Download presentation
Presentation is loading. Please wait.
Published byAlexandra Jenkins Modified over 8 years ago
1
Security Measures To Protect Your Organisation From Fraud And Cyber Terrorism: How To Prevent IT From Costing Your Organisation Millions Wong Joon Hoong Country Sales Manager Trend Micro Malaysia
2
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 2 Agenda Ever Changing Network Today’s Security Top Concern Social Engineering Spam mail & Virus evolution Summary Q & A
3
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 3 Ever changing network Broadband adoption Wireless Network Integrated communication devices Information Island -> LAN -> MAN -> WAN Internet ->Intranet -> Extranet-> Internet commerce
4
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 4 Goal of Security Previous : Security is to prevent losses, protect against confidentiality breaches Today: The goal of Security is enabling e-Business
5
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 5 Security Challenges Spam Viruses & Worms System Vulnerabilities Unwelcome Visitors Firewall ensures that unauthorized users/hackers can’t gain access to internal company network Remote Access VPN ensures that employees may securely access company data on the road or from home. Monitoring for and applying patches to applications and OS as soon as they are made available YTD, 50% of Internet email is spam, and growing Spam clogs resources and drain productivity 85% of viruses comes from the Internet Difficult to maintain current antivirus versions and to protect all possible access points
6
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 6 Spam – The Rising Problem Junk Mail Rate 2002 * 75% 100% 125% 150% 175% 200% JanFebMarAprMayJunJulAugSept 20% 25% 30% 35% 40% * Source: 7 billion actual customer messages processed by Postini Junk mail rate for corporations approaching 50% and continuing to rise. Pornographic spam causing workplace liability concerns. There is no end in sight, thus email for business use could become useless by 2004. (Think it couldn’t happen? Usenet Newsgroups suffered a similar fate)
7
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 7 Got Spam? Censored!!!!
8
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 8 What is the tangible cost of Spam? Base on 500 User email users in an organsition!
9
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 9 Un-be-lievable. IDC survey: more than a third (37 percent) of business email users would still open the attachment of an email titled 'ILOVEYOU' The report found that on any day of the year, business users would open an email appearing to be from someone they know if the following appeared in the subject line: “Great Joke” (54 percent) “Look at this” (50 percent) “Message” (46 percent) “No title” (40 percent) “Special offer” (39 percent) Source: http://www.theregister.co.uk/content/8/16668.html 2/6/2001http://www.theregister.co.uk/content/8/16668.html
10
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 10 Malicious Code Growth 1990 199119941996199819992000200120022003
11
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 11 Evolution of Viruses
12
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 12 Recent Network Virus Attacks YearAttackNumber of Infected PC’s Est. Amount of Loss (USD) Y 2003Worm_MSBLAST1.4 Million +Still Counting…… Y 2003SQL Slammer200,000 +950 million ~ 1.2 billion Y 2002Klez6 Million +9 Billion Y 2001CodeRed1 Million +2.6 billion Y 2001NIMDA8 Million +600 million Y 2000Love Letter8.8 billion
13
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 13 Virus attack and mail spamming are the most common types of security breaches experienced Types of security breach(es) experienced before % Virus attack Mail spamming Employee's abuse: Downloading pornography Employee's abuse: Inappropriate use of e-mail system Employee's abuse: Downloading pirated software Denial of service Theft: Hardware/ Computer Hack threat/ system penetration CDs/ Diskette stolen Website unauthorized access/ misuse Sabotage of data or network Theft: proprietary information Website vandalism Financial fraud Active wire tap None of the above Base : All organisations 100 NISER 2003 Survey
14
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 14 Problem #1: Network Viruses (Worms) Have been Unstoppable No security solution has stopped or contained these network viruses Most often it has been too late = $2.15B in damages in Year 2003 alone Source: Trend Micro, Computer Economics Central Site VPN Firewall DoS Protection Intrusion Prevention Traditional Antivirus Vulnerability Assessment Nimda Code Red Slammer MSBlaster.A Welchia Security Mgmt. Internet
15
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 15 Problem #2: Vulnerability Prioritization and Isolation is Daunting Window of time from patch availability to outbreak is shrinking Difficult to prioritize patches to apply and isolate unpatched machines during an outbreak Source: Trend Micro MSBlaster.A Aug. 11, 2003 Patch: MS03-026 Jul. 16, 2003 Patch: MS02-039 Jul. 24, 2002 Slammer Jan. 25, 2003 Nimda Patch: MS00-078 Oct.17, 2000 Sept. 18, 2001 SASSER.B May,02, 2004 Patch: MS04-01 Apr 13, 2004 Window 26 days 185 days 336 days 17 days
16
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 16 Problem #3: Ineffective Policy Enforcement Leads to Re-infections 199920022003 Millions of infections (2003) 2001 5 of Top 10 viruses in 2003 released 1-4 years ago Non-compliant devices connect from multiple network access points Ineffective access control of these devices leads to re-infections Source: Trend Micro
17
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 17 Why the current industry solution is ineffective Mixed threat attacks need more than pattern files Attack-specific policy and system assessment and cleanup Inconsistent or inaccurate security policy settings Lack of central policy management Inability to respond quickly enough when outbreak or reinfection occurs Pattern files take time to develop Out-of-date pattern files, AV not present on all hosts and pathways Lack of central management and updates = missed detections Security devices don’t coordinate Enterprises must coordinate themselves with several vendors
18
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 18 Virus Outbreak Lifecycle = Customer Experience Threat Information Attack Prevention Notification and Assurance Pattern File Scan and Eliminate Assess and Cleanup Restore and Post- mortem Antivirus focus is not sufficient Enterprise TCO and lost productivity affects the customer at all stages of the lifecycle. $$ $$$$ $$$ “An estimated 74% of outbreak cost is related to cleaning.” -- Computer Economics, 2002 $ $ The Result Vulnerability Assessment Vulnerability Assessment $$
19
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 19 Security Wish List Requirements Remain Unfulfilled
20
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 20 Which Security Solution should I invest to? Point Products Proactive Mixed defense Security Solution Security Suites: Integrated firewall, AV, CF, IDS
21
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 21 Vulnerability Assessment Outbreak Prevention Services Virus Response Services Damage Cleanup Services Outbreak Mgmt. You need protection strategy instead of product COMMAND CENTRE Malicious Code Eliminated Outbreak Prevention Virus Response Assessment and Restoration Malicious Code Attack Vulnerability Prevention Vulnerability Discovered Proactive Outbreak Lifecycle Management
22
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 22 Summary Network and security landscape ever changing Virus/Worn and Spam making use of social engineering delivery mixed threat attack, traditional way of handling virus/spam is no longer effective Antispam : 2/3 of today spam email is 1 st time spam and hybrid behaviour. Need heuristic antispam approach and integration of AV + Content Filtering + Antispam as solution. Internal : Enforce Security policy, practice secure computing, Management involvement and support in IT security decision External : Deployed proactive, centrally managed, precise security mixed threat defense solution instead of point product or suite product Let the security system work for you instead!
23
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 23 Fastest growing antivirus vendor in the world.* Founded in the US in 1988. Corporate headquarters in Tokyo, Japan. Publicly traded on NASDAQ and NIKKEI exchanges Antivirus and content security software and services provider to enterprise, small and medium business, and consumer segments Transnational company with 1800+ employees across 30 business units worldwide First and only security solution provider pioneering end-to-end proactive outbreak life cycle management *Antivirus Software 2002: A Segmentation of the Market (IDC) Trend Micro Overview
24
THANK YOU
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.