Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Modern Day Attacks and a Silent Security Audit Kierk.

Similar presentations


Presentation on theme: "©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Modern Day Attacks and a Silent Security Audit Kierk."— Presentation transcript:

1 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Modern Day Attacks and a Silent Security Audit Kierk Sanderlin

2 2 2©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Monkey See, Monkey Do

3 3 3©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Monkey see, Monkey do, Monkey sell Black hole exploit kit

4 4 4©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Exploiting Zero-day vulnerabilities [Protected] Non-confidential content New vulnerabilities Countless new variants An average of 70,000 to 100,000 new malware samples are created and distributed each day

5 5 5©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Real World Data

6 6 6©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Threat Emulation Statistics Site Number of files emulated last 7 days Number of files emulated last 30 days Comments US Consumer Toys & Goods New Detections in the last 7 days IL Law Services New Detections in the last 7 days US Regional Bank New Detections in the last 7 days US Regional Bank US Major Pharma New Detections in the last 7 days. Same was sent numerous times IL Online Gaming Europe Major Bank New Detections in the last 7 days US Business Services New Detections in the last 7 days. New installation US Electric Utility

7 7 7©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | What does a bot typically do when it is first started? First Time DNS Query GEO IP Query Catalog of Asset OS Patch level Apps

8 8 8©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | A PC for hire on most any fortune 500 network?

9 9 9©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Woopsie “I made it about halfway through the list of companies in the Fortune 100 with names beginning in “C” when I found a hit: A hacked RDP server at Internet address space assigned to networking giant Cisco Systems Inc. The machine was a Windows Server 2003 system in San Jose, Calif., being sold for $4.55 (see screenshot below). You’ll never guess the credentials assigned to this box: Username: “Cisco,”; password: “Cisco”. Small wonder that it was available for sale via this service. A contact at Cisco’s security team confirmed that the hacked RDP server was inside of Cisco’s network; the source said that it was a “bad lab machine,” but declined to offer more details”

10 10 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | DDOS the Picket Line of the Future?

11 11 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Looking back and forward Main security threats & risks Security architecture Recommendations and beyond

12 12 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Multiple sources of data SensorNet Span Port Threat Cloud

13 13 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | A comprehensive survey 888companies 1,494gateways 120,000Monitoring hours 112,000,000security events

14 14 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | A comprehensive survey % of companies Americas EMEA APAC Industrial Finance Government Telco Consulting Other By geographyBy sector

15 15 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | The Security Report 2013 About the research Key findings Security strategy Summary

16 16 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | We will talk about 3 issues Threats to the organization Risky enterprise applications Data loss incidents in the network

17 17 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Anything for a Buck HACKED

18 18 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | This does not affect me, right?

19 19 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | The majority of companies are infected 63% 100% = 888 companies of the organizations in the research were infected with bots

20 20 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Exploit kits are easy to buy Rental costs One day – 50$ Up to 1 month – 500$ 3 month – 700$ Rental costs One day – 50$ Up to 1 month – 500$ 3 month – 700$ Available online

21 21 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | But there is more than Bots, right? Malware INSIDE How does malware get to my network?

22 22 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Downloading malware all the time 53% of organizations saw malware downloads

23 23 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Most attacks originate in the US Top malware locations, % US 71% Canada 8% Czech Rep 2% Slovakia 2% France 2% UK 2% Germany 2% Israel 3% Turkey 3% China 3%

24 24 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | We will talk about 3 issues Threats to the organization Risky enterprise applications Data loss incidents in the network

25 25 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | No longer a game

26 26 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | What are risky applications? Bypassing security or hiding identity Do harm without the user knowing it P2P file sharing Anonymizers File sharing / storage Social networks

27 27 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Risky applications Anonymizers

28 28 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | What is an anonymizer? UserProxySite

29 29 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | History of Anonymizers Began as “The Onion Router” Officially sponsored by the US Navy 80% of 2012 budget from US Government Used widely during Arab Spring

30 30 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Anonymizers inside the corporation 47% of organizations had users of Anonymizers (80% were not aware that their employees use Anonymizers) 100% = 888 companies

31 31 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Risky applications P2P file sharing

32 32 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | The Risk of P2P Applications Downloading the latest “Walking Dead” episode right now Pirated content liability Malware downloads “Back door” network access

33 33 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | P2P inside the corporation 61% of organizations had a P2P file sharing app in use 100% = 888 companies

34 34 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | We will talk about 3 issues Threats to the organization Risky enterprise applications Data loss incidents in the network

35 35 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | How common is it? 54% of organizations experienced data loss

36 36 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Many types of data leaked 24% Source Code 7% marked as confidential 14% Password protected file 29% Credit card information 13% Salary compensation information 7% Bank accounts numbers 6% Business data record 21% Other

37 37 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | PCI compliance can be improved36% Of financial organizations sent credit card data outside the organization

38 38 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | We have all had this problem Error 552: sorry, that message exceeds my maximum message size limit Dropbox? YouSendIt? Windows Live?

39 39 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Storing and Sharing applications 80% of organizations use file storage and sharing applications 100% = 888 companies

40 40 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Top sharing and storage apps % of organizations But sharing is not always caring…

41 41 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | The Security Report 2013 About the research Key findings Security strategy Summary

42 42 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | We talked about three issues Threats to the organization Risky enterprise applications Data loss incidents in the network

43 43 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Addressing external threats FW AV IPS Anti Bot Anti-Spam Emulation

44 44 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Enabling secure application use URLF Antivirus Application Control Endpoint

45 45 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Preventing data loss Doc Sec DLP Data End Point Application Control User check

46 46 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | infected with bots Remember……. Threats to the organization Risky enterprise applications Data loss incidents in the network used Anonymizers had a data loss event 63%47%54%

47 47 ©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals | Thank You!


Download ppt "©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Modern Day Attacks and a Silent Security Audit Kierk."

Similar presentations


Ads by Google