Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Security Upside in a Down Market Darin Andersen COO ESET, LLC.

Similar presentations


Presentation on theme: "IT Security Upside in a Down Market Darin Andersen COO ESET, LLC."— Presentation transcript:

1 IT Security Upside in a Down Market Darin Andersen COO ESET, LLC

2 Global security company Sales in over 150 countries North American Headquarters San Diego INC 500 2008 and 2007 winner Flagship Product: ESET NOD32 Antivirus Over 70 million copies in use “Track record” in the Enterprise About ESET

3 ESET Around the World ESET Headquarters ESET Offices ESET Partners

4 ESET Revenue Growth

5 Endpoint Security Solutions ESET NOD32 Antivirus 4: Business Edition Protection for every endpoint in your business from viruses, spyware, malware, and all Internet-born threats. ESET NOD32 Antivirus 4 Business Edition includes Remote Administrator, LAN update “mirror” and can be installed on servers. ESET Smart Security is excellent for laptop computers and includes anti-spam and personal firewall. New features in version 4: Enhanced Remote Administrator, Smarter Scanner, Removable Media Security, Host-based Intrusion Prevention System (HIPS)

6 ESET – Securing the Enterprise Enterprise PainESET Solution 1.Slow protection – wait hours, even days for signature updates 1.Proactive Protection – Zero-day protection with non-intrusive, frequent updates 2.False positives - waste time and resources2.Precise – accurate detection of malware rarely yields false-positive results 3.“Bloatware” – kludged solution that is heavy and slows system performance 3.Lightweight - fully integrated security solution with minimal impact on system performance 4.Slow scanning - high impact to systems – users turn off protection, vulnerable 4.Fast – scanning speeds allow users to work unencumbered 5.Difficult to deploy, update, and manage security on a large number of nodes 5.Scalable - central remote administration easy to manage thousands of nodes 6.High cost - too much to put on every computer6.Competitive pricing - enables full coverage

7 Proactive Protection “NOD32 has the most proactive malware detection capabilities of all the products tested over the last 12 months.” – Andreas Clementi, Project Manager AV-Comparatives.org

8 Missed In-the-Wild Viruses in Virus Bulletin Tests * May 1998 – April 2009 (fewer is better)

9 By the time you read this, 70 new types of malware will be produced. ESET receives 100,000 new malware samples per day Over 1.5 million new malware samples in 2008 Zero-day attacks are increasing rapidly Cybercriminals are growing more sophisticated and financially motivated Traditional security solutions are not keeping up ESET’s proactive approach Are your customers safe….really?

10 eCrime Trends 41% of organizations have seen increase in cybercrime Only 1% have seen decrease Source: eCrime Survey 2009 in partnership with KPMG “We have already had an attack where the infection was dormant, remaining undetected, for 10 months. How many more of these are already on our computers?” “…new scam targets has pushed the total of phishing e-mails from a maximum of around 400,000 a day in August to nearly 800,000 a day in November [2008].” Forbes.com, Economic Bust, Cybercrime Boom, Andy Greenberg, Nov. 19, 2008

11 Finding: The Recession 66% of respondents agree that out-of-work IT professionals during the recession will lead to more people with technical skills joining the cybercriminal underground economy. Source: eCrime Survey 2009 in partnership with KPMG

12 Overall Threat 79% of respondents do not believe that security software based on signature detection offers a sufficient level of protection to Internet users. Source: eCrime Survey 2009 in partnership with KPMG

13 The #1 Internal Threat “ Theft of customer or employee data “ “Knowledge of weak points in business/systems being deliberately exploited. What internal eCrime risks are of most concern in economic downturn? Source: eCrime Survey 2009 in partnership with KPMG

14 Growth of Malware from 1985 – 2007 Source: AVTEST.org

15 Industry Perspective “Computer security has become a more urgent issue in light of rampant online crime and mega-infections like the Conficker worm, which has ensnared up to 12 million personal computers and has helped spur security software sales.” Canadian Business Online - From The Associated Press, May 1, 2009 “Malware kits are supported by product guarantees and service level agreements.” It is real-business, support by organized crime. Emerging Cyber Threats Report for 2009 – Oct. 15, 2008

16 SMB & Enterprise Spending Trends – Main Drivers 1 st – High-profile incidents in other organizations – 42% 2 nd – Regulatory Compliance – 41% 3 rd – Fear of a major incident resulting in negative media coverage for organization – 40% Source: eCrime Survey 2009 in partnership with KPMG

17 Data Breaches What is “Data Loss Prevention” (DLP)? It’s about mitigating risk Who is impacted by data breaches? Everyone Why do data breaches occur? 75%-80% of data breaches are due to human error Yankee Group report: “Anywhere Data is Powerful, Data Everywhere is Dangerous” – Phil Hochmuth Sr. Analyst

18 Financially catastrophic for your customers Loss of sales Investigation and notification costs Fines and litigation (approx: $90 - $305/record) Pay for credit monitoring service ($40/record) Interruption of operations Last – but definitely not least: Brand erosion (reputation, customer trust) Data Breach Consequences

19 Data Breaches – Case Study: Hanaford Bros. Chain of events: Physical access and auditing Malware installed on key servers Data Interception Middleware configuration 4.2M customer records copied “in flight”

20 Data Breach Consequences (cont’d) Regulatory Compliance HIPAA Sarbanes Oxley (SARBOX) Graham Leach Bliley (GLBA )

21 Data Loss Prevention Architectures Data at rest Data in motion Data on mobile and removable devices Network-based Host-based

22 Cyber Risk – Guiding Your Customers What is cyber risk? The risks, liabilities and solutions associated with processes and interactions resulting from business activities conducted through computer networks.

23 Cyber Risk (cont’d) To determine how to lower the risk profile of a company at least three areas need to be evaluated: What is at risk (customer information, IP, etc)? What the threat vectors are (e.g. employees, competition, malware)? Consequences of failure (regulatory compliance issues, brand damage, consumer confidence)

24 Managing Cyber Risk Risk management plan requires senior management buy-in Requires a collaborative approach (team-based) Outline new and existing applications and operations Assess security and privacy risk controls Review business continuity plans Policies.. a necessary evil! Technology is what we use to enforce policy

25 The growth of malware targeting a specific platform is dependent on a key factor: the market penetration of the specific platform. Other factors: The popularity of a platform to engage in commerce as well as its ability to be “always-connected“ Availability of development tools Well-documented APIs (knowledge of the "inner-workings" of the kernel, security mechanisms and network stack) There will be approximately 4B (billion) mobile phones in use by EOY ‘08. This is a very tempting target for cybercriminals to leverage! Mobile Threats

26 Malware The evolution of malware More targeted – spear phishing Increasingly complex – self-modifying, encrypted, etc. Pre-installed Sophisticated social engineering Decrease in email-borne malware Lower barrier to entry

27 Malware (cont’d) Examples Spear phishing – Oak Ridge Nat’l Labs Storm Worm USB (autorun.inf) Password stealing trojans

28 Malware: Bottom Line Gaming-related malware is prevalent and expensive to the victim (identities and assets stolen and re-sold) Autorun is dangerous and can be embedded in off-the- shelf/retail devices! PUAs and spyware are a plague and a curse Heuristics and Behavior Analysis Rule!

29 Mobile Threats (cont’d) The value of an executive's mobile device: 1,000-5,000 contacts customer details business partner's information colleagues / friends' home numbers 100-200+ appointments customer leads pending business activities 200+ internal company emails with sensitive corporate data pending partnerships, lawsuits, M&A data pending business activities sensitive data masquerading as calendar events / contacts ATM, credit card, banking, brokerage info poorly obscured ID's, PIN codes and passwords

30 Best Practices - Businesses Inventory your assets. Know how many computers you have How they connect to your network and Internet Audit is essential Know that all assets are protected Protection is current and audited Use business assets for business only Clearly define policies for acceptable use of company resources Hire a consultant to help secure your business Make security education priority http://www.securingourecity.orghttp://www.securingourecity.org

31 Securing Our eCity – www.securingourcity.org

32 Takeaways Cyber security is everyone’s responsibility DLP is more than just marketing – the numbers speak! No business is immune to data breaches or cyber risk Risk assessment goal – reducing the risk to an acceptable level Technology controls require well-written policies Patch management process The prevalence of malware continues to steadily rise Antivirus is a key component to a security strategy While early, the mobile threat exists – it’s not if, but when

33 ESET in the Enterprise Proactive Protection Precise Detection Support Services Fast Scanning Lightweight Footprint

34 Partner with ESET is Good for your Customers ESET offers proactive approach to security ThreatSense (Advanced Heuristic) Transparent Performance Best of breed Smallest footprint Minimal CPU Centralized Management Manages 3-400,000 computers Agile Security Integrated approach Secure methodology requires layers Server level, desktop, laptop and mobile Partner  Protect  Profit

35 Than k you Darin Andersen, COO ESET, LLC e: dandersen@eset.com m: 619-302-4013dandersen@eset.com


Download ppt "IT Security Upside in a Down Market Darin Andersen COO ESET, LLC."

Similar presentations


Ads by Google