The Blooming World of Security

1
The Blooming World of Security

• Rob Clyde
• Chief Technology Officer

2
A G E N D A
Security attack trends Business and technology
challenges Evolving convergence Solutions to
challenges Innovations
1
2
3
4
5
3
The Fast-growing Gap

• Weve reached an inflection point where the
  latest threats now spread orders of magnitude
  faster than our ability to respond
• Winning this battle requires a new strategy for
  keeping information available and secure

months
Signature Response Period
Contagion Period
days
hours
minutes
seconds
1990
Time
2005
4
Top Originating Countries
Source Symantec Corporation
5
Percentage Of Attacks Classified As Targeted
Source Symantec Corporation
6
A G E N D A
Security attack trends Business and technology
challenges Evolving convergence Solutions to
challenges Innovations
1
2
3
4
5
7

• Mitigating risk in an environment of continual
  change requires a more resilient infrastructure.

8
Software Vulnerabilities

• Average number of new vulnerabilities discovered
  every week

60
51
51
50
50
40
30
Vulnerabilities
30
25
20
10
10
0
1999
2000
2001
2002
2003
2004
Source Symantec Corporation
9

• New regulations and policies increase the
  pressure on already overburdened resources.

10

• Online fraud is becoming more prevalent,
  increasing risk to your brand and your
  bottom-line.

11
Weekly Phishing Attack Growth
Source Symantec Corporation
12
Top Countries By Percentage Of Bot-infected
Computers
Source Symantec Corporation
13
Spam Continues to Grow and Evolve
14

• Supporting a mobile workforce places exponential
  strain on security and availability of assets.

15
Finding the Right Balance
Its always a matter of cost, so you are talking
to the business. What do you want to spend for
that? Can we have a liner down for some
time? Volker Koenigsbuescher, SWISS
International Airlines

• How much risk can you tolerate?
• What priorities must be resolved to maintain your
  risk profile?
• What are the tradeoffs you accept based on the
  risk you can tolerate?

16
Four Dimensions of Business Risk
17
A G E N D A
Security attack trends Business and technology
challenges Evolving convergence Solutions to
challenges Innovations
1
2
3
4
5
18
Need for SimplificationNon-integrated point
product approaches fall short
Client
Network
19
Integrated Security Protection
INTEGRATEDCLIENTS
INTEGRATEDGATEWAY
INTEGRATEDMANAGEMENT
20
Integrated Security Protection
INTEGRATEDCLIENTS
INTEGRATEDCLIENTS
INTEGRATEDGATEWAY
INTEGRATEDCLIENTS
INTEGRATEDGATEWAY
INTEGRATEDMANAGEMENT
INTEGRATEDGATEWAY
INTEGRATEDCLIENTS
INTEGRATEDGATEWAY
INTEGRATEDGATEWAY
INTEGRATEDGATEWAY
INTEGRATEDMANAGEMENT
INTEGRATEDCLIENTS
21
Balancing Disparate Goals

• Information securityInformation that is secure,
  but not available to your people is worthless.
• Information availabilityInformation your people
  can get to, but that is insecure, is suspect.
  And so is everything they do with it.

ManagingRisk
EnablingOpportunity
22
Information Integrity
Support of day-to-day business processes and
growth
Building and maintaining information
infrastructure resilience
Restoring normal operations
Preventing and limiting damage from disruption
23
A G E N D A
Security attack trends Business and technology
challenges Evolving convergence Solutions to
challenges Innovations
1
2
3
4
5
24
Resilient Infrastructure ScenarioMitigating
Vulnerabilities
ACT
UNDERSTAND
SAFEGUARD
Protection Vulnerability signature deployed.
Threat blocked.

Backup Systems automatically backed up
Insights Alert
Vulnerability identified. Alert sent.
CONTROL
RESOLUTION
Policy Incident Management Problem confirmed.
Action plan developed.
Remediation Management Patch deployed. Systems
confirmed for compliance.
The result Business operations continue WITH
minimal disruption
25
Enterprise Compliance Challenges
External Regulators
Enterprise
Business Partners
Consumers
Oversight and Governance
Document, Record and Report
IT Controls
Intrusion Prevention
Records Discoveryand Retrieval
Backup and Recovery
Policy Compliance
Remote Users
Incident Mgt.
Access Control
Records Retention
Sales Partners
Asset Mgt.
Remediation
Change Mgt.
Infrastructure
Network
Application
Risk Management
Business Strategy
Global Insight
Impact Assessments
Gap Analysis
Regulations
SOX
GLBA
Basel II
ISO 17799
HIPAA
NERC
PIPEDA
26
Controls Compliance
Automate and sustain the measurement and
reporting of security and availability controls
compliance
Policy Compliance
Incident Management
Risk Management
Monitor and test IT controls
Correlate and prioritize events for tracking
Data/Systems Recovery
Assess impact of security availability risks
Sustain data and application availability
Remediation Mgt.
Remediate IT control gaps
Global Insight
Internet
Enterprise Servers
27
Integrated Records Management for Compliance
Ensure records are protected, archived, retrieved
and deleted according to policy
Records Discovery Retrieval
Catalog and index records to enable timely and
efficient search and discovery
Records Protection
Asset Classification
Vault Server
Protect records from perimeter and host
intrusions
Classify information assets based on business
value
Internet
Backup Server
Windows Exchange Servers
Records Protection
Backup and protect records
Records Retention
Archive and delete records according to retention
policy
Data/Systems Retrieval
Recover/retrieve entire data sets or system
images to eliminate data loss
28
Protection against Phishing Fraud

• Anti-spam
• Early warning to targeted organizations

29
Mobile Protection Management
Consumer end-users
Enterprises
Operators

• Protect Access Points
• Find rogue access points
• Protect with gateway security
• Protect VPN connection
• Require endpoint to be compliant before allowing
  connection

• Protect Mobile Endpoint
• Antivirus
• Firewall
• Intrusion Protection
• VPN
• Endpoint Compliance
• Patch management

• Areas of Need
• Devices
• handhelds
• phones
• notebooks
• Wireless LANs

30
A G E N D A
Security attack trends Business and technology
challenges Evolving convergence Solutions to
challenges Innovations
1
2
3
4
5
31
Innovative Approaches to Proactive Protection
Behavior Blocking
Protocol Anomaly Protection
Generic Exploit Blocking
32
Behavior Blocking Email Worm Blocking

• Works on desktop computers
• Intercepts all outgoing mail sent from the
  computer
• Prevents programs from sending themselves (as
  worms do)
• Proven 95 effectiveness against email worms

33
Spyware/Adware Risk
Spyware and adware exist on desktop and servers
Branch Offices
Wireless Users
Remote Users
Firewall
Internet
Mobile Clients
34
Spyware and Adware Protection added to Intrusion
Protection Device

• Spyware and Adware are stopped from being
  installed and keep sensitive data from being
  transmitted
• Systems are identified for clean-up

Branch Offices
Wireless Users
Remote Users
Firewall
Internet
Mobile Clients
35
Protocol Anomaly Protection

• IdeaIntercept data streams at the gateway and
  on hosts, only forwarding data that meets
  accepted Internet standards.

Standard Only luggage measuring 9x14x22
inches will be allowed into the overhead
compartment.
Code Red, Slammer, and Blaster could have all
been stopped with this type of technology.
36
Generic Exploit Blocking

• IdeaJust as only properly shaped keys can open
  a lock, only properly shaped worms can exploit
  a vulnerability.

Step 1 Characterize the shape of a new
vulnerability
Step 2 Use this shape as a signature, scan
network traffic and block anything that matches it
37
Conclusion

• New era of security challenge as attacker
  motivation shifts to financial gain
• Reduce cost and complexity through consolidation
  and integration
• Manage risk to appropriate level by balancing
  security and availability
• Innovations enabling more proactive security

38
Thank You

• Rob Clyde
• Chief Technology Officer