Title: The Blooming World of Security
1The Blooming World of Security
- Rob Clyde
- Chief Technology Officer
2A G E N D A
Security attack trends Business and technology
challenges Evolving convergence Solutions to
challenges Innovations
1
2
3
4
5
3The Fast-growing Gap
- Weve reached an inflection point where the
latest threats now spread orders of magnitude
faster than our ability to respond - Winning this battle requires a new strategy for
keeping information available and secure
months
Signature Response Period
Contagion Period
days
hours
minutes
seconds
1990
Time
2005
4Top Originating Countries
Source Symantec Corporation
5Percentage Of Attacks Classified As Targeted
Source Symantec Corporation
6A G E N D A
Security attack trends Business and technology
challenges Evolving convergence Solutions to
challenges Innovations
1
2
3
4
5
7- Mitigating risk in an environment of continual
change requires a more resilient infrastructure.
8Software Vulnerabilities
- Average number of new vulnerabilities discovered
every week
60
51
51
50
50
40
30
Vulnerabilities
30
25
20
10
10
0
1999
2000
2001
2002
2003
2004
Source Symantec Corporation
9- New regulations and policies increase the
pressure on already overburdened resources.
10- Online fraud is becoming more prevalent,
increasing risk to your brand and your
bottom-line.
11Weekly Phishing Attack Growth
Source Symantec Corporation
12Top Countries By Percentage Of Bot-infected
Computers
Source Symantec Corporation
13Spam Continues to Grow and Evolve
14- Supporting a mobile workforce places exponential
strain on security and availability of assets.
15Finding the Right Balance
Its always a matter of cost, so you are talking
to the business. What do you want to spend for
that? Can we have a liner down for some
time? Volker Koenigsbuescher, SWISS
International Airlines
- How much risk can you tolerate?
- What priorities must be resolved to maintain your
risk profile? - What are the tradeoffs you accept based on the
risk you can tolerate?
16Four Dimensions of Business Risk
17A G E N D A
Security attack trends Business and technology
challenges Evolving convergence Solutions to
challenges Innovations
1
2
3
4
5
18Need for SimplificationNon-integrated point
product approaches fall short
Client
Network
19Integrated Security Protection
INTEGRATEDCLIENTS
INTEGRATEDGATEWAY
INTEGRATEDMANAGEMENT
20Integrated Security Protection
INTEGRATEDCLIENTS
INTEGRATEDCLIENTS
INTEGRATEDGATEWAY
INTEGRATEDCLIENTS
INTEGRATEDGATEWAY
INTEGRATEDMANAGEMENT
INTEGRATEDGATEWAY
INTEGRATEDCLIENTS
INTEGRATEDGATEWAY
INTEGRATEDGATEWAY
INTEGRATEDGATEWAY
INTEGRATEDMANAGEMENT
INTEGRATEDCLIENTS
21Balancing Disparate Goals
- Information securityInformation that is secure,
but not available to your people is worthless. - Information availabilityInformation your people
can get to, but that is insecure, is suspect.
And so is everything they do with it.
ManagingRisk
EnablingOpportunity
22Information Integrity
Support of day-to-day business processes and
growth
Building and maintaining information
infrastructure resilience
Restoring normal operations
Preventing and limiting damage from disruption
23A G E N D A
Security attack trends Business and technology
challenges Evolving convergence Solutions to
challenges Innovations
1
2
3
4
5
24Resilient Infrastructure ScenarioMitigating
Vulnerabilities
ACT
UNDERSTAND
SAFEGUARD
Protection Vulnerability signature deployed.
Threat blocked.
Backup Systems automatically backed up
Insights Alert
Vulnerability identified. Alert sent.
CONTROL
RESOLUTION
Policy Incident Management Problem confirmed.
Action plan developed.
Remediation Management Patch deployed. Systems
confirmed for compliance.
The result Business operations continue WITH
minimal disruption
25Enterprise Compliance Challenges
External Regulators
Enterprise
Business Partners
Consumers
Oversight and Governance
Document, Record and Report
IT Controls
Intrusion Prevention
Records Discoveryand Retrieval
Backup and Recovery
Policy Compliance
Remote Users
Incident Mgt.
Access Control
Records Retention
Sales Partners
Asset Mgt.
Remediation
Change Mgt.
Infrastructure
Network
Application
Risk Management
Business Strategy
Global Insight
Impact Assessments
Gap Analysis
Regulations
SOX
GLBA
Basel II
ISO 17799
HIPAA
NERC
PIPEDA
26Controls Compliance
Automate and sustain the measurement and
reporting of security and availability controls
compliance
Policy Compliance
Incident Management
Risk Management
Monitor and test IT controls
Correlate and prioritize events for tracking
Data/Systems Recovery
Assess impact of security availability risks
Sustain data and application availability
Remediation Mgt.
Remediate IT control gaps
Global Insight
Internet
Enterprise Servers
27Integrated Records Management for Compliance
Ensure records are protected, archived, retrieved
and deleted according to policy
Records Discovery Retrieval
Catalog and index records to enable timely and
efficient search and discovery
Records Protection
Asset Classification
Vault Server
Protect records from perimeter and host
intrusions
Classify information assets based on business
value
Internet
Backup Server
Windows Exchange Servers
Records Protection
Backup and protect records
Records Retention
Archive and delete records according to retention
policy
Data/Systems Retrieval
Recover/retrieve entire data sets or system
images to eliminate data loss
28Protection against Phishing Fraud
- Anti-spam
- Early warning to targeted organizations
29Mobile Protection Management
Consumer end-users
Enterprises
Operators
- Protect Access Points
- Find rogue access points
- Protect with gateway security
- Protect VPN connection
- Require endpoint to be compliant before allowing
connection
- Protect Mobile Endpoint
- Antivirus
- Firewall
- Intrusion Protection
- VPN
- Endpoint Compliance
- Patch management
- Areas of Need
- Devices
- handhelds
- phones
- notebooks
- Wireless LANs
30A G E N D A
Security attack trends Business and technology
challenges Evolving convergence Solutions to
challenges Innovations
1
2
3
4
5
31Innovative Approaches to Proactive Protection
Behavior Blocking
Protocol Anomaly Protection
Generic Exploit Blocking
32Behavior Blocking Email Worm Blocking
- Works on desktop computers
- Intercepts all outgoing mail sent from the
computer - Prevents programs from sending themselves (as
worms do) - Proven 95 effectiveness against email worms
33Spyware/Adware Risk
Spyware and adware exist on desktop and servers
Branch Offices
Wireless Users
Remote Users
Firewall
Internet
Mobile Clients
34Spyware and Adware Protection added to Intrusion
Protection Device
- Spyware and Adware are stopped from being
installed and keep sensitive data from being
transmitted - Systems are identified for clean-up
Branch Offices
Wireless Users
Remote Users
Firewall
Internet
Mobile Clients
35Protocol Anomaly Protection
- IdeaIntercept data streams at the gateway and
on hosts, only forwarding data that meets
accepted Internet standards.
Standard Only luggage measuring 9x14x22
inches will be allowed into the overhead
compartment.
Code Red, Slammer, and Blaster could have all
been stopped with this type of technology.
36Generic Exploit Blocking
- IdeaJust as only properly shaped keys can open
a lock, only properly shaped worms can exploit
a vulnerability.
Step 1 Characterize the shape of a new
vulnerability
Step 2 Use this shape as a signature, scan
network traffic and block anything that matches it
37Conclusion
- New era of security challenge as attacker
motivation shifts to financial gain - Reduce cost and complexity through consolidation
and integration - Manage risk to appropriate level by balancing
security and availability - Innovations enabling more proactive security
38Thank You
- Rob Clyde
- Chief Technology Officer