Presentation on theme: "Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security Prepared for:"— Presentation transcript:
1 Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security Prepared for:
2 Ken Pappas BIO Professional Career Personal Founder and CEO of True North SecurityVP Marketing and Security Strategist at Top Layer SecuritySecurity Strategist at TippingPointDirector of Product Management at 3ComAcquired TippingPoint “IPS technology”General Manager Security Division Enterasys NetworksAcquired Security Wizards “Dragon IDS technology”Acquired Indus River “Remote VPN technology”Security Clearance, Department Of Homeland SecurityComputer ForensicsCISMInfraGard, Boston Chapter sponsored by the FBI and DHSAppearance in Wall Street Journal, Fortune, etc.BLOG>Twitter> TruNorthSecPersonal
3 Agenda Today’s Reality Future Threats & Challenges About Sourcefire About True North SecurityCustomize Agenda to meet the goals of each meeting
5 Security Highlights www.idtheftcenter.org Over 285 million records stolen in 2008 vs. 230 million between the years 2004 – 2007 with Education being the highest.WHY?Who do you think will be #1 in the next two years?31% more bot-infected computers per day in 2008 vs 200790% of breaches from organized crime targeting corporate informationCyber crime cost companies more than $650 million worldwideMajority of breaches caused by insider negligenceUsers blurring their social life, personal life and work life with regards to Internet Usage5
6 Recent Scams Haiti Relief email IRS Form W2 Spoof contains malware Mortgage FraudPop up Anti-Virus Advertisement contains virusH1N1 alert contains malwareFDIC stating bank merger or that your bank is a failed bank. Click here? Get a surprise2010 Census bySURPRISE the Census bureau does not use
7 Attack Sophistication self-replicating code MotivationAuto CoordinatedCross site scriptingAttack Sophistication“stealth” / advanced scanning techniquesHighpacket spoofingdenial of serviceStageddistributedattack toolssnifferssweeperswww attacksautomated probes/scansGUIback doorsdisabling auditsnetwork mgmt. diagnosticshijackingsessionsburglariesAttackSophisticationexploiting known vulnerabilitiespassword crackingself-replicating codeIntruder KnowledgeLowpassword guessing19801985199019952000+Source: Carnegie Mellon University
8 What’s Causing Rise In Cyber Crime RecessionSocial Media SitesYounger/Older generation using computersAvailability of Sophisticated toolsTrickery & Foolery
9 “Zero Hour” Threats Rising Increase in specialized threatsToolkits used to create virus attacks, making specialization of participants a lucrative shadow economy.Sophistication of high end threats is evolving rapidlyTargeted threats attack specific companies, persons and systems.Blended threats becoming more commonCarefully targeted attack may go unnoticed for an undetermined amount of time.
10 Harnessing The Power of Botnets Source: Symantec
11 Industrial Espionage Targeted Attacks 60% of recipients were of a high or medium-level ranking42%of recipients of targeted attacks were sent to high ranking individuals18%of recipients were of medium-level seniority5%of recipients were of a lower-ranking security19%of targeted attacks were directed at general mailboxes such asIndividually Targeted AttacksBlocked Per Day (Average)Source: SymantecSource: MessageLabs Intelligence
12 hackers_targeting_UquyMBhuVAyl6wAn413lGJ Targeted TrojansTargeted trojans are specialized pieces of malware written to extract high value information from known subjects.Source:hackers_targeting_UquyMBhuVAyl6wAn413lGJ
13 Source: MessageLabs Intelligence Targeted Trojans22005PER WEEK12006PER DAY AVG102007PER DAY AVG502008PER DAY AVG602009PER DAY AVGRecentPeaksFrequency:357PER DAYPayload:Source: SymantecSource: MessageLabs Intelligence
14 Website Security Trends New sites with malware in 2009:2,465/dayUnique domains hosting malware:30,000Source: SymantecSource: MessageLabs Intelligence
15 Web 2.0CLICK 1: Companies and employees are heavily involved in social media today.Hundreds of companies doing social media – sharing, talking, listening – but also propagating malware and crimeware.Social media is a breeding ground for crimeware!!CLICK 2: The big ones are on the right – everyone has a facebook acocunt, reaching out and sharing, hugging virtually, etc.
16 Multitude of Threat Vectors Social MediaFacebook, MySpace, LinkedinRogue 3rd Party AppsTiny URL’sTranslationsRogueWare
17 No Industry Is Being Left Behind FinancialHeartlandRetailHannaford'sEducationHarvard UniversityOklahoma State UniversityMedicalDepartment of VeteransCedars-Sinai Medical CenterGovernmentNorth Korea Attacks American NetworksChina hacking into NASAIsrael Attacking IranThe cyber warfare HAS begun!17
20 Multitude of Regulations PCI (Payment Card Industry)GLBA (Gramm-Leach Bliley Act)HIPAA (Health Insurance Portability and Accountability Act)FISMA (Federal Information Security Management Act)HITECHMA 201 CMR 17NERCGramm-Leach Bliley Act (GLBA)Protect consumers’ personal financial information, and affects financial institutions and credit reporting agencies, as well as credit counseling services, lenders, brokerages, and tax preparers.Payment Card Industry (PCI)Protect cardholder data by ensuring that merchants, service providers, and even cardholders who use the internet to access their account data, maintain the highest IT security standards.Health Insurance Portability and Accountability Act (HIPAA)Protect the integrity and confidentiality of patient health information. Requires not only control over who is accessing confidential data, but also requires organizations to actively reduce security risks and conduct a thorough risk analysis of their systems.Federal Information Security Management Act (FISMA)A mandatory set of information technology processes that all government agencies and contractors must follow, including network security policies. Continuous monitoring of security controls to ensure compliance and network integrity.HITECHSignificant financial incentives through the Medicare and Medicaid programs to encourage doctors and hospitals to adopt and use certified electronic health records. Physicians will be eligible for $40,000 to $65,000 for showing that they are meaningfully using health information technology, such as through the reporting of quality measures. Hospitals will be eligible for several million dollars in the Medicaid and Medicare programs to similarly use health information technology. Federally qualified health centers, rural health clinics, children’s hospitals and others will be eligible for funding through the Medicaid program.MA 201 CMR 17Massachusetts specific law effective March 1, 2010 protecting individual information from disclosure and all data must be encrypted20
21 Perimeter Protection Is Not Enough Communications between machines inside the corporate LAN and between choke-points are not filtered or protected by a perimeter firewall in front of each machine.Servers in the DMZ, Kiosks, workstations used by temporary employees, and other “hot spots”Mobile users are becoming the back door to the houseTelecommuters are becoming more popular, more risks being brought inside21
24 The Complacency of Fools Will Destroy Us Future Threats & ChallengesThe Complacency of Fools Will Destroy Us
25 SHOW General Session Day 2 Cisco Live! 20093/31/2017 1:30 PMNext Inflection PointCLOUD COMPUTINGIT resources and services that are abstracted from the underlying infrastructure and provided “On-Demand” and “At Scale” in a multi-tenant environmentSHOW General Session Day 2
26 Clouds Blow Away Where does your data go when the cloud blows away When data is breached, who will be at fault?Waiting for first court battleLooks like, feels like SNA?Make sure you have a solid SLA!
27 Next Generation Threats Next Generation Threats Will Use Stealth Methods vs. Today’s ThreatsUser Error will be the way of malwareInformation Leakage due to negligence and theftDomestic and International Terrorist stealing company technology and secretsNew Methods Will Evolve to Adapt to User BehaviorTempt-to-ClickTempt-to-Click IMFalse pop-upsNew Computing Environments and Applications will be targetsVoIPCloud ComputingSaaS (Software as a Service)Social MediaProtection Will Require Education And Technology
28 Protect Dysfunctional Users Against Themselves How Do We Best Protect Ourselves and Our DataProtect Dysfunctional Users Against Themselves
29 What Companies Are Thinking About SecuringVirtualizationVirtualizingSecurity
31 Strategies To Defeat Threats Anti-Virus UpdatesDeploy an IPS Today!IPS Filters Turned on and UpdatedEncrypt Hard Drive DataOperating System Security UpdatesEducate UsersInstitute Company Wide Security PolicyImplement Defense In DepthIPS, Anti-Virus, Encryption, Multiple Passwords, OtherThere is no silver bullet
32 Stop Threats and Start Partying! About SourcefireStop Threats and Start Partying!
33 Sourcefire Development About SourcefireMission:To deliver intelligent security infrastructure for the most efficient, effective risk management....Founded in 2001 by Snort Creator, Martin Roesch, CTOHeadquarters: Columbia, MDFastest-growing IPS vendorGlobal Security Alliance partner networkNASDAQ: FIREBest of Both WorldsOpen Source CommunitySourcefire was founded by the creator and lead developer of Snort… Marty RoeschWe have a unique, hybrid business model—one that combines the best of open source development with the best of corporate based developmentThis model and our constant innovation has driven our growth, and enabled us to IPO in March of raising nearly $93M in gross proceeds.+Sourcefire Development33
34 Most Widely Used IPS Engine Worldwide Powered by SnortMost Widely Used IPS Engine Worldwide270,000 Users3.7 Million Downloads80% of Fortune 50040% of Global 2000100+ Snort Integrators9,000+ Snort RulesWorld’s Largest Threat Response CommunitySnort is the de facto standard for intrusion prevention with over 3 million downloads and more than 225,000 active users.The Snort community has grown to become an entire ecosystem. When you do business with Sourcefire, you don’t just get Snort – you get access to this entire ecosystem.Open Source is good for our commercial and government customers….why?The world’s largest Threat Response Network. Snort-based detection rules are consistently the first to detect new threats/exploits.A community of trained analysts who know how to deploy and operate our technology (starts with academia, SANS, Sourcefire Training).Products that are secure. Deficiencies are rapidly discovered and corrected. No black box!Interoperability – Every SIM, MSSP and Security Services Company supports Snort….The Standard. (Even some competitors incorporate Snort into their offerings!)
35 Problems With a Traditional IPS Closed ArchitectureExploit- BasedNone or LimitedManual OperationArchitectureAccuracyIntelligenceOperation
36 Real-time, All-the-time A New ApproachTraditional IPSClosed ArchitectureExploit- BasedNone or LimitedManual OperationOpen Rules & IPS EngineVulnerability- BasedReal-time, All-the-timeHighly AutomatedSourcefire IPSArchitectureAccuracyIntelligenceOperation
37 Backed by Sourcefire Vulnerability Research Team VRT Unrivalled Protection Against Advanced Persistent ThreatsPrivate & Public Threat FeedsSnort Community InsightAdvanced Microsoft Disclosure300 New Threats per Month20,000 Malware Samples per DayVRT Research & AnalysisVRT LABSourcefire Vulnerability Research TeamTM1000s ofsoftwarepackages>150 millionperformance ®ression tests100s ofhardwareplatformsComprehensive Protection
38 Best-in-Class Detection Based on Snort—de facto IPS standardVulnerability-based, zero-day protectionOpen architectureFlexible custom rulesRanked #1 in detection by NSS Labs*“When enterprises compare products, signature quality remains the most weighted and competitive factor on shortlists.”Greg Young & John Pescatore Magic Quadrant for Network IPS April 2009* “Network Intrusion Prevention Systems Comparative Test Results,” December Comparison using a tuned policy.
39 NSS Labs Group IPS Test Block Rate Comparison Source: Graphic used with permission by NSS Labs. “Network Intrusion Prevention Systems Comparative Test Results,” December 2009.
40 Sourcefire Appliance Product Lines VMware Virtual AppliancesVirtual Defense Center™Virtual 3D Sensor™Sourcefire Defense Center®DC10003D GbpsDC3000DC5003D Gbps3D Gbps3D Gbps3D MbpsSo, what do you need to deploy?You need one or more Defense Center management console appliances and one or more 3D Sensor appliances that perform at varying speeds…from 5Mbps to the industry’s first shipping 10Gpbs IPS.3D MbpsPERFORMANCE3D MbpsSourcefire 3D®Sensor3D Mbps3D5005 Mbps
41 Stop Doing Things the “Old” Way! Leverage the Only “Intelligent” IPS. Why Sourcefire?Powered by SnortDriven by IntelligenceBest-in-Class DetectionOpen ArchitectureHighly AutomatedStop Doing Things the “Old” Way! Leverage the Only “Intelligent” IPS.
42 True North Security Vulnerability Audits Create / Enhance Security PoliciesNetwork & Data Protection SolutionsSecurity Awareness TrainingPCI ComplianceVideo Monitoring and Surveillance Solutions42
43 Summary Cyber security attacks are common and costly Attackers are sophisticated, well-financed and highly motivatedYou have limited IT resourcesTraditional security products can’t keep up“Not knowing what’s on your network is going to continue to be the biggest problem for most security practitioners.”Marcus Ranum CSO Magazine
44 Thank You Ken Pappas CEO True North Security Prepared for: