CYBEROAM - PowerPoint PPT Presentation

1 / 31
About This Presentation
Title:

CYBEROAM

Description:

... wrong password attempts by new vs. old employee ... based on UTQ information. Educating to Key persons having access to business critical information ... – PowerPoint PPT presentation

Number of Views:553
Avg rating:3.0/5.0
Slides: 32
Provided by: abc7285
Category:

less

Transcript and Presenter's Notes

Title: CYBEROAM


1
Changing Battleground Security Against Targeted
Low Profile Attacks
Amar Mehta Manager-International Business
Development Cyberoam
2
Presentation Sketch
Changing Battleground Shift Towards Targeted
Attacks Identity-based Heuristics The Suggested
Solution Conclusion
3
Changing Battleground
4
Evolution of the Real Battleground
  • Evolving Trends in war and the evolution to
    todays tactical battle
  • A shift from Mass Attacks to Targeted Attacks

5
Evolution of the Virtual Battleground
6
Understanding this Change
2009
7
Understanding this Change
8
Narrowing the targets Attackers Working Smart
  • Motive of the attack
  • To target Regional players and individuals to
    escape attention
  • Attacks driven by financial motives
  • To steal confidential information from specific
    companies - Identity theft
  • Who are the victims?
  • Small corporations, Key Individuals
  • What are the attack vectors?
  • Spear phishing exploiting individuals trust
  • New hybrid combinations - spy phishing

9
Narrowing the targets Attackers Working Smart
  • Examples
  • Bank Of India
  • ICICI Bank
  • ABC, XYZ
  • Do you know about them?
  • Have you heard about such small regional attacks?
  • Such Attacks Fly under the radar
  • Have a prolonged Lifespan
  • Cause significantly high financial damage to
    Victims

10
Targeted Attacker Profile
  • Insiders
  • External attackers

11
Targeted Attacker Profile - Insiders
Insiders
  • Role
  • Initiators
  • Victims
  • Conduits
  • Reasons
  • Malicious Intent - Greed
  • Disgruntled employees Vengeance
  • User Ignorance

12
Targeted Attacks by External Attackers
  • External Attackers getting insider information
  • Targeting insider victims
  • Targeting insiders as conduits

13
Why are Targeted Attacks Succeeding?
Hackers on easy street
  • Publicly available vulnerability information
  • The Toolkit business
  • Research Easy access to information from public
    and internal resources
  • Todays network scenario
  • Fluidity of the network perimeter which opens it
    to partners, customers and more
  • Employees have access to business critical
    information
  • One cannot help not being (i)n the Net

14
Why are Targeted Attacks Succeeding?
  • Traditional products inability to detect the
    threat
  • Detection of only massive or reported attacks
  • Small scale attacks cant grab media attention,
    go unnoticed, thus expanding attack life span
  • Signature-based solutions
  • Well-planned, pre-defined selected small target
    group unlike the mass attacks

15
Why are Targeted Attacks Succeeding?
  • Unable to Identify the Human Role
  • User as a
  • Victim User Ignorance, Surfing Pattern, Loose
    Security Policy, Trust, Lack of Education
  • Attacker Malicious Intent, Vengeance, Greed

16
Stopping the attackers - Identity-Based
Heuristics
17
First things first A Multi Layered Security
Approach
  • Security at the Desktop
  • Desktop Firewall
  • Host IPS
  • Anti Malware
  • Application Whitelisting
  • Do not Forget the Network
  • Firewall
  • Network Anti Malware
  • Network IPS
  • Traffic Whitelisting

18
Evolving Towards Identity-Based Heuristics
  • User identity An additional parameter to aid
    decision making
  • Who is doing what?
  • Who is the attacker?
  • Who are the likely targets?
  • Which applications are prone to attack who
    accesses them?
  • Who inside the organization is opening up the
    network? How?

Building patterns of activity profiles User
Threat Quotient
19
User Threat Quotient - UTQ
  • Calculating the UTQ
  • Rating users on susceptibility to attack
  • Nature of user activity
  • History of activity normal record access
    number and type (customer data / research
    reports/..)
  • Current status new employee, terminated , etc.
  • Analyze Who is doing What and When
  • Use of anonymous proxy
  • Downloading Hacker Tools
  • Accessing data off-hours
  • Amount of data accessed

20
Technical Preventive Measures
  • Use Network Activity coupled with user identity
    information to
  • Identify deviations from the normal acceptable
    user behavior
  • Red flag malicious activity based on UTQ
  • Context of activity repeated wrong password
    attempts by new vs. old employee
  • Get Intrusion alerts with user identity
    information
  • Correlate data, e.g. using Bayesian inference
    network
  • Use Identity as a decision parameter in security
    rules and policies

21
Use UTQ information for Soft Measures
  • Individualized education based on UTQ information
  • Educating to Key persons having access to
    business critical information
  • Educating the employees as their role evolves
    joiner, moving up, quitter

22
Conclusion
  • Threat landscape is shifting
  • Current solutions need to change
  • Need to leverage user Identity information for
    proactive control

23
Identity-based Unified Threat Management
A solution to fight against multiple attacks and
threats
24
Cyberoam Layer 8 Firewall (Patent-Pending)
25
Identity-Based Technology
26
Cyberoam Identity Based Security
Cyberoam is the only Identity-based Unified
Threat Management appliance that provides
integrated Internet security to enterprises and
educational institutions through its unique
granular user-based controls.
27
Cyberoam CRi UTM Appliance Range
  • Large Enterprises
  • CR 1500i
  • CR 1000i
  • CR 500i
  • Small to Medium Enterprises
  • CR 300i
  • CR 200i
  • CR 100ia
  • Small Offices
  • CR 50ia

28
Basic Appliance
  • Identity-based Firewall
  • VPN
  • Free SSL-VPN
  • Bandwidth Management
  • Multiple Link Management
  • On Appliance Reporting
  • Basic Anti-Spam (RBL Service)
  • 85 Tech Support 1 Year Warranty
  • Subscriptions
  • Gateway Anti-Virus Subscription (Anti-malware,
    phishing, spyware protection included)
  • Gateway Anti-spam Subscription
  • Web Application Filtering Subscription
  • Intrusion Prevention System (IPS)
  • 24 x 7 Tech Support Warranty
  • Subscription services are available on 1 Year, 2
    Year or 3 Year subscription basis

29
Cyberoam Central Console CCC Series
  • Reduces operational complexity and deployment
    time
  • Minimizes errors and lowers administration cost
    Enables the MSSPs to have different personnel for
    managing different customer deployments
  • Ease of use with view of multiple devices and
    network status at a glance

30
Cyberoam iView (Cyberoam Aggregated Reporting
Logging Software)
  • Free (Open Source) Available on Sourceforge.net
  • MSSP / Enterprise would be able to aggregate the
    reports of various customers / offices.
  • Aggregation of logs and data from multiple CR
    appliances as well as other competitor
    appliances
  • Centralized storage of reports and log data
  • Compliance-based Reporting Forensic Analysis
  • User-wise web surfing reports
  • Real-time Monitoring, Alerting and Analysis
  • Over 500 Drilldown Reports
  • Reports in HTML, MHTML, PDF, CSV formats
    Email Alerts

31
THREATS HAVE NO WAY TO HIDE NOW.
amar.mehta_at_cyberoam.com
Write a Comment
User Comments (0)
About PowerShow.com