Patch

Upgrade

New

Version

Firewall

Rulebase

IPS

Signatures

Virus

Regulation

Worm

Subversive

Multi-Vector

Threats

Government

Sponsorship

Advanced

Persistent Threats

9/14/2010 Copyright 2010. All Rights Reserved.7

―Malicious computer code, placed

there by a foreign intelligence agency‖

―Digital Beachhead‖ that allowed the

foreign agency to suck data from the

Pentagon’s classified and

unclassified networks

―Network administrator’s worst fear‖

Cyber criminals have stolen at least

from small to mid-

sized companies across America in a

sophisticated but increasingly common

form of online banking fraud…

— Brian Krebs, Washington Post, 26 October 2009

$100 million

The City of Norfolk, Virginia is reeling

from a massive computer meltdown…

an unidentified family of malicious

code destroyed data on nearly

citywide.

— krebsonsecurity.com, February, 2010

800 computers

Hillary Machinery lost

in fraudulent transfers to cyberthieves

from their account at Plains Capital Bank.

The bank is now suing Hillary Machinery!

$801,495

— forbes.com, February, 2010

http://threatpost.com/en_us

Assuming the data is in the data center

Assuming the data is in the data center

IDC research shows

that desktops &

laptops represent the

most serious concern

for Data Loss

Prevention (DLP.)

Assuming the data is in the data center

Forgetting the value of data on mobile devices

Forgetting the value of data on mobile devices

Forgetting the value of data on mobile devices

Assuming the data is in the data center

Forgetting the value of data on mobile devices

Believing that company data never finds its way to home systems

Believing that company data never finds its way to home systems.

Assuming the data is in the data center

Forgetting the value of data on mobile devices

Believing that company data never finds its way to home systems

Treating mobile devices as desktops

Treating mobile devices as desktops

People are working — accessing

the most up-to-date information,

responding immediately to client

contacts, and taking care of many

more daily tasks — around the

clock. …..this environment has

created a new corporate

vulnerability that is likely to be

targeted by emerging threats.

– IDC

The days of the Traditional Legacy Perimeter Defense

are behind us.

Your approach to security needs to keep up.

The corporate perimeter is porous and permeable.

"Endpoint . . . solutions are now

a PRIMARY line of defense . . .‖

Charles Kolodgy

Research Director

IDC Security Products Program

The Data On The Endpoint Is The Goal

Email

Internet Video

Personal Websites

Business Websites

Social Media

Assuming the data is in the data center

Forgetting the value of data on mobile devices

Believing that company data never finds its way to home systems

Treating mobile devices as desktops

Adopting of social media without protection

Adopting Social Media Without Protection

However, aside from being a potential drain on corporate

resources, they also jeopardize the integrity of your data,

encourage employees to post potentially sensitive data

without thinking, and empower a new wave of identity theft

based on abuse of trust.

Assuming the data is in the data center

Forgetting the value of data on mobile devices

Believing that company data never finds its way to home systems

Treating mobile devices as desktops

Adopting of social media without protection

Focusing too much on Prevention

ResponseDetectionPrevention

• 95% of respondents listed the 12 items below

• 95% thought that Prevention was key

• IT Security spending follows the same mindset

Focusing on Prevention vs. Detection and Response

Alarm Motion detectorMonitoring Crime watch

Doors LocksWindows Fence

Dog GunPolice Insurance

Source: ―Data @ Risk‖ by David H. Stelzl

How They Break In:

34%

9%

23% 4%

22%

2%

Assuming the data is in the data center

Forgetting the value of data on mobile devices

Believing that company data never finds its way to home systems

Treating mobile devices as desktops

Adopting of social media without protection

Focusing on Protection versus Detection and Response

Failing to foster a culture of awareness

Unintentional Data Breaches

Hidden Columns on Excel Spreadsheets with

•Credit Card numbers

•Social Security Numbers

•PII data

Intellectual Property

Marketing Plans

Embargoed Announcements

Corporate betting pools

Education is usually the first line item cut when

there are budgetary pressures.

If you only have ONE DOLLAR to spend in security,

make sure you spend it in security awareness.

Assuming the data is in the data center

Forgetting the value of data on mobile devices

Believing that company data never finds its way to home systems

Treating mobile devices as desktops

Adopting of social media without protection

Focusing on Protection versus Detection and Response

Failing to foster a culture of awareness

Under-reporting of security breaches

Underreporting of security breaches

―According to the FBI, cybercrime

officially cost Americans almost

$560 million last year, more than

double the 2008 tally, although

experts say the true number is

undoubtedly much higher,

since many cyberattacks

go unreported.‖

— Dallas Morning News, May 2, 2010

Underreporting of security breaches

―The European Commission

claims that the cost of

cybercrime in the EU, at

€750 billion annually, vastly

exceeds drug trafficking and

is equivalent to 1% of global

GDP‖

EurActiv Network, April 28, 2010

Unable to create proper actuarial tables for cybercrime due to lack of

data

Main causes for under-reporting

•Fear of embarrassment

•Loss of public or customer confidence

•Legal Liabilities

•Jurisdictional Limitations

Albert ―Segvec‖ Gonzalez has been indicted by a federal

grand jury, along with two unnamed Russian conspirators , on

charges of hacking into Heartland Payment Systems… as well as Hannaford

Brothers, 7-Eleven and two unnamed national retailers…

[Gonzalez] and 10 others were charged in May and August 2008 with network intrusions

into TJX, OfficeMax, Dave & Busters…and other companies

wired.com, August 17, 2009

Laying the Foundation to Combat Privateers on

the High Seas of the Internet

http://cassandrasecurity.com/?p=1301

Assuming the data is in the data center

Forgetting the value of data on mobile devices

Believing that company data never finds its way to home systems

Treating mobile devices as desktops

Adopting of social media without protection

Focusing on Protection versus Detection and Response

Failing to foster a culture of awareness

Under-reporting of security breaches

Settling for compliance

Settling for Compliance

Compliance… just one step

north of negligence.— Josh Corman, The 451 Group

A perfect example of aiming for compliance is the number

of lifeboats on the Titanic.

The British Board of Trade, the regulatory agency that mandated

Titanic, required the ship to have lifeboat capacity for 1,060 people.

Unfortunately, she had a maximum capacity of 3,547, between

passengers and crew.

AFTER the Titanic sank, the regulations were changed.

That seems to be the way it always happens...

After ENRON and WorldCom, we get Sarbanes Oxley… After TJX, we get

PCI.

Assuming the data is in the data center

Forgetting the value of data on mobile devices

Believing that company data never finds its way to home systems

Treating mobile devices as desktops

Adopting of social media without protection

Focusing on Protection versus Detection and Response

Failing to foster a culture of awareness

Under-reporting of security breaches

Settling for compliance

How many times have you heard your IT team say:

only to have your expensive external audit firm come

in and deliver a scathing report that enumerates

thousands of missed items, erroneous

configurations, and process violations?

“We’re covered… We are compliant”

Assuming Everything is OK

9/14/2010 Copyright 2010. All Rights Reserved.42

Stephan Thought He Was Secure

Companies think they are secure.

But who is accessing your data?

- Number of Infections found per hour

Assuming the data is in the data center

Forgetting the value of data on mobile devices

Believing that company data never finds its way to home systems

Treating mobile devices as desktops

Adopting of social media without protection

Focusing on Protection versus Detection and Response

Failing to foster a culture of awareness

Under-reporting of security breaches

Settling for compliance

Assuming Everything is OK

―We’ve got it covered.‖

What Is The Likelihood Of An Attack?

BTW… Likelihood decreases with Detection and

Response

―We had no idea this malware was getting through.‖

Impact of Risk HighLow

Low

High

Pro

ba

bili

ty o

f Occ

urr

ence

Michael TysonPhilosopher and Pugilist

―Everyone Has a Plan… Until They Get Hit‖

When it comes to security,

1. If you didn’t go looking for it, remove it.

2. If you did go looking for it, make sure you patch it.

3. If you don’t need it, get rid of it.

Brian Krebs, April 2010

9/14/2010 Copyright 2010. All Rights Reserved.47

The Growing Malware Threat

1,600,000

1,400,000

1,200,000

1,000,000

800,000

600,000

400,000

200,000

0

1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008

30,000

3,500+

1,115

3,312,682

New threats per day

New signatures per day

Mobile Malware Signaturesas of December 2009

Total as of December 2009

9/14/201048 Copyright 2010. All Rights Reserved.

IT Spend Is Not What It Should Be

Minimal Increase In IT Security Software

Spending with Little Thought to Likelihood

Exponential Growth in Malware and Attacks

at the Endpoint

Malware growth IT spend

• A Pioneer in Fighting IT Threats for 25 Years

• Security Technology of Choice

9/14/2010 Copyright 2010. All Rights Reserved.50

Small Updates for the Best Protection and User Experience

Microsoft

Symantec

Trend Micro

CA

McAfee

Updates per Month

0 100 200 300 400 500 600 700

24

28

32

33

138

9/14/201051 Copyright 2010. All Rights Reserved.

Eset

Sophos

AVG

Symantec

McAfee

Hours

0 2 4 6 8

4 to 8 hours

4 to 6 hours

4 to 6 hours

2 to 4 hours

2 to 4 hours

< 2 hours

9/14/201052 Copyright 2010. All Rights Reserved.

9/14/201053 Copyright 2010. All Rights Reserved.

9/14/201054 Copyright 2010. All Rights Reserved.

Short Hold Times

85% of calls closed by Tier 1Dedicated Engineers

< 5 minute average answer time

Free Standard SupportEnglish, French, Spanish, Portuguese

9/14/201055 Copyright 2010. All Rights Reserved.

Test production machines

Set up evaluation

Perform a Proof of Concept

Dedicated Kaspersky Support Engineer

Kaspersky Concierge Program

9/14/2010 Copyright 2010. All Rights Reserved.57

Testing Detection and Response Capability

TAKETHE

9/14/2010 Copyright 2010. All Rights Reserved.58