440 likes | 754 Views
Know More About Threats, Risks and Regulations Ken Pappas CEO True North Security. Prepared for:. Founder and CEO of True North Security VP Marketing and Security Strategist at Top Layer Security Security Strategist at TippingPoint Director of Product Management at 3Com
E N D
Know More About Threats, Risks and RegulationsKen PappasCEOTrue North Security Prepared for:
Founder and CEO of True North Security VP Marketing and Security Strategist at Top Layer Security Security Strategist at TippingPoint Director of Product Management at 3Com Acquired TippingPoint “IPS technology” General Manager Security Division Enterasys Networks Acquired Security Wizards “Dragon IDS technology” Acquired Indus River “Remote VPN technology” Security Clearance, Department Of Homeland Security Computer Forensics CISM InfraGard, Boston Chapter sponsored by the FBI and DHS Appearance in Wall Street Journal, Fortune, etc. BLOG> http://secsystems.wordpress.com Twitter> TruNorthSec Ken Pappas BIO Professional Career Personal
Today’s Reality Future Threats & Challenges About Sourcefire About True North Security Agenda
Over 285 million records stolen in 2008 vs. 230 million between the years 2004 – 2007 with Education being the highest. WHY? Who do you think will be #1 in the next two years? 31% more bot-infected computers per day in 2008 vs 2007 90% of breaches from organized crime targeting corporate information Cyber crime cost companies more than $650 million worldwide Majority of breaches caused by insider negligence Users blurring their social life, personal life and work life with regards to Internet Usage Security Highlights • www.idtheftcenter.org
Recent Scams • Haiti Relief email • IRS Form W2 Spoof contains malware • Mortgage Fraud • Pop up Anti-Virus Advertisement contains virus • H1N1 email alert contains malware • FDIC email stating bank merger or that your bank is a failed bank. Click here? Get a surprise • 2010 Census by email • SURPRISE the Census bureau does not use email
Motivation Auto Coordinated Cross site scripting Attack Sophistication “stealth” / advanced scanning techniques High Staged packet spoofing denial of service distributed attack tools sniffers sweepers www attacks automated probes/scans GUI back doors network mgmt. diagnostics disabling audits hijacking sessions burglaries Attack Sophistication exploiting known vulnerabilities password cracking self-replicating code Intruder Knowledge password guessing Low 2000+ 1980 1985 1990 1995 Source: Carnegie Mellon University
What’s Causing Rise In Cyber Crime • Recession • Social Media Sites • Younger/Older generation using computers • Availability of Sophisticated tools • Trickery & Foolery
“Zero Hour” Threats Rising • Increase in specialized threats • Toolkits used to create virus attacks, making specialization of participants a lucrative shadow economy. • Sophistication of high end threats is evolving rapidly • Targeted threats attack specific companies, persons and systems. • Blended threats becoming more common • Carefully targeted attack may go unnoticed for an undetermined amount of time.
Harnessing The Power of Botnets Source: Symantec
Industrial Espionage Targeted Attacks 60% of recipients were of a high or medium-level ranking 42% of recipients of targeted attacks were sent to high ranking individuals 18% of recipients were of medium-level seniority 5% of recipients were of a lower-ranking security 19% of targeted attacks were directed at general mailboxes such as “info@” Individually Targeted Attacks Blocked Per Day (Average) Source: Symantec Source: MessageLabs Intelligence
Targeted Trojans Targeted trojans are specialized pieces of malware written to extract high value information from known subjects. Source: http://www.nypost.com/p/news/business/ hackers_targeting_UquyMBhuVAyl6wAn413lGJ
2005 2006 2007 2009 2008 50 2 1 10 60 PER DAY AVG PER DAY AVG PER WEEK PER DAY AVG PER DAY AVG Targeted Trojans Recent Peaks Frequency: 357 PER DAY Payload: Source: Symantec Source: MessageLabs Intelligence
Website Security Trends Unique domains hosting malware: 30,000 New sites with malware in 2009: 2,465/day Source: Symantec Source: MessageLabs Intelligence
Multitude of Threat Vectors • Social Media • Facebook, MySpace, Linkedin • Rogue 3rd Party Apps • Tiny URL’s • Translations • RogueWare
Financial Heartland Retail Hannaford's Education Harvard University Oklahoma State University Medical Department of Veterans Cedars-Sinai Medical Center Government North Korea Attacks American Networks China hacking into NASA Israel Attacking Iran No Industry Is Being Left Behind The cyber warfare HAS begun!
Space Programs RUSSIA USA
PCI (Payment Card Industry) GLBA (Gramm-Leach Bliley Act) HIPAA (Health Insurance Portability and Accountability Act) FISMA (Federal Information Security Management Act) HITECH MA 201 CMR 17 NERC Multitude of Regulations
Communications between machines inside the corporate LAN and between choke-points are not filtered or protected by a perimeter firewall in front of each machine. Servers in the DMZ, Kiosks, workstations used by temporary employees, and other “hot spots” Mobile users are becoming the back door to the house Telecommuters are becoming more popular, more risks being brought inside Perimeter Protection Is Not Enough
Historical Firewall Configuration To: 115.13.73.1 From: 66.121.11.7 FTP-21 HTTP-80 Sub 7-6776 Quake-26000 SMTP-25
HTTP-80 Today’s Firewall Configurations FTP-21 BackOrifice-31337 SMTP-25
Future Threats & Challenges The Complacency of Fools Will Destroy Us
Next Inflection Point CLOUD COMPUTING IT resources and services that are abstracted from the underlying infrastructure and provided “On-Demand” and “At Scale” in a multi-tenant environment
Clouds Blow Away • Where does your data go when the cloud blows away • When data is breached, who will be at fault? • Waiting for first court battle • Looks like, feels like SNA? • Make sure you have a solid SLA!
Next Generation Threats Next Generation Threats Will Use Stealth Methods vs. Today’s Threats • User Error will be the way of malware • Information Leakage due to negligence and theft • Domestic and International Terrorist stealing company technology and secrets New Methods Will Evolve to Adapt to User Behavior • Tempt-to-Click Email • Tempt-to-Click IM • False pop-ups New Computing Environments and Applications will be targets • VoIP • Cloud Computing • SaaS (Software as a Service) • Social Media Protection Will Require Education And Technology
How Do We Best Protect Ourselves and Our Data Protect Dysfunctional Users Against Themselves
What Companies Are Thinking About Securing Virtualization Virtualizing Security
Anti-Virus Updates Deploy an IPS Today! IPS Filters Turned on and Updated Encrypt Hard Drive Data Operating System Security Updates Educate Users Institute Company Wide Security Policy Implement Defense In Depth IPS, Anti-Virus, Encryption, Multiple Passwords, Other Strategies To Defeat Threats There is no silver bullet
About Sourcefire Stop Threats and Start Partying!
. . . . . . . . . . . . . . . . . . . . .. . . About Sourcefire • Founded in 2001 by Snort Creator, Martin Roesch, CTO • Headquarters: Columbia, MD • Fastest-growing IPS vendor • Global Security Alliance partner network • NASDAQ: FIRE Mission: To deliver intelligent security infrastructure for the most efficient, effective risk management. Best of Both Worlds Open Source Community + Sourcefire Development
Powered by Snort Most Widely Used IPS Engine Worldwide • 270,000 Users • 3.7 Million Downloads • 80% of Fortune 500 • 40% of Global 2000 • 100+ Snort Integrators • 9,000+ Snort Rules • World’s Largest Threat Response Community
Problems With a Traditional IPS Traditional IPS ClosedArchitecture Architecture Exploit-Based Accuracy None orLimited Intelligence ManualOperation Operation
A New Approach Traditional IPS Sourcefire IPS ClosedArchitecture Open Rules& IPS Engine Architecture Exploit-Based Vulnerability-Based Accuracy None orLimited Real-time,All-the-time Intelligence ManualOperation Highly Automated Operation
Backed by Sourcefire Vulnerability Research Team VRT Unrivalled Protection Against Advanced Persistent Threats Private &PublicThreatFeeds SnortCommunityInsight Advanced Microsoft Disclosure 300 NewThreatsper Month 20,000MalwareSamplesper Day VRT Research & Analysis VRT LAB 1000s of software packages >150 million performance & regression tests 100s of hardware platforms Comprehensive Protection
Best-in-Class Detection • Based on Snort—de facto IPS standard • Vulnerability-based, zero-day protection • Open architecture • Flexible custom rules • Ranked #1 in detection by NSS Labs* “When enterprises compare products, signature quality remains the most weighted and competitive factor on shortlists.” Greg Young & John PescatoreMagic Quadrant for Network IPS April 2009 * “Network Intrusion Prevention Systems Comparative Test Results,” December 2009. Comparison using a tuned policy.
NSS Labs Group IPS TestBlock Rate Comparison Source: Graphic used with permission by NSS Labs. “Network Intrusion Prevention Systems Comparative Test Results,” December 2009.
Sourcefire Appliance Product Lines VMware Virtual Appliances Virtual Defense Center™ Virtual 3D Sensor™ Sourcefire Defense Center® DC1000 3D9900 10 Gbps DC3000 3D65004 Gbps DC500 3D45002 Gbps 3D35001 Gbps 3D2500 500 Mbps 3D2100 250 Mbps PERFORMANCE 3D2000 100 Mbps Sourcefire 3D® Sensor 3D100045 Mbps 3D5005 Mbps
Why Sourcefire? • Powered by Snort • Driven by Intelligence • Best-in-Class Detection • Open Architecture • Highly Automated Stop Doing Things the “Old” Way!Leverage the Only “Intelligent” IPS.
Vulnerability Audits Create / Enhance Security Policies Network & Data Protection Solutions Security Awareness Training PCI Compliance Video Monitoring and Surveillance Solutions True North Security • kenpappas@truenorthsecurity.com • 978.846.1175
Summary • Cyber security attacks are common and costly • Attackers are sophisticated, well-financed and highly motivated • You have limited IT resources • Traditional security products can’t keep up “Not knowing what’s on your network is going to continue to be the biggest problem for most security practitioners.” Marcus RanumCSO Magazine
Thank YouKen PappasCEOTrue North Security • kenpappas@truenorthsecurity.com Prepared for: