1 / 45

Escalating Cyber Security Threat

Escalating Cyber Security Threat. Jack Sebbag Canadian VP & General Manager January 31st, 2005. The Escalating Threat. Security threats in global business have become a board room issue The consequences of network downtime caused by security issues have become financially significant.

dillan
Download Presentation

Escalating Cyber Security Threat

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Escalating Cyber Security Threat Jack Sebbag Canadian VP & General Manager January 31st, 2005

  2. The Escalating Threat • Security threats in global business have become a board room issue • The consequences of networkdowntime caused by security issues have become financially significant

  3. Major Business Case is Avoiding Downtime

  4. Todays Malware Count – 112195 (Jan 05) Source: McAfee’s VirusScan statistics

  5. Virus Outbreak Count – Medium and above Source: A.V.E.R.T

  6. The Good old days • New Virus infects a company • Sample sent to lab • New Driver written • Customer gets fix • All customer updated • Maybe virus spreads over next weeks/months

  7. Today • Virus infects globally within hours • Sample sent to lab (30min) • New Driver written (1hr) • Customer deploys update (hours/days) • Too late…

  8. The Speed Of Attacks Accelerates SQL Slammer: • Blended threat exploits known vulnerability • Global in 3 minutes • Enterprises scramble to restore business availability • Discovered 1/25/03

  9. Propagation Explosion Population Increase 7/17/01 9/18/01 12/04/01 1/25/03 8/11/03 Source: IDC 2002

  10. 18 15 12 9 6 3 0 Melissa Loveletter Kournikova Time needed to infect 10,000 devices (in Hrs) Code Red Nimda Goner Klez What’s Next Slammer LovSan 1998 1999 2000 2001 2002 2003 2004 2005 2006 2008 Market Drivers = Vulnerability Window Time needed to deploy counter measures (in hrs)

  11. Serious Business Impact • Bank of America • 14,000+ ATMs down for over a day • Ford Motor Company • Many manufacturing facilities off-line, workers sent home • Continental Airlines • Reservation system taken off-line • BMW • Assembly plants impacted • Air Canada • Call center and check-in systems infected, required manual check-in • Cisco • Major internal infection, partners blocking email from Cisco.com

  12. Intend to IncreaseSecurity Spending Expect Spending to Stay Flat 35.4% 59.6% 4.8% Intend to Decrease SecuritySpending The Response: Increased Security Spending Source: CIO Magazine

  13. Shorter Time WindowFrom Patch to First Attack Apr. 13, 2004 Patch MS00-078 April 30 2004 Sasser 17 Days Oct. 16, 2003 Patch MS03-026 Aug. 11 2003 MSBlaster 26 Days Jul. 24, 2002 Patch MS02-039 Jan. 25 2003 Slammer 185 Days Oct. 17, 2000 Patch MS00-078 Sept. 18 2001 Nimda 336 Days

  14. Wireless Enter The New Platform For Attack:

  15. Wireless Networks: The Unsecured Frontier • 930 million current users, 140 million in United States (IDC)estimates 1.2 billion smartphones by 2004 • Wireless devices in business use to grow from 12 million in 2004 to 39 million in 2006 • 70 percent of wireless networks are not secure - New York Times, 3/4/04

  16. Get Ready For 1.2 Billion Holes in the Global Business Network • Handheld devices • 15 million to ship in 2002 (ABN AMRO) • Total by 2004: 92 million (ABN AMRO) • Just becoming powerful enough to do damage • Smart Phones • Combination of mobile phone and PDA • Will hit North America, EMEA and APAC en masse • By 2004, 1.2B Smart Phones worldwide (IDC) • Proof of Concept • Japanese ISP infected, shuts down emergency phone systems

  17. Example of Mobile virus

  18. SPAM – threat or nuisance? • Dramatic rise in spam growth rates • Aberdeen group survey results • 40% to 50% of all incoming emails today is spam

  19. Why is SPAM growing • Cost • Efficiency • Access to large population via Internet

  20. The 5 Costs of Spam • Users time to read the email – productivity issues • Gartner: Spam messages cost US organizations $1 billion a year in lost productivity. • Bandwidth use • Data storage space • Standard Email continues to grow in size. • Legal and moral related issues • Already cases in US courts where employees suing their employers to keep them in clean safe working environment. • New delivery mechanism for trojans and viruses – we have already seen Backdoors distributed via spam

  21. Threats Ahead in 2005 and beyond • Phishing • Spyware • Distributed Denial of Service (DDOS) • Router worms • Spit storms

  22. Is it Fishing or Phishing?? • Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them. • Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It means your information is secure during transmission.

  23. Spyware • Spyware: Covertly gathers user information and activity without the user's knowledge. Spy software can record your keystrokes as you type them, passwords, credit card numbers, sensitive information, where you surf, chat logs, and can even take random screenshots of your activity. Basically whatever you do on the computer is completely viewable by the spy. You do not have to be connected to the Internet to be spied upon. • McAfee provides Spyware, Adware, Dialers, Jokes, Keyloggers, Password Stealers and other PUP detection capabilities in VirusScan 8.0i • McAfee is providing AntiSpyware Enterprise in March 2005 that will enhance this technology to provide removal and realtime on access scanning to prevent Spyware from targeting a system

  24. DDoS attacks – Money, Money Money Hi tech criminals now using Network for extortion. Online gambling company targeted by extortionists, threatening widescale DDoS attacks.

  25. Future Attack Technologies • Router worms • Spit storms

  26. Where to start with Security protection? Data Theft Viruses Spyware Worms PeerToPeer attacks Bad Stuff Adware External Hacker Internal Hacker Spam Exploits DoS User Phishing Identity Theft Mailers DDoS Vulnerabilities

  27. The Window Of Vulnerability • A combination of: • The SPEED of attack • The BLENDED attack mechanism • The EVOLVING network environment • Reducing the window of vulnerability • Proactively reduce the speed of attack • Proactively reduce the chance of attack success • Proactively reduce the exposure to attack

  28. Detecting the method - The attack life cycle Proof of concept code posted Attack written & starts Security issue discovered Security Fix Posted Signature Posted VENDOR CUSTOMER CUSTOMER Attack Vulnerability Security Vulnerability Time Pro-Active Re-Active 0 Security & virus issues Discovered

  29. The attack life cycle Security Behaviour Attack Behaviour Traditional AV update Proof of concept code posted Attack written & starts Security issue discovered Security Fix Posted Signature Posted VENDOR CUSTOMER CUSTOMER Attack Vulnerability Security Vulnerability Time Pro-Active Re-Active 0 Security & virus issues Discovered

  30. Comprehensive AV Strategy But… AV is no longer enough

  31. Management – McAfee ePO • One Console For Your Security Needs • A single, powerful easy to use interface for both the • AV products AND security products • Policy & Enforcement = Control • Like AV, you need to be sure you are secure • Powerful admin template feature for fast adoption • Effective Maintenance And Visibility • ePO’s reporting capabilities allow you to see, at a glance, who is at risk, and who is secure.

  32. Rogue Rogue Rogue Sensor Sensor Sensor Discovery - Rogue System Detection • Deploy one sensor per subnet • Sensors passively listen to network broadcasts (Layer2: ARP, RARP, DHCP) • Sensor notifies ePO server of new system operating on network • ePO server determines if this is a known or unknown system by comparing ePO’s database of managed systems. • ePO alerts or automatically deploys protection 3 New Rogue System Detected !! ePolicy Orchestrator

  33. McAfee® Anti-Spyware Enterprise Edition Module True corporate/business-grade Anti-Spyware technology for Windows-based PCs, that detect and remove potentially unwanted program software (PUPS) in real-time and tightly integrated with the next-generation anti-virus product for complete and transparent management of both products as a single agent. Announcement: November 15th, 2004 and General Availability: Q1 - 2005 Proactive Enhanced Coverage Lowers TCO • Real-time scanning • detects “Spyware” as it is being installed. • Memory Process Scanning • Traditional On-Demand scanning and removal. • Extensive database of Potentially Unwanted Programs (PUPS) • Registry scanning • Memory process scanning • Enterprise and SMB Management support • Automated update capability • Single Agent integrated with AV • Complete cleaning

  34. Vulnerability & Risk Management (Foundstone) • Security posture no longer an emotion but can now be a science • Identifies policies, assets, threats and risk • By understanding risk and vulnerabilities, begin to identify resources to secure infrastructure.

  35. Desktop Firewall • Traditionally used for remote users to protect against hackers • Required today on all devices as part of your anti-virus defence • Stop malicious code and attacks How? • Only allow your specified traffic on the network • Firewall prevents undefined applications from connecting • Bi-directional IDS stops malicious code spreading to other PCs

  36. Fighting Spam - SpamKiller • Rules Based - 750 processed rules that produce a weighted score based on view of header, body, structure, routing • Customizable threshold • Default 5 points • Heuristic Analysis • Engine is looking for email it doesn’t know is SPAM • Probability scoring based on view of view of header, body, checksum, etc. • Black List / White List • Personal • Global • Content filtering • Runs e1000 appliance

  37. Introducing Intrusion Prevention • Proactive security • Accurately detect and block attacks in real-time • Block attacks before they reach intended targets • Safety-net offering adequate time to patch end systems while managing exposure • Protection against both known & unknown attacks • Stay a step ahead of the attackers • Put management back into patch management • Complements today’s reactive security solutions • Firewall, anti-virus, IDS

  38. IntruShield: Next Generation IDS+IPS IDS researchers/developers have always envisioned the RESPONSE capability as an integral part of intrusion countermeasures Including packet logging & firewall configuration • Accurate detection and real-time prevention in one platform • Unprecedented Intrusion Intelligence • Comprehensive integrated protection • Advanced signature, anomaly, DoS detection • Scalability and deployment flexibility • Industry’s richest set of deployment modes: • In-line, Tap, SPAN, Port clustering, HA • Delivers Security Return on Investment (ROI)

  39. McAfee Entercept - Host Intrusion Prevention • Safeguards the entire server including operating system, critical resources and applications • Blocks damage from known and unknown (Day-Zero ) malicious attacks • Protects against both the external and internal intruder • Protects against worms and buffer overflow exploits • Eliminates exposure between deployment of patches • Uses signature and behavior analysis to identify and block attacks. • Minimizes false positives

  40. Network Based Intrusion Prevention Intruvert Host BasedIntrusion Prevention Entercept Desktop Server Core Edge End-Goal - Protection-in-Depth™ Best of Breed Intrusion Prevention to Reliably STOP Known & Unknown attacks on your Information Technology infrastructure

  41. Best Practices • Know your critical assets • Understand your threats • Know your protection needs • Address the cyber threat challenges systematically • Detection coverage – vulnerabilities & environment • Detection accuracy – false positives & false negatives • Layered defense with multiple methods • Complete protection with integrated responses, especially inline blocking • Well-defined policy • Real enforcement

  42. Best practices • Security can’t be treated as a phase. • Investment as % of overall IT spending is warranted competitive advantage. • It’s everybody’s problem… treat issue of security as an issue of insurance. • Practice “safe computing”.

  43. Q & A

More Related