platforms

Comprehensive Protection

best in class detection
Best-in-Class Detection
  • Based on Snort—de facto IPS standard
  • Vulnerability-based, zero-day protection
  • Open architecture
  • Flexible custom rules
  • Ranked #1 in detection by NSS Labs*

“When enterprises compare products, signature quality remains the most weighted and competitive factor on shortlists.”

Greg Young & John PescatoreMagic Quadrant for Network IPS April 2009

* “Network Intrusion Prevention Systems Comparative Test Results,” December 2009. Comparison using a tuned policy.

nss labs group ips test block rate comparison
NSS Labs Group IPS TestBlock Rate Comparison

Source: Graphic used with permission by NSS Labs. “Network Intrusion Prevention Systems Comparative Test Results,” December 2009.

sourcefire appliance product lines
Sourcefire Appliance Product Lines

VMware Virtual Appliances

Virtual Defense Center™

Virtual 3D Sensor™

Sourcefire Defense Center®

DC1000

3D9900 10 Gbps

DC3000

3D65004 Gbps

DC500

3D45002 Gbps

3D35001 Gbps

3D2500 500 Mbps

3D2100 250 Mbps

PERFORMANCE

3D2000 100 Mbps

Sourcefire 3D®

Sensor

3D100045 Mbps

3D5005 Mbps

why sourcefire
Why Sourcefire?
  • Powered by Snort
  • Driven by Intelligence
  • Best-in-Class Detection
  • Open Architecture
  • Highly Automated

Stop Doing Things the “Old” Way!Leverage the Only “Intelligent” IPS.

true north security
Vulnerability Audits

Create / Enhance Security Policies

Network & Data Protection Solutions

Security Awareness Training

PCI Compliance

Video Monitoring and Surveillance Solutions

True North Security
  • kenpappas@truenorthsecurity.com
    • 978.846.1175
summary
Summary
  • Cyber security attacks are common and costly
  • Attackers are sophisticated, well-financed and highly motivated
  • You have limited IT resources
  • Traditional security products can’t keep up

“Not knowing what’s on your network is going to continue to be the biggest problem for most security practitioners.”

Marcus RanumCSO Magazine

thank you ken pappas ceo true north security

Thank YouKen PappasCEOTrue North Security

  • kenpappas@truenorthsecurity.com

Prepared for: