RSA 2010 Francis De Souza
-
Upload
symantec -
Category
Technology
-
view
2.197 -
download
1
description
Transcript of RSA 2010 Francis De Souza
![Page 1: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/1.jpg)
Title of Presentation
Francis deSouza
Symantec
Session ID: SPO1-107
Session Classification: Intermediate
Today’s IT Attacks: An IT Security Strategy To Protect Your Assets
![Page 2: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/2.jpg)
Agenda
Sources of a Breach
Security Market Drivers
Breach Analysis
Security Strategy
2
![Page 3: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/3.jpg)
3
SecureEndpoints
A CRIME IS COMMITTED
EVERY ¼ OF A SECOND
ON THE WEB
![Page 4: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/4.jpg)
4
SecureEndpoints
1 IN 5WILL BE A VICTIM
OF CYBER CRIME
![Page 5: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/5.jpg)
5
SecureEndpoints
100%OF ENTERPRISES
HAVE
EXPERIENCED
CYBER LOSSES
![Page 6: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/6.jpg)
6
SecureEndpoints
CYBER ATTACKS COST
COMPANY’S AN
AVERAGE OF
$2 MILLION ANNUALLY
![Page 7: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/7.jpg)
7
SecureEndpoints
$75% OF ALL ENTERPRISES
HAVE EXPERIENCED
CYBER ATTACKS IN
THE PAST 12MONTHS
![Page 8: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/8.jpg)
8
SecureEndpoints
43%
OF COMPANIES
LOST CONFIDENTIAL
DATA IN 2009
![Page 9: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/9.jpg)
9
SecureEndpoints
ENTERPRISE SECURITY IS
BECOMING MORE
DIFFICULT
![Page 10: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/10.jpg)
10
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
Sources Of A Breach
TargetedAttackers
WellMeaningInsider
MaliciousInsider
![Page 11: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/11.jpg)
11
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
History of Targeted Attacks
1998|1999|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009|2010
Solar Sunrise:Attacks stealing passwords from DoD systems conducted by 2 Californian and 1 Israeli teenager
US Government:Systems in the Department of Defense, State, Commerce, Energy, and NASA all comprised and terabytes of information confirmed stolen.
January 12:Google announces they have been a victim of a targeted attack
Moonlight Maze:Attacks targeting US military secrets reported to be conducted by Russia
Titan Rain:Coordinated attacks on US government military installations and private contractors
Ghostnet:Attacks on Tibetan organizations and embassies of many EMEA countries, and NATO systems.
![Page 12: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/12.jpg)
12
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
Anatomy Of A Breach
> Incursion
> Discovery
> Capture
> Exfiltration
Anatomy Of A Breach
![Page 13: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/13.jpg)
13
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
Mass Attack vs Targeted AttackPhase Mass Attack Targeted Attack
Incursion Generic social engineeringBy-chance infection
Handcrafted and personalized methods of delivery
Discovery Typically no discovery, assumes content is in a predefined and predictable location
Examination of the infected resource, monitoring of the user to determine additional accessible resources,and network enumeration
Capture Predefined specific data or data which matches a predefined pattern such as a credit card number
Manual analysis and inspection of the data
Exfiltration Information sent to a dump site often with little protection and dump site serves as long term storage
Information sent back directly to the attacker and not stored in a known location for an extended period
![Page 14: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/14.jpg)
14
IncursionSecurity Market Drivers
Incursion
In 2009 spam accounted for 90%of all email traffic
In 2008, Symantec documented 5,471vulnerabilities, 80% of which were easily exploitable
90% of incidents wouldn’t have happened if systems were patched
In 2009 we found 47,000 active bot-infected computers per day
![Page 15: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/15.jpg)
15
DiscoverySecurity Market Drivers
Discovery
91% of records compromised in 2008 involved organized crime targeting corporate information
81% of attacked companies were non-compliant in PCI
67% of breaches were aided by insider negligence
![Page 16: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/16.jpg)
16
CaptureSecurity Market Drivers
Capture
285 million records were stolen in 2008, compared to 230 million between 2004 and 2007
Credit card detail accounts for 19% of all goods advertised on underground economy servers
IP theft costs companies $600 billion globally
![Page 17: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/17.jpg)
17
ExfiltrationSecurity Market Drivers
Exfiltration
“Hackers Targeted Source Code of More Than 30 Companies”Jan 13, Wired.com
“SS Numbers Of Californians Accidently Disclosed” Feb 9 KTLA.com
“HSBC Bank Reports Lost Client Data From Swiss Private Bank”Dec 9, Reuters
“Gov’tPosts Sensitive List of US Nuclear Sites” Associated Press
![Page 18: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/18.jpg)
18
Dissecting Hydraq
![Page 19: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/19.jpg)
19
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
Dissecting Hydraq
Hi Francis,
I met you at the Malware Conference last month. Wanted to let you know I got this great shot of you doing your presentation. I posted it here:
Attacker Breaks into the
network by delivering
targeted malware to
vulnerable systems and
employees
Incursion
![Page 20: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/20.jpg)
20
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
Dissecting Hydraq
Hacker Maps
Organizations Defenses
From the Inside and
Creates a Battle Plan
Discovery
![Page 21: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/21.jpg)
21
OrganizedCriminalOrganizedCriminal
Dissecting Hydraq
Attacker Accesses Data
on Unprotected Systems
and Installs Malware to
Secretly Acquire Crucial
Data
Capture
![Page 22: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/22.jpg)
22
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
Dissecting Hydraq
Victim
Hydraq
72.3.224.71:443Attacker
Confidential Data Sent
Back to Enemy’s “Home
Base” for Exploitation
and Fraud
Exfiltration
![Page 23: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/23.jpg)
23
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
Poorly Enforced
IT Policies
Prelude to a
Breach
Poorly EnforcedIT Policies
1
![Page 24: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/24.jpg)
24
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
Poorly Protected
InformationPrelude to a
Breach
Poorly ProtectedInformation
2
![Page 25: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/25.jpg)
25
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
Poorly Managed
Systems
Prelude to a
Breach
Poorly ManagedSystems
3
![Page 26: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/26.jpg)
26
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
Poorly Protected
InfrastructurePrelude to a
Breach
Poorly ProtectedInfrastructure
4
![Page 27: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/27.jpg)
27
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
The Challenge
2727
Develop and Enforce IT Policies
Protect The Information
Manage Systems
Protect The Infrastructure
![Page 28: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/28.jpg)
28
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
Risk Based and Policy Driven
Information - Centric
Well Managed Infrastructure
A Comprehensive Security Strategy
Is Required
IT Governance, Risk and Compliance
Information Risk Management
Infrastructure Protection and Management
![Page 29: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/29.jpg)
29
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
New Threats Require New Technologies
Protect the Infrastructure
Develop & Enforce IT Policies
Protect the Information
Manage Systems
• Reputation Based Security
• Mobile and Server Security
• Encryption
• IT Risk Management
• Compliance Process Automation
• Information-Centric Policy
• Data Ownership
• Automated Content Classification
• Content Aware Endpoint Security
• Workflow
• Application Streaming
• Portable Personalities
Integrated Security Platform
Open
Platform
Console
Unification
Security
IntelligenceDynamic
Protection
![Page 30: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/30.jpg)
30
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
Protect theInformation
Manage Systems
Develop and EnforceIT Policies
Protect theInfrastructure
> Control Compliance Suite
> Data Loss Prevention Suite
> IT Management Suite
> Symantec Protection Suite
Symantec Focuses on Meeting These Challenges
![Page 31: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/31.jpg)
31
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
Addressing Important Security Questions
> Can you enforce IT policies and remediate deficiencies?
> Do you know where your sensitive information resides?
> Can you easily manage the lifecycle of your IT assets?
> Can you improve your security posture by rationalizing
your security portfolio?
![Page 32: RSA 2010 Francis De Souza](https://reader033.fdocuments.net/reader033/viewer/2022051514/54b350ab4a7959aa2b8b457d/html5/thumbnails/32.jpg)
32
OrganizedCriminal
WellMeaningInsider
Malicious Insider
OrganizedCriminal
WellMeaningInsider
MaliciousInsider
Thank You