Simple and Complex Threats Shape the Future Linda McCarthy Executive Security Advisor November 22, 2003.

Slides:



Advertisements
Similar presentations
1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.
Advertisements

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
(n)Code Solutions Presentation on the importance of a Secure Technology Infrastructure.
ETrust End to End Security Management Bernd Dultinger Sales Manager South CEE & Turkey.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Security Alert: Latest Trends in Global Attacks, Sources and Impact Vince Steckler Vice President, Asia Pacific.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Unified Logs and Reporting for Hybrid Centralized Management
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Sophos anti-virus and anti-spam for business OARNET October 13, 2004.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Norman SecureSurf Protect your users when surfing the Internet.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
Unify and Simplify: Security Management
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
Dell Connected Security Solutions Simplify & unify.
Information Security Management: Protecting IT Assets from Current and Future Threats John McCumber Strategic Program Manager.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Module 14: Configuring Server Security Compliance
Maintaining a Secure Messaging Environment Across , IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
JEnterprise Suite For Network Monitoring and Security Dr. Sureswaran Ramadass, Dr. Rahmat Budiarto, Mr. Ahmad Manasrah, Mr. M. F. Pasha.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Protecting Your Business! SBA Ft. Lauderdale November 15, 2006 Gregory Levine, Sr. Director Marketing.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.
Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.
Network security Product Group 2 McAfee Network Security Platform.
National HMIS Conference September 14th and 15th, 2004 Chicago, IL Sponsored by the U.S. Department of Housing and Urban Development1 Information Security.
Exchange Deployment Planning Services Exchange 2010 Complementary Products.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Open Malicious Source Symantec Security Response Kaoru Hayashi.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
Cyber Security : Indian perspective. 22 Internet Infrastructure in INDIA.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
DenyAll Delivering Next-Generation Application Security to the Microsoft Azure Platform to Secure Cloud-Based and Hybrid Application Deployments MICROSOFT.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Boris Ulík Technology Solutions Professional Microsoft Slovakia Microsoft ® System Center 2012: System Center Endpoint Protection 2012.
Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.
Security Log Visualization with a Correlation Engine: Chris Kubecka Security-evangelist.eu All are welcome in the House of Bytes English Language Presentation.
Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.
Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.
Hybrid Management and Security
Threat Management Gateway
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Check Point Connectra NGX R60
Building an Integrated Security System Microsoft Forefront code name “Stirling” Ravi Sankar Technology Evangelist | Microsoft
Intrusion Detection system
Introduction to Internet Worm
Presentation transcript:

Simple and Complex Threats Shape the Future Linda McCarthy Executive Security Advisor November 22, 2003

© 2003 Symantec Corp. Page 2 ARPA Network

© 2003 Symantec Corp. Page 3 Internet Backbone

© 2003 Symantec Corp. Page 4 Faster, Frequent, and More Complex Blended Threats Increasing prevalence of blended threats Combine hacking, denial of service, more aggressive, and spread faster than ever before August 2003 tested defenses of home and corporate users Four high impact attacks in the span of eight days Tested the defenses of home an corporate users Attackers turning up the heat

© 2003 Symantec Corp. Page 5 Tremendous Challenges Increasing number and sophistication of attacks Increasing complexity across an enterprise Resource Constraints Risks difficult to define and prioritize Products alone are reactive M 300M 400M 500M 600M 700M 900M 0 Infection Attempts 100M 800M *Analysis by Symantec Security Response using data from Symantec, IDC & ICSA; 2002 estimated **Source: CERT Network Intrusion Attempts 20,000 40,000 60,000 80, , ,000 Blended Threats (CodeRed, Nimda, Slammer) Denial of Service (Yahoo!, eBay) Mass Mailer Viruses (Love Letter/Melissa) Zombies Polymorphic Viruses (Tequila) Malicious Code Infection Attempts * Network Intrusion Attempts ** Worldwide Attacks

© 2003 Symantec Corp. Page 6 Attack Sources * Top ten attack source countries account for 80% of all attacks 51% of all attacks originate in the United States Japan is 9 th most common source Source: Internet Security Threat Report, Symantec, September %Italy10 2% Japan9 2%Netherlands8 2%Great Britain7 3%France6 4%Canada5 4%South Korea4 5%Germany3 5%China2 51%United States1 Six Months Ending June 30, 2003 Country Rankin g Highlights – Attacks

© 2003 Symantec Corp. Page 7 High Low Less Knowledge Required to Attack Intruder Knowledge Automated Tools & Attack Sophistication

© 2003 Symantec Corp. Page '99'00'01'02'03 Source: Bugtraq Average number of new vulnerabilities discovered every week Software Vulnerabilities on the Rise

© 2003 Symantec Corp. Page 9 Vulnerability-Threat Window Vulnerability Identified Threat Released Time Threat Evolution: Day-zero Threats A day-zero threat exploits a previously unknown, and therefore unprotected vulnerability.

© 2003 Symantec Corp. Page 10 Vulnerability identified Threat released Time Day-zero exploit Threat released Threat Evolution: Day-zero Threats A day-zero threat exploits a previously unknown, and therefore unprotected vulnerability. Months Days Hours “Day 0” Novice Programmer Sophisticated Programmer Organized Crime/ Terrorist Organization Nation/State Threat As attacker demographics shift, we see a reduction in the vulnerability-threat window. Time Until Exploitation

© 2003 Symantec Corp. Page 11 Faster, More Aggressive Attacks More attacks are targeting new vulnerabilities New vulnerabilities are being exploited more quickly Faster exploitation requires better patch management policies 39% 25% 14% 10% 4% 5% 1% 0% 10% 20% 30% 40% 50% 0 to 66 to 1212 to 1818 to 2424 to 3030 to 3636 to 4242 to 48 Vulnerability Age Range (months) Percent of New Attack Targets 64% of new attacks targeted vulnerabilities less than 1 year old Trends

© 2003 Symantec Corp. Page 12 New Technologies and Targets Broadband 120M subscribers worldwide by 2005 SCADA Used by oil and natural gas, controls electric power and water supplies Instant Messaging/P2P Over 500M users by 2005 Wireless 484M users worldwide by 2005 Grid Computing $4.1B market by 2005 Web Services Security $4.4B market by 2006

© 2003 Symantec Corp. Page 13  Flash threats?  Massive worm-driven DDoS?  Critical infrastructure attacks? Regional Scope Individual PCs Individual Orgs. Sector Global Impact  1 st gen. viruses  Individual DoS  Web defacement 1990s General Threat Evolution  worms  DDoS  Credit hacking  Blended threats  Limited Warhol threats  Worm-driven DDoS  National credit hacking  Infrastructure hacking Time

© 2003 Symantec Corp. Page 14 Hours Time Weeks or months Days Minutes Seconds Class II Human response: difficult/impossible Automated response: possible Early 1990sMid 1990sLate 1990s Class III Human response: impossible Automated response: unlikely Proactive blocking: possible Threat Evolution: Malicious Code Contagion Timeframe File Viruses Macro Viruses Worms Blended Threats “Warhol” Threats “Flash” Threats Class I Human response: possible

© 2003 Symantec Corp. Page 15 Threat ClassSensing Strategies Reactive Protection Strategies Proactive Protection Strategies Class III threats (Flash threats, Day-Zero) Class II threats (Blended threats, Warhol, Day-Zero) Class I threats (Blended threats, worms, viruses) Distributed Sensor Networks Protocol Anomaly Detection Rule and Statistical Correlation Malicious Code Protection Strategies Generic Exploit Blocking Network Intrusion Prevention Host Intrusion Prevention Only useful after initial wave Manual Fingerprints Auto Fingerprint Generation Auto Fingerprint Generation (for slower Class II threats) Adaptive Security

© 2003 Symantec Corp. Page 16 Faster, More Frequent Blended Threats 20% increase in blended threats New blended threats spread more quickly Protection against blended threats requires a layered, integrated approach to security Trends

© 2003 Symantec Corp. Page 17 New Blended Threat Targets Microsoft IIS vulnerabilities –Large installed base –Numerous severe vulnerabilities Microsoft Internet Explorer vulnerabilities –Large installed base –Easy exploitation Trends

© 2003 Symantec Corp. Page 18 Expanded Dangers from Blended Threats Theft of confidential information –Bugbear.B –50% increase in attacks on confidential data Remote attacks –Disguised as worm activity –Bot armies execute remote commands Trends

© 2003 Symantec Corp. Page 19 Information Security Solutions Today Fragmented functionality No integrated approach Lack of a cohesive security management capability Limited availability of expertise Overly complicated & not enough customization of applications Authen-tication Antivirus Firewall IntrusionDetection VulnAssess VPN Content Updates & SecurityResponse 24x7GlobalCustomerSupport AttackRecoveryServices ThreatManagement & Early Warning Honey Pot & Decoy Technology VulnMgmt PolicyMgmt Event & IncidentMgmt AccessControl & Auth IdentityMgmt Config.Mgmt CommonConsole SecurityServices

© 2003 Symantec Corp. Page 20 Symantec is Securing the Enterprise Proactive Control Antivirus Firewall Intrusion Detection & Prevention Intrusion Detection & Prevention VPN Content Updates & Security Response Content Updates & Security Response 24x7 Global Customer Support 24x7 Global Customer Support Vulnerability Assessment Vulnerability Assessment Threat Management & Early Warning Threat Management & Early Warning Honey Pot & Decoy Technology Honey Pot & Decoy Technology Policy Compliance Event & Incident Mgmt Event & Incident Mgmt Authentication Access Control & Authorization Access Control & Authorization Identity Mgmt Identity Mgmt Config. Mgmt Config. Mgmt Attack Recovery Services Attack Recovery Services Common Console Common Console Encryption

© 2003 Symantec Corp. Page 21 Early Warning –DeepSight ™ Decoy Technology –Decoy Server Vulnerability Assessment Alert Securing the Enterprise Alert – Early Warning –Awareness of new vulnerabilities and global threats Areas of Future Focus –Continue to close the gap between awareness of security issues and specific immediate action –Leverage the global reach of 100 million endpoints in 180 countries –Protect valuable assets by focusing security resources on only those threats that can take down their network

© 2003 Symantec Corp. Page , , ,000 8/10/0310:39 am:DeepSight TMS Port 135 Alert DeepSight – Blaster Worm Timeline 8/11/037:57 pm:ThreatCon Alert of worm (TMS) 8/11/038:44 pm:Blaster Worm Alert sent (TMS) 8/11/0310:00 pm:Blaster widely seen by others IP(s) 1.5 days Early Warning All times GMT

© 2003 Symantec Corp. Page 23 Integrated Solutions –Client Security –Gateway Security Best-of-breed products –Host and Network Intrusion Detection & Prevention –Antivirus –Filtering –Firewall –VPN Protect Securing the Enterprise Protection –Multi-layered security at the Gateway, Server and Client Areas of Future Focus: –Stronger protection Faster speeds Prevention technologies Proactively block attacks Wireless & mobile support Client compliancy –Tighter integration with Early Warning services –Extending integrated security to all layers

© 2003 Symantec Corp. Page 24 Symantec Client Security Best-of-breed plus integration provides better protection for lower Total Cost of Ownership –Antivirus –Client Firewall –Intrusion Detection Future enhancements to include –Client-compliancy checking –Enhanced FW capabilities –Location awareness Protect

© 2003 Symantec Corp. Page 25 Intrusion Protection Solutions High speed multi-gigabit network detection –Multiple advanced detection methodologies Protocol anomaly detection, signature, behavioral, hybrids, decoy –iForce appliance option – built by Symantec & Sun Protection controls at the host, network, and decoy Interoperability with 3 rd party data collection

© 2003 Symantec Corp. Page 26 Symantec AV for Handhelds Corp Edition Desktop assisted solution Integrated with existing update infrastructures Comprehensive cross-platform support On-device real-time and on- demand scanning Automatic scans on memory media insertion, after synchronization On-device wireless LiveUpdate Protect

© 2003 Symantec Corp. Page 27 Security Response –(LiveUpdate) 7x24 customer support Professional Services Disk Recovery Respond Securing the Enterprise Respond –Trusted, timely content updates –24/7 global remediation support Areas of Future Focus –Anticipating likely exploits of vulnerabilities –Providing proactive updates that block attacks using anticipated exploits

© 2003 Symantec Corp. Page 28 Manage Securing the Enterprise Manage –Real-time security management to Identify and prioritize critical vulnerabilities non-compliance malicious events blended threats Areas of Future Focus –Patch management and deployment –Increased platform (OS/DB) support –Integration with HelpDesk applications –Additional correlation technologies –Significant increase in collectors ESM (Policy Compliance) Security Management –Incident Manager –Event Managers Managed Security Services

© 2003 Symantec Corp. Page 29 Conclusion: Optimize Control and Minimize Complexity Key process elements for an effective security program –Alert – Protect – Respond – Manage Security is too complex, need to simplify –Symantec’s security application and management integration simplifies security Increases protection Reduces total cost of ownership Provides 360 degree view of security posture Integrate our robust security content in all of our products Provide flexible, fast, expert support to our customers Deliver world-class security threat information and response

© 2003 Symantec Corp. Page 30

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.