1 / 35

IT Security Upside in a Down Market

IT Security Upside in a Down Market. Darin Andersen COO ESET, LLC . About ESET. Global security company Sales in over 150 countries North American Headquarters San Diego INC 500 2008 and 2007 winner Flagship Product: ESET NOD32 Antivirus Over 70 million copies in use

edythe
Download Presentation

IT Security Upside in a Down Market

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT Security Upside in a Down Market Darin Andersen COO ESET, LLC

  2. About ESET • Global security company • Sales in over 150 countries • North American Headquarters San Diego • INC 500 2008 and 2007 winner • Flagship Product: ESET NOD32 Antivirus • Over 70 million copies in use • “Track record” in the Enterprise

  3. ESET Around the World ESET Headquarters ESET Offices ESET Partners

  4. ESET Revenue Growth

  5. Endpoint Security Solutions ESET NOD32 Antivirus 4: Business Edition • Protection for every endpoint in your business from viruses, spyware, malware, and all Internet-born threats. • ESET NOD32 Antivirus 4 Business Edition includes Remote Administrator, LAN update “mirror” and can be installed on servers. • ESET Smart Security is excellent for laptop computers and includes anti-spam and personal firewall. • New features in version 4: Enhanced Remote Administrator, Smarter Scanner, Removable Media Security, Host-based Intrusion Prevention System (HIPS)

  6. ESET – Securing the Enterprise

  7. Proactive Protection “NOD32 has the most proactive malware detection capabilities of all the products tested over the last 12 months.” – Andreas Clementi, Project Manager AV-Comparatives.org

  8. Missed In-the-Wild Viruses in Virus Bulletin Tests * May 1998 – April 2009 (fewer is better)

  9. Are your customers safe….really? By the time you read this, 70 new types of malwarewillbe produced. • ESET receives 100,000 new malware samples per day • Over 1.5 million new malware samples in 2008 • Zero-day attacks are increasing rapidly • Cybercriminals are growing more sophisticated and financially motivated • Traditional security solutions are not keeping up • ESET’s proactive approach

  10. eCrime Trends • 41% of organizations have seen increase in cybercrime • Only 1% have seen decrease “We have already had an attack where the infection was dormant, remaining undetected, for 10 months. How many more of these are already on our computers?” Source: eCrime Survey 2009 in partnership with KPMG “…new scam targets has pushed the total of phishing e-mails from a maximum of around 400,000 a day in August to nearly 800,000 a day in November [2008].” Forbes.com, Economic Bust, Cybercrime Boom, Andy Greenberg, Nov. 19, 2008

  11. Finding: The Recession • 66% of respondents agree that out-of-work IT professionals during the recession will lead to more people with technical skills joining the cybercriminal underground economy. Source: eCrime Survey 2009 in partnership with KPMG

  12. Overall Threat • 79% of respondents do not believe that security software based on signature detection offers a sufficient level of protection to Internet users. Source: eCrime Survey 2009 in partnership with KPMG

  13. The #1 Internal Threat • “ Theft of customer or employee data “ • “Knowledge of weak points in business/systems being deliberately exploited. What internal eCrime risks are of most concern in economic downturn? Source: eCrime Survey 2009 in partnership with KPMG

  14. Growth of Malware from 1985 – 2007 Source: AVTEST.org

  15. Industry Perspective “Computer security has become a more urgent issue in light of rampant online crime and mega-infections like the Conficker worm, which has ensnared up to 12 million personal computers and has helped spur security software sales.” Canadian Business Online - From The Associated Press, May 1, 2009 “Malware kits are supported by product guarantees and service level agreements.” It is real-business, support by organized crime. Emerging Cyber Threats Report for 2009 – Oct. 15, 2008

  16. SMB & Enterprise Spending Trends – Main Drivers • 1st – High-profile incidents in other organizations – 42% • 2nd – Regulatory Compliance – 41% • 3rd – Fear of a major incident resulting in negative media coverage for organization – 40% Source: eCrime Survey 2009 in partnership with KPMG

  17. Data Breaches • What is “Data Loss Prevention” (DLP)? • It’s about mitigating risk • Who is impacted by data breaches? • Everyone • Why do data breaches occur? • 75%-80% of data breaches are due to human error • Yankee Group report: “Anywhere Data is Powerful, Data Everywhere is Dangerous” – Phil Hochmuth Sr. Analyst

  18. Data Breach Consequences • Financially catastrophic for your customers • Loss of sales • Investigation and notification costs • Fines and litigation (approx: $90 - $305/record) • Pay for credit monitoring service ($40/record) • Interruption of operations • Last – but definitely not least: Brand erosion (reputation, customer trust)

  19. Data Breaches – Case Study: Hanaford Bros. • Chain of events: • Physical access and auditing • Malware installed on key servers • Data Interception • Middleware configuration • 4.2M customer records copied “in flight”

  20. Data Breach Consequences (cont’d) • Regulatory Compliance • HIPAA • Sarbanes Oxley (SARBOX) • Graham Leach Bliley (GLBA)

  21. Data Loss Prevention Architectures • Data at rest • Data in motion • Data on mobile and removable devices • Network-based • Host-based

  22. Cyber Risk – Guiding Your Customers • What is cyber risk? • The risks, liabilities and solutions associated with processes and interactions resulting from business activities conducted through computer networks.

  23. Cyber Risk (cont’d) • To determine how to lower the risk profile of a company at least three areas need to be evaluated: •  What is at risk (customer information, IP, etc)? • What the threat vectors are (e.g. employees, competition, malware)? • Consequences of failure (regulatory compliance issues, brand damage, consumer confidence)

  24. Managing Cyber Risk • Risk management plan requires senior management buy-in • Requires a collaborative approach (team-based) • Outline new and existing applications and operations • Assess security and privacy risk controls • Review business continuity plans • Policies.. a necessary evil! • Technology is what we use to enforce policy

  25. Mobile Threats • The growth of malware targeting a specific platform is dependent on a key factor: the market penetration of the specific platform. • Other factors: • The popularity of a platform to engage in commerce as well as its ability to be “always-connected“ • Availability of development tools • Well-documented APIs (knowledge of the "inner-workings" of the kernel, security mechanisms and network stack) • There will be approximately 4B (billion) mobile phones in use by EOY ‘08. This is a very tempting target for cybercriminals to leverage!

  26. Malware • The evolution of malware • More targeted – spear phishing • Increasingly complex – self-modifying, encrypted, etc. • Pre-installed • Sophisticated social engineering • Decrease in email-borne malware • Lower barrier to entry

  27. Malware (cont’d) • Examples • Spear phishing – Oak Ridge Nat’l Labs • Storm Worm • USB (autorun.inf) • Password stealing trojans

  28. Malware: Bottom Line • Gaming-related malware is prevalent and expensive to the victim (identities and assets stolen and re-sold) • Autorun is dangerous and can be embedded in off-the-shelf/retail devices! • PUAs and spyware are a plague and a curse • Heuristics and Behavior Analysis Rule!

  29. Mobile Threats (cont’d) • The value of an executive's mobile device: • 1,000-5,000 contacts • customer details • business partner's information • colleagues / friends' home numbers • 100-200+ appointments • customer leads • pending business activities • 200+ internal company emails with sensitive corporate data • pending partnerships, lawsuits, M&A data • pending business activities • sensitive data masquerading as calendar events / contacts • ATM, credit card, banking, brokerage info • poorly obscured ID's, PIN codes and passwords

  30. Best Practices - Businesses • Inventory your assets. • Know how many computers you have • How they connect to your network and Internet • Audit is essential • Know that all assets are protected • Protection is current and audited • Use business assets for business only • Clearly define policies for acceptable use of company resources • Hire a consultant to help secure your business • Make security education priority http://www.securingourecity.org

  31. Securing Our eCity – www.securingourcity.org

  32. Takeaways • Cyber security is everyone’s responsibility • DLP is more than just marketing – the numbers speak! • No business is immune to data breaches or cyber risk • Risk assessment goal – reducing the risk to an acceptable level • Technology controls require well-written policies • Patch management process • The prevalence of malware continues to steadily rise • Antivirus is a key component to a security strategy • While early, the mobile threat exists – it’s not if, but when

  33. Proactive Protection Precise Detection Support Services Fast Scanning Lightweight Footprint ESET in the Enterprise

  34. Partner with ESET is Good for your Customers • ESET offers proactive approach to security • ThreatSense (Advanced Heuristic) • Transparent Performance • Best of breed • Smallest footprint • Minimal CPU • Centralized Management • Manages 3-400,000 computers • Agile Security • Integrated approach • Secure methodology requires layers • Server level, desktop, laptop and mobile Partner  Protect Profit

  35. Than k youDarin Andersen, COOESET, LLCe: dandersen@eset.com m: 619-302-4013

More Related