Presentation on theme: "Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security Prepared for:"— Presentation transcript:
Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security Prepared for:
Professional Career Personal Ken Pappas BIO Founder and CEO of True North Security VP Marketing and Security Strategist at Top Layer Security Security Strategist at TippingPoint Director of Product Management at 3Com Acquired TippingPoint IPS technology General Manager Security Division Enterasys Networks Acquired Security Wizards Dragon IDS technology Acquired Indus River Remote VPN technology Security Clearance, Department Of Homeland Security Computer Forensics CISM InfraGard, Boston Chapter sponsored by the FBI and DHS Appearance in Wall Street Journal, Fortune, etc. BLOG> Twitter> TruNorthSec
Agenda Todays Reality Future Threats & Challenges About Sourcefire About True North Security
Security Highlights Over 285 million records stolen in 2008 vs. 230 million between the years 2004 – 2007 with Education being the highest. WHY? Who do you think will be #1 in the next two years? 31% more bot-infected computers per day in 2008 vs % of breaches from organized crime targeting corporate information Cyber crime cost companies more than $650 million worldwide Majority of breaches caused by insider negligence Users blurring their social life, personal life and work life with regards to Internet Usage
Haiti Relief IRS Form W2 Spoof contains malware Mortgage Fraud Pop up Anti-Virus Advertisement contains virus H1N1 alert contains malware FDIC stating bank merger or that your bank is a failed bank. Click here? Get a surprise 2010 Census by SURPRISE the Census bureau does not use Recent Scams
Intruder Knowledge High Low Attack Sophistication Attack Sophistication Cross site scripting password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sweepers sniffers packet spoofing GUI automated probes/scans denial of service www attacks stealth / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools Staged Auto Coordinated Source: Carnegie Mellon University Motivation
Recession Social Media Sites Younger/Older generation using computers Availability of Sophisticated tools Trickery & Foolery Whats Causing Rise In Cyber Crime
Increase in specialized threats Toolkits used to create virus attacks, making specialization of participants a lucrative shadow economy. Sophistication of high end threats is evolving rapidly Targeted threats attack specific companies, persons and systems. Blended threats becoming more common Carefully targeted attack may go unnoticed for an undetermined amount of time. Zero Hour Threats Rising
Harnessing The Power of Botnets Source: Symantec
Industrial Espionage Targeted Attacks Source: MessageLabs Intelligence 60% of recipients were of a high or medium-level ranking 42% of recipients of targeted attacks were sent to high ranking individuals 18% of recipients were of medium-level seniority 5% of recipients were of a lower-ranking security 19% of targeted attacks were directed at general mailboxes such as Individually Targeted Attacks Blocked Per Day (Average) Source: Symantec
Targeted Trojans Targeted trojans are specialized pieces of malware written to extract high value information from known subjects. Source: hackers_targeting_UquyMBhuVAyl6wAn413lGJ
Targeted Trojans Source: MessageLabs Intelligence PER WEEK PER DAY AVG PER DAY AVG PER DAY AVG PER DAY AVG 357 Recent Peaks PER DAY Frequency: Payload: Source: Symantec
Website Security Trends Source: MessageLabs Intelligence New sites with malware in 2009: 2,465/day Unique domains hosting malware: 30,000 Source: Symantec
Multitude of Threat Vectors Social Media Facebook, MySpace, Linkedin Rogue 3 rd Party Apps Tiny URLs Translations RogueWare
No Industry Is Being Left Behind Financial Heartland Retail Hannaford's Education Harvard University Oklahoma State University Medical Department of Veterans Cedars-Sinai Medical Center Government North Korea Attacks American Networks China hacking into NASA Israel Attacking Iran The cyber warfare HAS begun!
Space Programs USA RUSSIA
Easy Availability of Exploit Tools
Multitude of Regulations PCI (Payment Card Industry) GLBA (Gramm-Leach Bliley Act) HIPAA (Health Insurance Portability and Accountability Act) FISMA (Federal Information Security Management Act) HITECH MA 201 CMR 17 NERC
Perimeter Protection Is Not Enough Communications between machines inside the corporate LAN and between choke-points are not filtered or protected by a perimeter firewall in front of each machine. Servers in the DMZ, Kiosks, workstations used by temporary employees, and other hot spots Mobile users are becoming the back door to the house Telecommuters are becoming more popular, more risks being brought inside
FTP-21 HTTP-80 Sub Quake SMTP-25 From: To: Historical Firewall Configuration
The Complacency of Fools Will Destroy Us Future Threats & Challenges
IT resources and services that are abstracted from the underlying infrastructure and provided On-Demand and At Scale in a multi-tenant environment CLOUD COMPUTING Next Inflection Point
Where does your data go when the cloud blows away When data is breached, who will be at fault? Waiting for first court battle Looks like, feels like SNA? Make sure you have a solid SLA! Clouds Blow Away
Next Generation Threats Next Generation Threats Will Use Stealth Methods vs. Todays Threats User Error will be the way of malware Information Leakage due to negligence and theft Domestic and International Terrorist stealing company technology and secrets New Methods Will Evolve to Adapt to User Behavior Tempt-to-Click Tempt-to-Click IM False pop-ups New Computing Environments and Applications will be targets VoIP Cloud Computing SaaS (Software as a Service) Social Media Protection Will Require Education And Technology
Protect Dysfunctional Users Against Themselves How Do We Best Protect Ourselves and Our Data
What Companies Are Thinking About Virtualizing Security Securing Virtualization
SANS Recommends - Deploy IPS
Strategies To Defeat Threats Anti-Virus Updates Deploy an IPS Today! IPS Filters Turned on and Updated Encrypt Hard Drive Data Operating System Security Updates Educate Users Institute Company Wide Security Policy Implement Defense In Depth IPS, Anti-Virus, Encryption, Multiple Passwords, Other There is no silver bullet
About Sourcefire Stop Threats and Start Partying!
About Sourcefire Founded in 2001 by Snort Creator, Martin Roesch, CTO Headquarters: Columbia, MD Fastest-growing IPS vendor Global Security Alliance partner network NASDAQ: FIRE Open Source Community + Sourcefire Development Best of Both Worlds Mission: To deliver intelligent security infrastructure for the most efficient, effective risk management.
Powered by Snort 270,000 Users 3.7 Million Downloads 80% of Fortune % of Global Snort Integrators 9,000+ Snort Rules Worlds Largest Threat Response Community Most Widely Used IPS Engine Worldwide
Problems With a Traditional IPS Traditional IPS Closed Architecture Exploit- Based None or Limited Manual Operation Architecture Operation Intelligence Accuracy
A New Approach Traditional IPS Closed Architecture Exploit- Based None or Limited Manual Operation Architecture Operation Intelligence Accuracy Open Rules & IPS Engine Vulnerability- Based Real-time, All-the-time Highly Automated Sourcefire IPS
Backed by Sourcefire Vulnerability Research Team VRT Comprehensive Protection Private & Public Threat Feeds Snort Community Insight 300 New Threats per Month 20,000 Malware Samples per Day VRT Research & Analysis VRT LAB >150 million performance & regression tests 1000s of software packages 100s of hardware platforms Advanced Microsoft Disclosure Unrivalled Protection Against Advanced Persistent Threats
Best-in-Class Detection Based on Snortde facto IPS standard Vulnerability-based, zero-day protection Open architecture Flexible custom rules Ranked #1 in detection by NSS Labs* * Network Intrusion Prevention Systems Comparative Test Results, December Comparison using a tuned policy.
NSS Labs Group IPS Test Block Rate Comparison Source: Graphic used with permission by NSS Labs. Network Intrusion Prevention Systems Comparative Test Results, December 2009.
Sourcefire Appliance Product Lines Sourcefire Defense Center ® Sourcefire 3D ® Sensor DC1000 DC3000 PERFORMANCE DC500 3D500 5 Mbps 3D Mbps 3D Mbps 3D Mbps 3D Mbps 3D Gbps 3D Gbps 3D Gbps 3D Gbps VMware Virtual Appliances Virtual Defense Center Virtual 3D Sensor
Why Sourcefire? Powered by Snort Driven by Intelligence Best-in-Class Detection Open Architecture Highly Automated Stop Doing Things the Old Way! Leverage the Only Intelligent IPS.
True North Security Vulnerability Audits Create / Enhance Security Policies Network & Data Protection Solutions Security Awareness Training PCI Compliance Video Monitoring and Surveillance Solutions
Summary Cyber security attacks are common and costly Attackers are sophisticated, well- financed and highly motivated You have limited IT resources Traditional security products cant keep up Not knowing whats on your network is going to continue to be the biggest problem for most security practitioners. Marcus Ranum CSO Magazine
Thank You Ken Pappas CEO True North Security Prepared for: