120 likes | 210 Views
Antivirus Technology in State Government. Kym Patterson State Chief Cyber Security Officer Department of Information Systems. Current World Environment 25,000 new virus samples submitted daily Antivirus vendors leaning toward whitelisting 80% of malware is motivated by money
E N D
Antivirus Technology in State Government Kym PattersonState Chief Cyber Security OfficerDepartment of Information Systems
Current World Environment 25,000 new virus samples submitted daily Antivirus vendors leaning toward whitelisting 80% of malware is motivated by money Increasingly hard to detect malware
Bot Activity Bots talking to each other in different ways No command and control servers to identify Communication between bots through peer to peer mode via encrypted web channels
Current State Network Environment SCSO tracks 150 ongoing issues each day 50 new issues identified each day More than 5,000 DNS resolutions to foreign servers daily Most popular DNS server is in Eastern Europe Several hundred incident notifications from external organizations each year At any given time, there are 60 state computers acting as primary nodes on a peer to peer network Three of these computers typically generate 500,000 peer to peer sessions daily
Current State Environment Purchase antivirus and endpoint protection software from 10+ vendors at several price points Run 60 versions of these types of software Some organizations don’t update signature files Organizations pose a threat to each other on the state network
Future State Limit number of AV or endpoint protection products in our environment Make wise use of state dollars by combining buying power More bandwidth and computer availability due to low infection rate Improved productivity resulting in better government service delivery Improved response time to cyber outbreaks
Advantages of Less Diverse Environment Total cost of ownership would be less Savings could be spent on other security measures More organizations likely to buy and be protected Less threat on the state network Better reporting and auditing Improved compliance with security mandates Shorter threat period by working with fewer vendors Manageability and scalability Increased network reliability and performance
Endpoint protection can include: Host-based intrusion prevention system Firewall Antivirus Antispyware Central management capability Data Loss Prevention Encryption
Next Steps Gather requirements from agencies and state security working group Work with Office of State Procurement to identify vendors to provide antivirus and endpoint protection products on state contract Agencies would determine migration to these products as existing software licenses expire
Ease of use • Update frequency • Service and support • Update distribution • Audit and report capability • Log • On demand scanning • Port control • Encryption • Scheduled scans • Link scanner • Cross browser • Webmail protection • Ability to run on multiple platforms • Script protection • Malware detection capabilities • Policy management Possible Antivirus and Endpoint Protection Requirements
SAMP L E T I ME L I N E
Questions? Kym PattersonState Chief Cyber Security OfficerDepartment of Information Systems