1 / 44

Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security

Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security. Prepared for:. Founder and CEO of True North Security VP Marketing and Security Strategist at Top Layer Security Security Strategist at TippingPoint Director of Product Management at 3Com

bayle
Download Presentation

Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Know More About Threats, Risks and RegulationsKen PappasCEOTrue North Security Prepared for:

  2. Founder and CEO of True North Security VP Marketing and Security Strategist at Top Layer Security Security Strategist at TippingPoint Director of Product Management at 3Com Acquired TippingPoint “IPS technology” General Manager Security Division Enterasys Networks Acquired Security Wizards “Dragon IDS technology” Acquired Indus River “Remote VPN technology” Security Clearance, Department Of Homeland Security Computer Forensics CISM InfraGard, Boston Chapter sponsored by the FBI and DHS Appearance in Wall Street Journal, Fortune, etc. BLOG> http://secsystems.wordpress.com Twitter> TruNorthSec Ken Pappas BIO Professional Career Personal

  3. Today’s Reality Future Threats & Challenges About Sourcefire About True North Security Agenda

  4. Today’s Reality

  5. Over 285 million records stolen in 2008 vs. 230 million between the years 2004 – 2007 with Education being the highest. WHY? Who do you think will be #1 in the next two years? 31% more bot-infected computers per day in 2008 vs 2007 90% of breaches from organized crime targeting corporate information Cyber crime cost companies more than $650 million worldwide Majority of breaches caused by insider negligence Users blurring their social life, personal life and work life with regards to Internet Usage Security Highlights • www.idtheftcenter.org

  6. Recent Scams • Haiti Relief email • IRS Form W2 Spoof contains malware • Mortgage Fraud • Pop up Anti-Virus Advertisement contains virus • H1N1 email alert contains malware • FDIC email stating bank merger or that your bank is a failed bank. Click here? Get a surprise • 2010 Census by email • SURPRISE the Census bureau does not use email

  7. Motivation Auto Coordinated Cross site scripting Attack Sophistication “stealth” / advanced scanning techniques High Staged packet spoofing denial of service distributed attack tools sniffers sweepers www attacks automated probes/scans GUI back doors network mgmt. diagnostics disabling audits hijacking sessions burglaries Attack Sophistication exploiting known vulnerabilities password cracking self-replicating code Intruder Knowledge password guessing Low 2000+ 1980 1985 1990 1995 Source: Carnegie Mellon University

  8. What’s Causing Rise In Cyber Crime • Recession • Social Media Sites • Younger/Older generation using computers • Availability of Sophisticated tools • Trickery & Foolery

  9. “Zero Hour” Threats Rising • Increase in specialized threats • Toolkits used to create virus attacks, making specialization of participants a lucrative shadow economy. • Sophistication of high end threats is evolving rapidly • Targeted threats attack specific companies, persons and systems. • Blended threats becoming more common • Carefully targeted attack may go unnoticed for an undetermined amount of time.

  10. Harnessing The Power of Botnets Source: Symantec

  11. Industrial Espionage Targeted Attacks 60% of recipients were of a high or medium-level ranking 42% of recipients of targeted attacks were sent to high ranking individuals 18% of recipients were of medium-level seniority 5% of recipients were of a lower-ranking security 19% of targeted attacks were directed at general mailboxes such as “info@” Individually Targeted Attacks Blocked Per Day (Average) Source: Symantec Source: MessageLabs Intelligence

  12. Targeted Trojans Targeted trojans are specialized pieces of malware written to extract high value information from known subjects. Source: http://www.nypost.com/p/news/business/ hackers_targeting_UquyMBhuVAyl6wAn413lGJ

  13. 2005 2006 2007 2009 2008 50 2 1 10 60 PER DAY AVG PER DAY AVG PER WEEK PER DAY AVG PER DAY AVG Targeted Trojans Recent Peaks Frequency: 357 PER DAY Payload: Source: Symantec Source: MessageLabs Intelligence

  14. Website Security Trends Unique domains hosting malware: 30,000 New sites with malware in 2009: 2,465/day Source: Symantec Source: MessageLabs Intelligence

  15. Web 2.0

  16. Multitude of Threat Vectors • Social Media • Facebook, MySpace, Linkedin • Rogue 3rd Party Apps • Tiny URL’s • Translations • RogueWare

  17. Financial Heartland Retail Hannaford's Education Harvard University Oklahoma State University Medical Department of Veterans Cedars-Sinai Medical Center Government North Korea Attacks American Networks China hacking into NASA Israel Attacking Iran No Industry Is Being Left Behind The cyber warfare HAS begun!

  18. Space Programs RUSSIA USA

  19. Easy Availability of Exploit Tools

  20. PCI (Payment Card Industry) GLBA (Gramm-Leach Bliley Act) HIPAA (Health Insurance Portability and Accountability Act) FISMA (Federal Information Security Management Act) HITECH MA 201 CMR 17 NERC Multitude of Regulations

  21. Communications between machines inside the corporate LAN and between choke-points are not filtered or protected by a perimeter firewall in front of each machine. Servers in the DMZ, Kiosks, workstations used by temporary employees, and other “hot spots” Mobile users are becoming the back door to the house Telecommuters are becoming more popular, more risks being brought inside Perimeter Protection Is Not Enough

  22. Historical Firewall Configuration To: 115.13.73.1 From: 66.121.11.7 FTP-21 HTTP-80 Sub 7-6776 Quake-26000 SMTP-25

  23. HTTP-80 Today’s Firewall Configurations FTP-21 BackOrifice-31337 SMTP-25

  24. Future Threats & Challenges The Complacency of Fools Will Destroy Us

  25. Next Inflection Point CLOUD COMPUTING IT resources and services that are abstracted from the underlying infrastructure and provided “On-Demand” and “At Scale” in a multi-tenant environment

  26. Clouds Blow Away • Where does your data go when the cloud blows away • When data is breached, who will be at fault? • Waiting for first court battle • Looks like, feels like SNA? • Make sure you have a solid SLA!

  27. Next Generation Threats Next Generation Threats Will Use Stealth Methods vs. Today’s Threats • User Error will be the way of malware • Information Leakage due to negligence and theft • Domestic and International Terrorist stealing company technology and secrets New Methods Will Evolve to Adapt to User Behavior • Tempt-to-Click Email • Tempt-to-Click IM • False pop-ups New Computing Environments and Applications will be targets • VoIP • Cloud Computing • SaaS (Software as a Service) • Social Media Protection Will Require Education And Technology

  28. How Do We Best Protect Ourselves and Our Data Protect Dysfunctional Users Against Themselves

  29. What Companies Are Thinking About Securing Virtualization Virtualizing Security

  30. SANS Recommends - Deploy IPS

  31. Anti-Virus Updates Deploy an IPS Today! IPS Filters Turned on and Updated Encrypt Hard Drive Data Operating System Security Updates Educate Users Institute Company Wide Security Policy Implement Defense In Depth IPS, Anti-Virus, Encryption, Multiple Passwords, Other Strategies To Defeat Threats There is no silver bullet

  32. About Sourcefire Stop Threats and Start Partying!

  33. . . . . . . . . . . . . . . . . . . . . .. . . About Sourcefire • Founded in 2001 by Snort Creator, Martin Roesch, CTO • Headquarters: Columbia, MD • Fastest-growing IPS vendor • Global Security Alliance partner network • NASDAQ: FIRE Mission: To deliver intelligent security infrastructure for the most efficient, effective risk management. Best of Both Worlds Open Source Community + Sourcefire Development

  34. Powered by Snort Most Widely Used IPS Engine Worldwide • 270,000 Users • 3.7 Million Downloads • 80% of Fortune 500 • 40% of Global 2000 • 100+ Snort Integrators • 9,000+ Snort Rules • World’s Largest Threat Response Community

  35. Problems With a Traditional IPS Traditional IPS ClosedArchitecture Architecture Exploit-Based Accuracy None orLimited Intelligence ManualOperation Operation

  36. A New Approach Traditional IPS Sourcefire IPS ClosedArchitecture Open Rules& IPS Engine Architecture Exploit-Based Vulnerability-Based Accuracy None orLimited Real-time,All-the-time Intelligence ManualOperation Highly Automated Operation

  37. Backed by Sourcefire Vulnerability Research Team VRT Unrivalled Protection Against Advanced Persistent Threats Private &PublicThreatFeeds SnortCommunityInsight Advanced Microsoft Disclosure 300 NewThreatsper Month 20,000MalwareSamplesper Day VRT Research & Analysis VRT LAB 1000s of software packages >150 million performance & regression tests 100s of hardware platforms Comprehensive Protection

  38. Best-in-Class Detection • Based on Snort—de facto IPS standard • Vulnerability-based, zero-day protection • Open architecture • Flexible custom rules • Ranked #1 in detection by NSS Labs* “When enterprises compare products, signature quality remains the most weighted and competitive factor on shortlists.” Greg Young & John PescatoreMagic Quadrant for Network IPS April 2009 * “Network Intrusion Prevention Systems Comparative Test Results,” December 2009. Comparison using a tuned policy.

  39. NSS Labs Group IPS TestBlock Rate Comparison Source: Graphic used with permission by NSS Labs. “Network Intrusion Prevention Systems Comparative Test Results,” December 2009.

  40. Sourcefire Appliance Product Lines VMware Virtual Appliances Virtual Defense Center™ Virtual 3D Sensor™ Sourcefire Defense Center® DC1000 3D9900 10 Gbps DC3000 3D65004 Gbps DC500 3D45002 Gbps 3D35001 Gbps 3D2500 500 Mbps 3D2100 250 Mbps PERFORMANCE 3D2000 100 Mbps Sourcefire 3D® Sensor 3D100045 Mbps 3D5005 Mbps

  41. Why Sourcefire? • Powered by Snort • Driven by Intelligence • Best-in-Class Detection • Open Architecture • Highly Automated Stop Doing Things the “Old” Way!Leverage the Only “Intelligent” IPS.

  42. Vulnerability Audits Create / Enhance Security Policies Network & Data Protection Solutions Security Awareness Training PCI Compliance Video Monitoring and Surveillance Solutions True North Security • kenpappas@truenorthsecurity.com • 978.846.1175

  43. Summary • Cyber security attacks are common and costly • Attackers are sophisticated, well-financed and highly motivated • You have limited IT resources • Traditional security products can’t keep up “Not knowing what’s on your network is going to continue to be the biggest problem for most security practitioners.” Marcus RanumCSO Magazine

  44. Thank YouKen PappasCEOTrue North Security • kenpappas@truenorthsecurity.com Prepared for:

More Related