Presentation is loading. Please wait.

Presentation is loading. Please wait.

Simple and Complex Threats Shape the Future Linda McCarthy Executive Security Advisor November 22, 2003.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Simple and Complex Threats Shape the Future Linda McCarthy Executive Security Advisor November 22, 2003."— Presentation transcript:

1 Simple and Complex Threats Shape the Future Linda McCarthy Executive Security Advisor November 22, 2003

2 © 2003 Symantec Corp. Page 2 ARPA Network - 1969

3 © 2003 Symantec Corp. Page 3 Internet Backbone - 2003

4 © 2003 Symantec Corp. Page 4 Faster, Frequent, and More Complex Blended Threats Increasing prevalence of blended threats Combine hacking, denial of service, more aggressive, and spread faster than ever before August 2003 tested defenses of home and corporate users Four high impact attacks in the span of eight days Tested the defenses of home an corporate users Attackers turning up the heat

5 © 2003 Symantec Corp. Page 5 Tremendous Challenges Increasing number and sophistication of attacks Increasing complexity across an enterprise Resource Constraints Risks difficult to define and prioritize Products alone are reactive 19951996199719981999200020012002 200M 300M 400M 500M 600M 700M 900M 0 Infection Attempts 100M 800M *Analysis by Symantec Security Response using data from Symantec, IDC & ICSA; 2002 estimated **Source: CERT Network Intrusion Attempts 20,000 40,000 60,000 80,000 120,000 0 100,000 Blended Threats (CodeRed, Nimda, Slammer) Denial of Service (Yahoo!, eBay) Mass Mailer Viruses (Love Letter/Melissa) Zombies Polymorphic Viruses (Tequila) Malicious Code Infection Attempts * Network Intrusion Attempts ** Worldwide Attacks

6 © 2003 Symantec Corp. Page 6 Attack Sources * Top ten attack source countries account for 80% of all attacks 51% of all attacks originate in the United States Japan is 9 th most common source Source: Internet Security Threat Report, Symantec, September 2003 2%Italy10 2% Japan9 2%Netherlands8 2%Great Britain7 3%France6 4%Canada5 4%South Korea4 5%Germany3 5%China2 51%United States1 Six Months Ending June 30, 2003 Country Rankin g Highlights – Attacks

7 © 2003 Symantec Corp. Page 7 High Low 198019851990199520002005 Less Knowledge Required to Attack Intruder Knowledge Automated Tools & Attack Sophistication

8 © 2003 Symantec Corp. Page 8 10 25 30 50 60 0 10 20 30 40 50 60 70 '99'00'01'02'03 Source: Bugtraq Average number of new vulnerabilities discovered every week Software Vulnerabilities on the Rise

9 © 2003 Symantec Corp. Page 9 Vulnerability-Threat Window Vulnerability Identified Threat Released Time Threat Evolution: Day-zero Threats A day-zero threat exploits a previously unknown, and therefore unprotected vulnerability.

10 © 2003 Symantec Corp. Page 10 Vulnerability identified Threat released Time Day-zero exploit Threat released Threat Evolution: Day-zero Threats A day-zero threat exploits a previously unknown, and therefore unprotected vulnerability. Months Days Hours “Day 0” Novice Programmer Sophisticated Programmer Organized Crime/ Terrorist Organization Nation/State Threat As attacker demographics shift, we see a reduction in the vulnerability-threat window. Time Until Exploitation

11 © 2003 Symantec Corp. Page 11 Faster, More Aggressive Attacks More attacks are targeting new vulnerabilities New vulnerabilities are being exploited more quickly Faster exploitation requires better patch management policies 39% 25% 14% 10% 4% 5% 1% 0% 10% 20% 30% 40% 50% 0 to 66 to 1212 to 1818 to 2424 to 3030 to 3636 to 4242 to 48 Vulnerability Age Range (months) Percent of New Attack Targets 64% of new attacks targeted vulnerabilities less than 1 year old Trends

12 © 2003 Symantec Corp. Page 12 New Technologies and Targets Broadband 120M subscribers worldwide by 2005 SCADA Used by oil and natural gas, controls electric power and water supplies Instant Messaging/P2P Over 500M users by 2005 Wireless 484M users worldwide by 2005 Grid Computing $4.1B market by 2005 Web Services Security $4.4B market by 2006

13 © 2003 Symantec Corp. Page 13  Flash threats?  Massive worm-driven DDoS?  Critical infrastructure attacks? Regional Scope Individual PCs Individual Orgs. Sector Global Impact 20002003  1 st gen. viruses  Individual DoS  Web defacement 1990s General Threat Evolution  email worms  DDoS  Credit hacking  Blended threats  Limited Warhol threats  Worm-driven DDoS  National credit hacking  Infrastructure hacking Time

14 © 2003 Symantec Corp. Page 14 Hours Time Weeks or months Days Minutes Seconds Class II Human response: difficult/impossible Automated response: possible Early 1990sMid 1990sLate 1990s20002003 Class III Human response: impossible Automated response: unlikely Proactive blocking: possible Threat Evolution: Malicious Code Contagion Timeframe File Viruses Macro Viruses e-mail Worms Blended Threats “Warhol” Threats “Flash” Threats Class I Human response: possible

15 © 2003 Symantec Corp. Page 15 Threat ClassSensing Strategies Reactive Protection Strategies Proactive Protection Strategies Class III threats (Flash threats, Day-Zero) Class II threats (Blended threats, Warhol, Day-Zero) Class I threats (Blended threats, worms, viruses) Distributed Sensor Networks Protocol Anomaly Detection Rule and Statistical Correlation Malicious Code Protection Strategies Generic Exploit Blocking Network Intrusion Prevention Host Intrusion Prevention Only useful after initial wave Manual Fingerprints Auto Fingerprint Generation Auto Fingerprint Generation (for slower Class II threats) Adaptive Security

16 © 2003 Symantec Corp. Page 16 Faster, More Frequent Blended Threats 20% increase in blended threats New blended threats spread more quickly Protection against blended threats requires a layered, integrated approach to security Trends

17 © 2003 Symantec Corp. Page 17 New Blended Threat Targets Microsoft IIS vulnerabilities –Large installed base –Numerous severe vulnerabilities Microsoft Internet Explorer vulnerabilities –Large installed base –Easy exploitation Trends

18 © 2003 Symantec Corp. Page 18 Expanded Dangers from Blended Threats Theft of confidential information –Bugbear.B –50% increase in attacks on confidential data Remote attacks –Disguised as worm activity –Bot armies execute remote commands Trends

19 © 2003 Symantec Corp. Page 19 Information Security Solutions Today Fragmented functionality No integrated approach Lack of a cohesive security management capability Limited availability of expertise Overly complicated & not enough customization of applications Authen-tication Antivirus Firewall IntrusionDetection VulnAssess VPN Content Updates & SecurityResponse 24x7GlobalCustomerSupport AttackRecoveryServices ThreatManagement & Early Warning Honey Pot & Decoy Technology VulnMgmt PolicyMgmt Event & IncidentMgmt AccessControl & Auth IdentityMgmt Config.Mgmt CommonConsole SecurityServices

20 © 2003 Symantec Corp. Page 20 Symantec is Securing the Enterprise Proactive Control Antivirus Firewall Intrusion Detection & Prevention Intrusion Detection & Prevention VPN Content Updates & Security Response Content Updates & Security Response 24x7 Global Customer Support 24x7 Global Customer Support Vulnerability Assessment Vulnerability Assessment Threat Management & Early Warning Threat Management & Early Warning Honey Pot & Decoy Technology Honey Pot & Decoy Technology Policy Compliance Event & Incident Mgmt Event & Incident Mgmt Authentication Access Control & Authorization Access Control & Authorization Identity Mgmt Identity Mgmt Config. Mgmt Config. Mgmt Attack Recovery Services Attack Recovery Services Common Console Common Console Encryption

21 © 2003 Symantec Corp. Page 21 Early Warning –DeepSight ™ Decoy Technology –Decoy Server Vulnerability Assessment Alert Securing the Enterprise Alert – Early Warning –Awareness of new vulnerabilities and global threats Areas of Future Focus –Continue to close the gap between awareness of security issues and specific immediate action –Leverage the global reach of 100 million endpoints in 180 countries –Protect valuable assets by focusing security resources on only those threats that can take down their network

22 © 2003 Symantec Corp. Page 22 0 100,000 200,000 300,000 8/10/0310:39 am:DeepSight TMS Port 135 Alert DeepSight – Blaster Worm Timeline 8/11/037:57 pm:ThreatCon Alert of worm (TMS) 8/11/038:44 pm:Blaster Worm Alert sent (TMS) 8/11/0310:00 pm:Blaster widely seen by others IP(s) 1.5 days Early Warning All times GMT

23 © 2003 Symantec Corp. Page 23 Integrated Solutions –Client Security –Gateway Security Best-of-breed products –Host and Network Intrusion Detection & Prevention –Antivirus –Filtering –Firewall –VPN Protect Securing the Enterprise Protection –Multi-layered security at the Gateway, Server and Client Areas of Future Focus: –Stronger protection Faster speeds Prevention technologies Proactively block attacks Wireless & mobile support Client compliancy –Tighter integration with Early Warning services –Extending integrated security to all layers

24 © 2003 Symantec Corp. Page 24 Symantec Client Security Best-of-breed plus integration provides better protection for lower Total Cost of Ownership –Antivirus –Client Firewall –Intrusion Detection Future enhancements to include –Client-compliancy checking –Enhanced FW capabilities –Location awareness Protect

25 © 2003 Symantec Corp. Page 25 Intrusion Protection Solutions High speed multi-gigabit network detection –Multiple advanced detection methodologies Protocol anomaly detection, signature, behavioral, hybrids, decoy –iForce appliance option – built by Symantec & Sun Protection controls at the host, network, and decoy Interoperability with 3 rd party data collection

26 © 2003 Symantec Corp. Page 26 Symantec AV for Handhelds Corp Edition Desktop assisted solution Integrated with existing update infrastructures Comprehensive cross-platform support On-device real-time and on- demand scanning Automatic scans on memory media insertion, after synchronization On-device wireless LiveUpdate Protect

27 © 2003 Symantec Corp. Page 27 Security Response –(LiveUpdate) 7x24 customer support Professional Services Disk Recovery Respond Securing the Enterprise Respond –Trusted, timely content updates –24/7 global remediation support Areas of Future Focus –Anticipating likely exploits of vulnerabilities –Providing proactive updates that block attacks using anticipated exploits

28 © 2003 Symantec Corp. Page 28 Manage Securing the Enterprise Manage –Real-time security management to Identify and prioritize critical vulnerabilities non-compliance malicious events blended threats Areas of Future Focus –Patch management and deployment –Increased platform (OS/DB) support –Integration with HelpDesk applications –Additional correlation technologies –Significant increase in collectors ESM (Policy Compliance) Security Management –Incident Manager –Event Managers Managed Security Services

29 © 2003 Symantec Corp. Page 29 Conclusion: Optimize Control and Minimize Complexity Key process elements for an effective security program –Alert – Protect – Respond – Manage Security is too complex, need to simplify –Symantec’s security application and management integration simplifies security Increases protection Reduces total cost of ownership Provides 360 degree view of security posture Integrate our robust security content in all of our products Provide flexible, fast, expert support to our customers Deliver world-class security threat information and response

30 © 2003 Symantec Corp. Page 30

Download ppt "Simple and Complex Threats Shape the Future Linda McCarthy Executive Security Advisor November 22, 2003."

Similar presentations

1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.

1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
(n)Code Solutions Presentation on the importance of a Secure Technology Infrastructure.

(n)Code Solutions Presentation on the importance of a Secure Technology Infrastructure.
ETrust End to End Security Management Bernd Dultinger Sales Manager South CEE & Turkey.

ETrust End to End Security Management Bernd Dultinger Sales Manager South CEE & Turkey.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Security Alert: Latest Trends in Global Attacks, Sources and Impact Vince Steckler Vice President, Asia Pacific.

Security Alert: Latest Trends in Global Attacks, Sources and Impact Vince Steckler Vice President, Asia Pacific.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
© 2003, Cisco Systems, Inc. All rights reserved. 111 8426_07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Www.sophos.com Sophos anti-virus and anti-spam for business OARNET October 13, 2004.

Sophos anti-virus and anti-spam for business OARNET October 13, 2004.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Similar presentations

Ads by Google