Presentation is loading. Please wait.

Presentation is loading. Please wait.

Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security Prepared for:

Similar presentations


Presentation on theme: "Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security Prepared for:"— Presentation transcript:

1 Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security
Prepared for:

2 Ken Pappas BIO Professional Career Personal
Founder and CEO of True North Security VP Marketing and Security Strategist at Top Layer Security Security Strategist at TippingPoint Director of Product Management at 3Com Acquired TippingPoint “IPS technology” General Manager Security Division Enterasys Networks Acquired Security Wizards “Dragon IDS technology” Acquired Indus River “Remote VPN technology” Security Clearance, Department Of Homeland Security Computer Forensics CISM InfraGard, Boston Chapter sponsored by the FBI and DHS Appearance in Wall Street Journal, Fortune, etc. BLOG> Twitter> TruNorthSec Personal

3 Agenda Today’s Reality Future Threats & Challenges About Sourcefire
About True North Security Customize Agenda to meet the goals of each meeting

4 Today’s Reality

5 Security Highlights www.idtheftcenter.org
Over 285 million records stolen in 2008 vs. 230 million between the years 2004 – 2007 with Education being the highest. WHY? Who do you think will be #1 in the next two years? 31% more bot-infected computers per day in 2008 vs 2007 90% of breaches from organized crime targeting corporate information Cyber crime cost companies more than $650 million worldwide Majority of breaches caused by insider negligence Users blurring their social life, personal life and work life with regards to Internet Usage 5

6 Recent Scams Haiti Relief email IRS Form W2 Spoof contains malware
Mortgage Fraud Pop up Anti-Virus Advertisement contains virus H1N1 alert contains malware FDIC stating bank merger or that your bank is a failed bank. Click here? Get a surprise 2010 Census by SURPRISE the Census bureau does not use

7 Attack Sophistication self-replicating code
Motivation Auto Coordinated Cross site scripting Attack Sophistication “stealth” / advanced scanning techniques High packet spoofing denial of service Staged distributed attack tools sniffers sweepers www attacks automated probes/scans GUI back doors disabling audits network mgmt. diagnostics hijacking sessions burglaries Attack Sophistication exploiting known vulnerabilities password cracking self-replicating code Intruder Knowledge Low password guessing 1980 1985 1990 1995 2000+ Source: Carnegie Mellon University

8 What’s Causing Rise In Cyber Crime
Recession Social Media Sites Younger/Older generation using computers Availability of Sophisticated tools Trickery & Foolery

9 “Zero Hour” Threats Rising
Increase in specialized threats Toolkits used to create virus attacks, making specialization of participants a lucrative shadow economy. Sophistication of high end threats is evolving rapidly Targeted threats attack specific companies, persons and systems. Blended threats becoming more common Carefully targeted attack may go unnoticed for an undetermined amount of time.

10 Harnessing The Power of Botnets
Source: Symantec

11 Industrial Espionage Targeted Attacks
60% of recipients were of a high or medium-level ranking 42% of recipients of targeted attacks were sent to high ranking individuals 18% of recipients were of medium-level seniority 5% of recipients were of a lower-ranking security 19% of targeted attacks were directed at general mailboxes such as Individually Targeted Attacks Blocked Per Day (Average) Source: Symantec Source: MessageLabs Intelligence

12 hackers_targeting_UquyMBhuVAyl6wAn413lGJ
Targeted Trojans Targeted trojans are specialized pieces of malware written to extract high value information from known subjects. Source: hackers_targeting_UquyMBhuVAyl6wAn413lGJ

13 Source: MessageLabs Intelligence
Targeted Trojans 2 2005 PER WEEK 1 2006 PER DAY AVG 10 2007 PER DAY AVG 50 2008 PER DAY AVG 60 2009 PER DAY AVG Recent Peaks Frequency: 357 PER DAY Payload: Source: Symantec Source: MessageLabs Intelligence

14 Website Security Trends
New sites with malware in 2009: 2,465/day Unique domains hosting malware: 30,000 Source: Symantec Source: MessageLabs Intelligence

15 Web 2.0 CLICK 1: Companies and employees are heavily involved in social media today. Hundreds of companies doing social media – sharing, talking, listening – but also propagating malware and crimeware. Social media is a breeding ground for crimeware!! CLICK 2: The big ones are on the right – everyone has a facebook acocunt, reaching out and sharing, hugging virtually, etc.

16 Multitude of Threat Vectors
Social Media Facebook, MySpace, Linkedin Rogue 3rd Party Apps Tiny URL’s Translations RogueWare

17 No Industry Is Being Left Behind
Financial Heartland Retail Hannaford's Education Harvard University Oklahoma State University Medical Department of Veterans Cedars-Sinai Medical Center Government North Korea Attacks American Networks China hacking into NASA Israel Attacking Iran The cyber warfare HAS begun! 17

18 Space Programs USA RUSSIA

19 Easy Availability of Exploit Tools

20 Multitude of Regulations
PCI (Payment Card Industry) GLBA (Gramm-Leach Bliley Act) HIPAA (Health Insurance Portability and Accountability Act) FISMA (Federal Information Security Management Act) HITECH MA 201 CMR 17 NERC Gramm-Leach Bliley Act (GLBA) Protect consumers’ personal financial information, and affects financial institutions and credit reporting agencies, as well as credit counseling services, lenders, brokerages, and tax preparers. Payment Card Industry (PCI) Protect cardholder data by ensuring that merchants, service providers, and even cardholders who use the internet to access their account data, maintain the highest IT security standards. Health Insurance Portability and Accountability Act (HIPAA) Protect the integrity and confidentiality of patient health information. Requires not only control over who is accessing confidential data, but also requires organizations to actively reduce security risks and conduct a thorough risk analysis of their systems. Federal Information Security Management Act (FISMA) A mandatory set of information technology processes that all government agencies and contractors must follow, including network security policies. Continuous monitoring of security controls to ensure compliance and network integrity. HITECH Significant financial incentives through the Medicare and Medicaid programs to encourage doctors and hospitals to adopt and use certified electronic health records. Physicians will be eligible for $40,000 to $65,000 for showing that they are meaningfully using health information technology, such as through the reporting of quality measures. Hospitals will be eligible for several million dollars in the Medicaid and Medicare programs to similarly use health information technology. Federally qualified health centers, rural health clinics, children’s hospitals and others will be eligible for funding through the Medicaid program. MA 201 CMR 17 Massachusetts specific law effective March 1, 2010 protecting individual information from disclosure and all data must be encrypted 20

21 Perimeter Protection Is Not Enough
Communications between machines inside the corporate LAN and between choke-points are not filtered or protected by a perimeter firewall in front of each machine. Servers in the DMZ, Kiosks, workstations used by temporary employees, and other “hot spots” Mobile users are becoming the back door to the house Telecommuters are becoming more popular, more risks being brought inside 21

22 Historical Firewall Configuration
From: FTP-21 HTTP-80 Sub Quake-26000 SMTP-25 22

23 Today’s Firewall Configurations
FTP-21 HTTP-80 BackOrifice-31337 SMTP-25 23

24 The Complacency of Fools Will Destroy Us
Future Threats & Challenges The Complacency of Fools Will Destroy Us

25 SHOW General Session Day 2
Cisco Live! 2009 3/31/2017 1:30 PM Next Inflection Point CLOUD COMPUTING IT resources and services that are abstracted from the underlying infrastructure and provided “On-Demand” and “At Scale” in a multi-tenant environment SHOW General Session Day 2

26 Clouds Blow Away Where does your data go when the cloud blows away
When data is breached, who will be at fault? Waiting for first court battle Looks like, feels like SNA? Make sure you have a solid SLA!

27 Next Generation Threats
Next Generation Threats Will Use Stealth Methods vs. Today’s Threats User Error will be the way of malware Information Leakage due to negligence and theft Domestic and International Terrorist stealing company technology and secrets New Methods Will Evolve to Adapt to User Behavior Tempt-to-Click Tempt-to-Click IM False pop-ups New Computing Environments and Applications will be targets VoIP Cloud Computing SaaS (Software as a Service) Social Media Protection Will Require Education And Technology

28 Protect Dysfunctional Users Against Themselves
How Do We Best Protect Ourselves and Our Data Protect Dysfunctional Users Against Themselves

29 What Companies Are Thinking About
Securing Virtualization Virtualizing Security

30 SANS Recommends - Deploy IPS

31 Strategies To Defeat Threats
Anti-Virus Updates Deploy an IPS Today! IPS Filters Turned on and Updated Encrypt Hard Drive Data Operating System Security Updates Educate Users Institute Company Wide Security Policy Implement Defense In Depth IPS, Anti-Virus, Encryption, Multiple Passwords, Other There is no silver bullet

32 Stop Threats and Start Partying!
About Sourcefire Stop Threats and Start Partying!

33 Sourcefire Development
About Sourcefire Mission: To deliver intelligent security infrastructure for the most efficient, effective risk management. .. . Founded in 2001 by Snort Creator, Martin Roesch, CTO Headquarters: Columbia, MD Fastest-growing IPS vendor Global Security Alliance partner network NASDAQ: FIRE Best of Both Worlds Open Source Community Sourcefire was founded by the creator and lead developer of Snort… Marty Roesch We have a unique, hybrid business model—one that combines the best of open source development with the best of corporate based development This model and our constant innovation has driven our growth, and enabled us to IPO in March of raising nearly $93M in gross proceeds. + Sourcefire Development 33

34 Most Widely Used IPS Engine Worldwide
Powered by Snort Most Widely Used IPS Engine Worldwide 270,000 Users 3.7 Million Downloads 80% of Fortune 500 40% of Global 2000 100+ Snort Integrators 9,000+ Snort Rules World’s Largest Threat Response Community Snort is the de facto standard for intrusion prevention with over 3 million downloads and more than 225,000 active users. The Snort community has grown to become an entire ecosystem. When you do business with Sourcefire, you don’t just get Snort – you get access to this entire ecosystem. Open Source is good for our commercial and government customers….why? The world’s largest Threat Response Network. Snort-based detection rules are consistently the first to detect new threats/exploits. A community of trained analysts who know how to deploy and operate our technology (starts with academia, SANS, Sourcefire Training). Products that are secure. Deficiencies are rapidly discovered and corrected. No black box! Interoperability – Every SIM, MSSP and Security Services Company supports Snort….The Standard. (Even some competitors incorporate Snort into their offerings!)

35 Problems With a Traditional IPS
Closed Architecture Exploit- Based None or Limited Manual Operation Architecture Accuracy Intelligence Operation

36 Real-time, All-the-time
A New Approach Traditional IPS Closed Architecture Exploit- Based None or Limited Manual Operation Open Rules & IPS Engine Vulnerability- Based Real-time, All-the-time Highly Automated Sourcefire IPS Architecture Accuracy Intelligence Operation

37 Backed by Sourcefire Vulnerability Research Team VRT
Unrivalled Protection Against Advanced Persistent Threats Private & Public Threat Feeds Snort Community Insight Advanced Microsoft Disclosure 300 New Threats per Month 20,000 Malware Samples per Day VRT Research & Analysis VRT LAB Sourcefire Vulnerability Research TeamTM 1000s of software packages >150 million performance & regression tests 100s of hardware platforms Comprehensive Protection

38 Best-in-Class Detection
Based on Snort—de facto IPS standard Vulnerability-based, zero-day protection Open architecture Flexible custom rules Ranked #1 in detection by NSS Labs* “When enterprises compare products, signature quality remains the most weighted and competitive factor on shortlists.” Greg Young & John Pescatore Magic Quadrant for Network IPS April 2009 * “Network Intrusion Prevention Systems Comparative Test Results,” December Comparison using a tuned policy.

39 NSS Labs Group IPS Test Block Rate Comparison
Source: Graphic used with permission by NSS Labs. “Network Intrusion Prevention Systems Comparative Test Results,” December 2009.

40 Sourcefire Appliance Product Lines
VMware Virtual Appliances Virtual Defense Center™ Virtual 3D Sensor™ Sourcefire Defense Center® DC1000 3D Gbps DC3000 DC500 3D Gbps 3D Gbps 3D Gbps 3D Mbps So, what do you need to deploy? You need one or more Defense Center management console appliances and one or more 3D Sensor appliances that perform at varying speeds…from 5Mbps to the industry’s first shipping 10Gpbs IPS. 3D Mbps PERFORMANCE 3D Mbps Sourcefire 3D® Sensor 3D Mbps 3D5005 Mbps

41 Stop Doing Things the “Old” Way! Leverage the Only “Intelligent” IPS.
Why Sourcefire? Powered by Snort Driven by Intelligence Best-in-Class Detection Open Architecture Highly Automated Stop Doing Things the “Old” Way! Leverage the Only “Intelligent” IPS.

42 True North Security Vulnerability Audits
Create / Enhance Security Policies Network & Data Protection Solutions Security Awareness Training PCI Compliance Video Monitoring and Surveillance Solutions 42

43 Summary Cyber security attacks are common and costly
Attackers are sophisticated, well-financed and highly motivated You have limited IT resources Traditional security products can’t keep up “Not knowing what’s on your network is going to continue to be the biggest problem for most security practitioners.” Marcus Ranum CSO Magazine

44 Thank You Ken Pappas CEO True North Security
Prepared for:


Download ppt "Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security Prepared for:"

Similar presentations


Ads by Google