Post on 28-Mar-2015
Know More About Threats, Risks and Regulations
Ken PappasCEO
True North Security
Prepared for:
Professional Career
Personal
Ken Pappas BIO
• Founder and CEO of True North Security• VP Marketing and Security Strategist at Top Layer Security • Security Strategist at TippingPoint • Director of Product Management at 3Com
• Acquired TippingPoint “IPS technology”
• General Manager Security Division Enterasys Networks• Acquired Security Wizards “Dragon IDS technology”• Acquired Indus River “Remote VPN technology”
• Security Clearance, Department Of Homeland Security• Computer Forensics• CISM• InfraGard, Boston Chapter sponsored by the FBI and DHS• Appearance in Wall Street Journal, Fortune, etc.• BLOG> http://secsystems.wordpress.com• Twitter> TruNorthSec
Agenda
Today’s Reality
Future Threats & Challenges
About Sourcefire
About True North Security
Today’s Reality
Security Highlights• Over 285 million records stolen in 2008 vs. 230 million between the years
2004 – 2007 with Education being the highest. • WHY?
• Who do you think will be #1 in the next two years?
• 31% more bot-infected computers per day in 2008 vs 2007
• 90% of breaches from organized crime targeting corporate information
• Cyber crime cost companies more than $650 million worldwide
• Majority of breaches caused by insider negligence
• Users blurring their social life, personal life and work life with regards to Internet Usage
www.idtheftcenter.org
Haiti Relief email
IRS Form W2 Spoof contains malware
Mortgage Fraud
Pop up Anti-Virus Advertisement contains virus
H1N1 email alert contains malware
FDIC email stating bank merger or that your bank is a failed bank. Click here? Get a surprise
2010 Census by emailSURPRISE the Census bureau does not use email
Recent Scams
Intruder Knowledge
High
Low
1980 1985 1990 1995 2000+
Attack Sophistication
Attack
Sophistication
Cross site scripting
password guessing
self-replicating code
password cracking
exploiting known vulnerabilities
disabling audits
back doors
hijacking
sessions
sweepers
sniffers
packet spoofing
GUIautomated probes/scans
denial of service
www attacks
“stealth” / advanced scanning techniques
burglaries
network mgmt. diagnostics
distributed
attack tools
Staged
Auto Coordinated
Source: Carnegie Mellon University
Motivation
Recession
Social Media Sites
Younger/Older generation using computers
Availability of Sophisticated tools
Trickery & Foolery
What’s Causing Rise In Cyber Crime
Increase in specialized threatsToolkits used to create virus attacks, making specialization of participants a lucrative shadow economy.
Sophistication of high end threats is evolving rapidly
Targeted threats attack specific companies, persons and systems.
Blended threats becoming more common
Carefully targeted attack may go unnoticed for an undetermined amount of time.
“Zero Hour” Threats Rising
Harnessing The Power of BotnetsSource: Symantec
Industrial Espionage Targeted Attacks
Source: MessageLabs Intelligence
60% of recipients were of a high or medium-level ranking
42%of recipients of targeted
attacks were sent to high ranking individuals
42%of recipients of targeted
attacks were sent to high ranking individuals
18%of recipients were of
medium-level seniority
18%of recipients were of
medium-level seniority
5%of recipients were of a lower-ranking security
5%of recipients were of a lower-ranking security
19%of targeted attacks were
directed at general mailboxes such as
“info@”
19%of targeted attacks were
directed at general mailboxes such as
“info@”
Individually Targeted Attacks
Blocked Per Day (Average)
Source: Symantec
Targeted Trojans
Targeted trojans are specialized pieces of
malware written to extract high value information from
known subjects.
Targeted trojans are specialized pieces of
malware written to extract high value information from
known subjects.Source:
http://www.nypost.com/p/news/business/
hackers_targeting_UquyMBhuVAyl6wAn413lGJ
Targeted Trojans
Source: MessageLabs Intelligence
22005
PER WEEK
12006
PER DAY AVG
102007
PER DAY AVG
502008
PER DAY AVG
602009
PER DAY AVG357
RecentPeaks
PER DAY
Frequency:
Payload:
Source: Symantec
Website Security Trends
Source: MessageLabs Intelligence
New sites with malware in 2009:
2,465/day
New sites with malware in 2009:
2,465/day
Unique domains hosting malware:
30,000
Unique domains hosting malware:
30,000
Source: Symantec
Web 2.0
Multitude of Threat Vectors
Social Media• Facebook, MySpace, Linkedin
Rogue 3rd Party Apps
Tiny URL’s
Translations
RogueWare
No Industry Is Being Left Behind
• Financial
• Heartland• Retail
• Hannaford's• Education
• Harvard University• Oklahoma State University
• Medical
• Department of Veterans• Cedars-Sinai Medical Center
• Government
• North Korea Attacks American Networks• China hacking into NASA• Israel Attacking Iran
The cyber warfare HAS
begun!
Space Programs
USA RUSSIA
Easy Availability of Exploit Tools
Multitude of Regulations
• PCI (Payment Card Industry)
• GLBA (Gramm-Leach Bliley Act)
• HIPAA (Health Insurance Portability and Accountability Act)
• FISMA (Federal Information Security Management Act)
• HITECH
• MA 201 CMR 17
• NERC
Perimeter Protection Is Not Enough
Communications between machines inside the corporate LAN and between choke-points are not filtered or protected by a perimeter firewall in front of each machine.
Servers in the DMZ, Kiosks, workstations used by temporary employees, and other “hot spots”
• Mobile users are becoming the back door to the house• Telecommuters are becoming more popular, more risks being brought inside
FTP-21
HTTP-80
Sub 7-6776
Quake-26000
SMTP-25
From: 66.121.11.7
To: 115.13.73.1
Historical Firewall Configuration
HTTP-80
FTP-21
SMTP-25
BackOrifice-31337
Today’s Firewall Configurations
The Complacency of Fools Will Destroy Us
Future Threats & Challenges
IT resources and services that are abstracted from the underlying infrastructure and provided “On-Demand” and “At
Scale” in a multi-tenant environment
CLOUD COMPUTING
Next Inflection Point
Where does your data go when the cloud blows awayWhen data is breached, who will be at fault?
Waiting for first court battle
Looks like, feels like SNA?Make sure you have a solid SLA!
Clouds Blow Away
Next Generation Threats
Next Generation Threats Will Use Stealth Methods vs. Today’s Threats• User Error will be the way of malware• Information Leakage due to negligence and theft• Domestic and International Terrorist stealing company technology and secrets
New Methods Will Evolve to Adapt to User Behavior• Tempt-to-Click Email• Tempt-to-Click IM• False pop-ups
New Computing Environments and Applications will be targets• VoIP• Cloud Computing• SaaS (Software as a Service)• Social Media
Protection Will Require Education And Technology
Protect Dysfunctional Users Against Themselves
How Do We Best Protect Ourselves and Our Data
What Companies Are Thinking About
Virtualizing
Security
Securing
Virtualization
SANS Recommends - Deploy IPS
Strategies To Defeat Threats
Anti-Virus Updates
Deploy an IPS Today!• IPS Filters Turned on and Updated
Encrypt Hard Drive Data
Operating System Security Updates
Educate Users
Institute Company Wide Security Policy
Implement Defense In Depth• IPS, Anti-Virus, Encryption, Multiple Passwords, Other
There is no silver bullet
About Sourcefire
Stop Threats and Start Partying!
.
.
..
....
.. .
...
..
.
.. .
.
.
.
.
About Sourcefire
Founded in 2001 by Snort Creator, Martin Roesch, CTO
Headquarters: Columbia, MD
Fastest-growing IPS vendor
Global Security Alliance partner network
NASDAQ: FIRE
Open Source Community
+Sourcefire Development
Best of Both Worlds
Mission:
To deliver intelligent security infrastructure for the most efficient, effective risk management.
Powered by Snort
• 270,000 Users• 3.7 Million Downloads• 80% of Fortune 500• 40% of Global 2000• 100+ Snort Integrators• 9,000+ Snort Rules• World’s Largest Threat Response Community
Most Widely Used IPS Engine Worldwide
Problems With a Traditional IPS
Traditional IPS
ClosedArchitecture
ClosedArchitecture
Exploit-Based
Exploit-Based
None orLimitedNone orLimited
ManualOperation
ManualOperation
ArchitectureArchitecture
OperationOperation
IntelligenceIntelligence
AccuracyAccuracy
A New Approach
Traditional IPS
ClosedArchitecture
ClosedArchitecture
Exploit-Based
Exploit-Based
None orLimitedNone orLimited
ManualOperation
ManualOperation
ArchitectureArchitecture
OperationOperation
IntelligenceIntelligence
AccuracyAccuracy
Open Rules& IPS EngineOpen Rules
& IPS Engine
Vulnerability-
Based
Vulnerability-
Based
Real-time,All-the-timeReal-time,
All-the-time
Highly Automated
Highly Automated
Sourcefire IPS
Backed by Sourcefire Vulnerability Research Team VRT
Comprehensive Protection
Private &PublicThreatFeeds
SnortCommunity
Insight
300 NewThreats
per Month
20,000MalwareSamplesper Day
VRT Research & Analysis
VRT LAB
>150 millionperformance ®ression tests
1000s ofsoftwarepackages
100s ofhardwareplatforms
Advanced Microsoft Disclosure
Unrivalled Protection Against Advanced Persistent Threats
Best-in-Class Detection
Based on Snort—de facto IPS standardVulnerability-based, zero-day protectionOpen architectureFlexible custom rulesRanked #1 in detection by NSS Labs*
* “Network Intrusion Prevention Systems Comparative Test Results,” December 2009. Comparison using a tuned policy.
NSS Labs Group IPS TestBlock Rate Comparison
Source: Graphic used with permission by NSS Labs. “Network Intrusion Prevention Systems Comparative Test Results,” December 2009.
Sourcefire Appliance Product Lines
Sourcefire Defense Center®
Sourcefire 3D®
Sensor
DC1000
DC3000
PERFORMANCE
DC500
3D5005 Mbps
3D100045 Mbps
3D2000 100 Mbps
3D2100 250 Mbps
3D2500 500 Mbps
3D35001 Gbps
3D65004 Gbps
3D45002 Gbps
3D9900 10 Gbps
VMware Virtual AppliancesVirtual Defense Center™Virtual 3D Sensor™
Why Sourcefire?
Powered by SnortDriven by IntelligenceBest-in-Class DetectionOpen ArchitectureHighly Automated
Stop Doing Things the “Old” Way!Leverage the Only “Intelligent” IPS.
True North Security
Vulnerability Audits
Create / Enhance Security Policies
Network & Data Protection Solutions
Security Awareness Training
PCI Compliance
Video Monitoring and Surveillance Solutions
kenpappas@truenorthsecurity.com
978.846.1175
Summary
Cyber security attacks are common and costlyAttackers are sophisticated, well-financed and highly motivatedYou have limited IT resourcesTraditional security products can’t keep up
“Not knowing what’s on your network is going to continue
to be the biggest problem for most security practitioners.”
Marcus RanumCSO Magazine
Thank You
Ken PappasCEO
True North Security
Prepared for:
kenpappas@truenorthsecurity.com