The evolving security threat - PowerPoint PPT Presentation

1 / 33
About This Presentation
Title:

The evolving security threat

Description:

Confidential. 9/3/09. The evolving security threat. Jack Sebbag ... Detect & Block threats in real-time. Minimize & Avoid attack-related costs ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 34
Provided by: bobe154
Category:

less

Transcript and Presenter's Notes

Title: The evolving security threat


1
The evolving security threat
  • Jack Sebbag
  • Canadian General Manager and Vice-President

2
The Escalating Threat
  • Security threats in global business have become
    a board room issue
  • The consequences of networkdowntime caused by
    security issues have become financially
    significant

3
Major Business Case is Avoiding Downtime
4
  • Virus Count

Source McAfees VirusScan statistics
5
The Good old days
  • New Virus infects a company
  • Sample sent to lab
  • New Driver written
  • Customer gets fix
  • All customer updated
  • Maybe virus spreads
  • over next weeks/months

6
Today
  • Virus infects globally within hours
  • Sample sent to lab (30min)
  • New Driver written (1hr)
  • Customer deploys
  • update (hours/days)
  • Too late

7
The Speed Of Attacks Accelerates
  • SQL Slammer
  • Blended threat exploits known vulnerability
  • Global in 3 minutes
  • Enterprises scramble to restore business
    availability
  • Discovered 1/25/03

8
Propagation Explosion
Population Increase
7/17/01 9/18/01 12/04/01 1/25/03 8/11/03
Source IDC 2002
9
Market Drivers
Vulnerability Window
Time needed to deploy counter measures (in hrs)
10
The Window Of Vulnerability
  • A combination of
  • The SPEED of attack
  • The BLENDED attack mechanism
  • The EVOLVING network environment
  • Reducing the window of vulnerability
  • Proactively reduce the speed of attack
  • Proactively reduce the chance of attack success
  • Proactively reduce the exposure to attack

11
Security vulnerabilities widespread
  • Typically a flaw in software
  • Allows things to happen outside the defined rules
  • Microsoft posted over 70 last year!!!
  • MS01-020 all time 1 IE Flaw
  • MS03-026 DCOM/RPC flaw
  • MS03-032 Another future favourite ??
  • Its not just Microsoft
  • Redhat has had MORE security fixes in 2003 than
    MS !
  • Apache overflows are exploitable
  • Sendmail is far more insecure than Exchange !

12
Security vulnerabilities widespread
  • 50 of 2002s top threats used vulnerabilities
  • All of 2003s major threats have used
    vulnerabilities
  • Time for authors to utilise them is decreasing
  • Vulnerability ? exploit ? worms in less than 30
    days
  • Patches cannot be applied easily
  • Admins dont have visibility on where to deploy
    them
  • Admins need time to evaluate patch stability
  • Admins need to plan execute deployment

13
Threats are Changing Too
  • Laptops WLAN listeners
  • Airports
  • 802.11b offices
  • Bluetooth on the bus
  • Access to contact list

14
Damage costs are escalating
15
The Response Increased Security Spending
Source CIO Magazine
16
SPAM threat or nuisance?
  • Gartner Spam messages cost US organizations 1
    billion a year in lost productivity.
  • Aberdeen The percentage of spam jamming
    corporate networks is expected to climb from 25
    in 2002 to 50 in 2003.
  • Raises Legal Concerns (e.g. Pornographic spam)
  • 27 of Fortune 500 organizations have defended
    themselves against claims of sexual harassment
    stemming from inappropriate email. The e-policy
    handbook, Nancy Flynn
  • New delivery mechanism for trojans and viruses
    we have already seen Backdoors distributed via
    spam

17
  • Spam counts

Source Brightmail probe network
18
How do we protect ourselves
  • In depth Security Strategy

19
The Window Of Vulnerability
Fix Posted
AVERT
CUSTOMER
Window of Vulnerability
Time
3 Months
6 Months
3 Hours
6 Hours
3 Days
0 Virus Discovered
20
Proactive Defence Impact On The Window
Before Virus (Proactive)
After Virus (Reactive)
Solution
Time
3 Months
6 Months
3 Hours
6 Hours
0 Virus Discovered
3 Days
21
Comprehensive AV Strategy
But AV is no longer enough
22
Management McAfee ePO
  • One Console For Your Security Needs
  • A single, powerful easy to use interface for both
    the
  • AV products AND security products
  • Policy Enforcement Control
  • Like AV, you need to be sure you are secure
  • Powerful admin template feature for fast adoption
  • Effective Maintenance And Visibility
  • ePOs reporting capabilities allow you to see, at
    a glance, who is at risk, and who is secure.

23
ePO 3.0 New Reports
  • a

24
Vulnerability Assessment Tools ThreatScan find
unmanaged PCs
  • Vulnerability Assessment by
  • IP Range
  • IP List
  • Previous found PCs
  • Subnet

25
ThreatScan (Vulnerability Assessment)
  • Provides visibility to everything on your network
  • Finds non ePO managed devices
  • Lists devices by OS and SP levels
  • Provides auditing on open shares, ports
    services
  • Detects and advises on virus related
    vulnerabilities
  • OS
  • Application
  • Virus created

26
Desktop Firewall
  • Traditionally used for remote users to protect
    against hackers
  • Required today on all devices as part of your
    anti-virus defence
  • Stop malicious code and attacks
  • How?
  • Only allow your specified traffic on the network
  • Firewall prevents undefined applications from
    connecting
  • Bi-directional IDS stops malicious code
    spreading
  • to other PCs

27
ConsiderIntrusion Prevention
  • Detect Block threats in real-time
  • Minimize Avoid attack-related costs
  • Data recovery costs, productivity loss and
    potential loss of revenue/service
  • Reduce costs, time in incident response and
    forensic analysis
  • Analysts focus on fewer, meaningful incidents
  • Shift focus to pro-active steps including
    vulnerability remediation and expanded blocking

Source Giga Group Total Economic Impact study
for IntruShield appliances May 2003
28
End-Goal - Protection-in-Depth
  • Reliably STOP
  • Known Unknown attacks
  • on your Information Technology infrastructure

UnknownAttacks
KnownAttacks
Denial-of-Service Attacks
29
End-Goal - Protection-in-Depth
  • Best of Breed Intrusion Prevention to
  • Reliably STOP Known Unknown attacks
  • on your Information Technology infrastructure

30
SpamKiller
  • Rules Based - 750 processed rules that produce a
    weighted score based on view of header, body,
    structure, routing
  • Customizable threshold
  • Default 5 points
  • Heuristic Analysis
  • Engine is looking for email it doesnt know is
    SPAM
  • Probability scoring based on view of view of
    header, body, checksum, etc.
  • Black List / White List
  • Personal
  • Global
  • Content filtering

31
McAfee Protection-in-Depth Strategy
McAfee SystemProtection Solutions
McAfee NetworkProtection Solutions
Sniffer Portable McAfee IntruShieldTM nPOTM
Solution Magic Service Desk
McAfee VirusScan McAfee Desktop
Firewall McAfee ePolicy Orchestrator Magic
Service Desk
McAfee SpamKillerTM McAfee WebShield McAfee
GroupShield McAfee Entercept
Sniffer Network Protection Platform McAfee
IntruShieldTM InfiniStreamTM Forensics
32
The Network Associates Objective
Reliably stop known unknown Attacks on your
Information Technology Infrastructure
33
Q A
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "The evolving security threat" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!