1

Key Strategies for the Challenges that Lie Ahead

Agenda

2

1 how the shift in motivations has impacted today’s threat landscape

2 why preventative

techniques alone can no longer ensure a secure

environment

3 which strategies need to be considered for a

holistic approach to security

4 next steps can you take towards identifying your best strategies against

cyber-attacks

They Just Need to Be Effective Once. Any Time.

3

You Must Be Right and Fast All The Time.

4

Motivations Have Shifted & Converged

5

Motivations Have Shifted & Converged

6

CYBER- ESPIONAGE

CYBER- MANIPULATION

CYBER- CRIME

CYBER- WARFARE

HACK- TIVISM CYBER-

TERRORISM

CYBER- MERCERNARY

Sources: National Institute of Standards and Technology | Trend Micro, June 2013 | Peter Singer and Allan Friedman of the Brookings Institution

Targeted Attacks are More Pervasive, But Not Always Persistent

9

1

Exponential Threats Every second… new pieces

of malware discovered

new threats targeting SMBs

Emboldened Attackers NIST’s De�nition of APT:

ü  “It pursues its objectives repeatedly over an extended period of time”

ü  “It adapts to defenders’ efforts to resist it”

ü  “It is determined to maintain the level of interaction needed to execute its objectives”

7

49% are effective in

detecting APTs

44% are effective in

containing APTs

39% are effective in

preventing APTs

Customers Are Not Staying Ahead of The Attacks

APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013

8

Security Pros, Execs & The Board Know There’s a Problem, Just Not How To Solve It

9 APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013

are the most used solutions to address APTs according to recent surveys by ICASA and Ponemon AV & FW / IDS

96% security practitioners are

at least somewhat familiar with APTs

53% security practitioners do not believe APTs differ from traditional threats

13% non-IT execs are

fully aware of APTs and their impact

72% evade

detection by IDS

76% evade

prevention by AV

56% evade detection or

containment by endpoint -based sandboxes

Exploits and Malware Evolve and Evade Current Solutions

State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013

“While these controls are pro�cient for defending against traditional attacks, they are probably not as suited for preventing APTs” -- ICASA

10

Let’s Stop The Insanity

11

Stop Reacting So-called “best-of-breed” solutions are failing to stop sophisticated cyber-attackers, and the latest "magic box” is not going to outsmart them

Start Thinking Deeply & Acting Broadly ü  Analyze our risks:

who will attack us, why & where?

ü  Assess our investments: are we measuring their success?

ü  Craft a multi-tiered strategy

Predictive Defense & Prevention

Reduce the risk of security breaches by:

ü  Reducing the attack surface

ü  Layering threat protection 12

Implement The “Least Privilege” Principle

13

Systems may be exploited via phishing user credentials or software vulnerabilities

But ultimately, what enables the breach is by

exploiting trust

SMBs Become The New Trojan Horse In A Supply Chain Attack

14

Why storm the castle walls, when you can be invited in.

36% of targeted attacks impact

SMBs as of 1H2012; 2x more than in 2011

Source: Symantec

15

75% used apps with a

known vulnerability but without a viable patch

64% used apps with a known

vulnerability and hadn’t deployed a

viable patch 65% hadn’t deployed

viable patches due to the cost of

downtime

Best Practices Aren’t Always Practical and They’re Never Enough

52% believed patching effectively stopped most opportunistic

attacks

31% believed patching effectively stopped

most targeted attacks

APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013

15

16

Implement Security Enforcement On and Off Network

52% say you can’t solely

protect networks against adv. malware, must also

protect endpoints

Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013

17

Implement Security Enforcement On and Off Network

51% use endpoint-

based sandboxing technologies

52% report that its dif�cult to

manage 43% report that it negatively affects UX

Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013

18

Implement Security Enforcement On and Off Network

Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013

Quick Detection & Containment

Reduce the impact of security breaches by:

ü  Obtaining coverage and visibility ü  Monitoring network activity ü  Sharing security intelligence

Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013

65% believe you can’t prevent

adv. malware from infecting networks & devices; focus

more on detection vs. prevention

19

Obtain Coverage & Visibility

20

Get an eye in the sky to see everything that accesses your data and infrastructure

Monitor Network Activity

21

Establish a baseline to detect anomalous patterns

Share Security Intelligence

22

Forewarned is Forearmed

Proactive Education & Complication

Increase the effort required to breach security by:

ü  Raising security awareness

ü  Employing mitigation methods

Raise Security Awareness

24

Employ Mitigation Methods

Confusing attackers, may keep less determined

attackers at bay

25

Realign Your Security Investments

26

7.  Have you taken measures to reduce your overall attack surface?

8.  Have you applied consistently high security standards throughout your organization?

9.  Do you have visibility into cloud and DNS activity that could affect your network, your system, your data?

10. Have you made suf�cient investments in education and training among your employees and partners?

11. Based on your assessments of the above, which tactics/techniques would be most likely to minimize and/or mitigate the impact of an attack?

“Before we know about any new virus, somebody has to be a sacri�cial lamb and die and tell us about it. It's an awful way of doing things.” -- CTO of McAfee’s Endpoint Solution Division

1.  Given the nature of your organization, why would you be attacked?

2.  Which of your assets align to attacker motives?

3.  Where are the vulnerabilities among your assets, supply chain vendors, partners, services providers and customers?

4.  How secure are your assets in the cloud or on the devices your employees use?

5.  How might these vulnerabilities be exploited?

6.  What preventive tactics are currently in place and how effective are they?

Enterprise Threat Protection.

Unlike Any Other.

27

The World’s Leader for Cloud-Delivered Network Security

FFuullllyy--SSttaaffffeedd SSeeccuurriittyy RReesseeaarrcchh TTeeaamm DDeecceemmbbeerr 22001122

NNeettwwoorrkk SSeeccuurriittyy BBeeyyoonndd tthhee PPeerriimmeetteerr NNoovveemmbbeerr 22001122

SSeeccuurreess OOvveerr 5500MM DDaaiillyy--AAccttiivvee UUsseerrss MMaayy 22001122

PPaarrttnneerrss wwiitthh TThhrreeaatt FFeeeedd PPrroovviiddeerrss SSeepptteemmbbeerr 22000099

WWoorrlldd’’ss LLaarrggeesstt IInntteerrnneett SSeeccuurriittyy NNeettwwoorrkk JJuullyy 22000066

we're

FFiirrsstt AAnnttii--PPhhiisshhiinngg CClleeaarriinngghhoouussee OOccttoobbeerr 22000066

DDaattaa AAnnaallyyttiiccss PPrreeddiicctt TThhrreeaattss FFeebbrruuaarryy 22001133

TThhrreeaatt PPrrootteeccttiioonn BBeeyyoonndd DDNNSS JJuullyy 22001133

EEmmppllooyyeeeess

160+ Across San Francisco & Vancouver

IInnvveessttoorrss

Greylock Sequoia

Sutter Hill

10,000+ Businesses

CCuussttoommeerrss

28

29 ASIA-PACIFIC EUROPE, MIDDLE EAST & AFRICA AMERICAS

Acquires data from

2% of the Internet

1M+ events per second

50M+ daily-active users

160+ countries

22 data centers (and more coming)

30

• any port

Connect with con�dence. Anywhere. Anytime. On any device.

Every day, we block

80M+ security events over

• any protocol • any app

Predictive security. Panoramic visibility. Enforcement everywhere.

Service Security Graph Umbrella

Platform intelligence enforcement

Purpose predict threats

before they happen using big data analytics

prevents infections or contains breaches

on or beyond the network

Manageability

0: net new latency 100%: global network uptime

<30min: to complete provisioning <1min: to update actionable intelligence

0: maintenance required to keep up to date

Service Security Graph Umbrella

Platform intelligence enforcement

Purpose predict threats

before they happen using big data analytics

prevents infections or contains breaches

on or beyond the network

Service Security Graph

Platform intelligence

Purpose predict threats

before they happen using big data analytics

31

32

Them: Catch up.

Them Us

network-centric cloud-centric

ponderous nimble

reactive proactive

need evidence see patterns

fragmented holistic

Us: Evolve.

OpenDNS

• Leverage the World’s largest Internet security network to block threats no other vendor covers.

• Set up our free, instant trial in under 30 minutes.

Connect with con�dence.

33