So far in 2013, AV-Test.org is recording about 5.5M new pieces of malware per month – or a little over two per second. It’s no wonder 47% of organizations are reporting malware as the primary driver for increasing IT operating expenses, and 58% of them are experiencing more than 25 malware incidents every month.
It’s time to put aside yesterday’s assumptions about malware, and prepare for modern antimalware combat.
In this presentation we’ll look at current malware warfare – and how you can implement defensive strategies to protect your organization. Along the way, we’ll look at some very recent survey results from more than 900 IT professionals – 91% of whom believe AV is ‘very’ or ‘extremely’ important to protecting their network, despite seeing malware incidents continue to rise.
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
New Malware Signature Every ½ Second – Is Your AV Keeping Up?
1. The Real World of IT
Security – Insight From a
Survey of Business
Aaron C. Goldberg
July 2013
2. Interactivity Tips
1. Ask A Question
2. Download a PDF copy of today’s presentation
3. Social Networking Tools
3. Key Discussion Points
• The IT Security landscape
• Identifying the concerns
• The reliance on Anti-Virus
• The barriers to increased levels of IT security
5. Today’s IT Security Landscape
• Biggest areas of IT security concern
• Threat impact
• Protection in use for endpoints
• Protection in use for servers
6. Key Concerns for IT Security
0%
5%
10%
15%
20%
25%
Operatingsystem
layerattacks
Applicationlayer
attacks
USBdeviceattacks
Unwantedapplication
installation
Memory-based
attacks
Phishing
Zero-dayattacks
AdvancedPersistent
Threats(i.e.using…
OTHER
Noneoftheabove
10. Focusing on Anti-Virus
• Most common security tool
• Viruses seem to be the single most prominent
threat mentioned in the general press
• Developed when viruses were the vast majority
of threats, but that’s no longer true
• Yet reliance is still there
11. How Important Do You Believe Anti-
Virus is to Protect Your Network
0%
10%
20%
30%
40%
50%
60%
70%
Extremely
important
Very important Somewhat
important
Not very
important
Not important
at all
12. The Barriers to Increased IT
Security
• This is one aspect of IT where the trade-off of
dollars vs. risk is most apparent
• The lack of a “finish line” makes it hard to know
what investment is enough
• Different industries have different needs
13. What Prevents You From Deploying
Additional Security Layers
0%
10%
20%
30%
40%
50%
60%
Budgetconstraints
Laborconstraints
Performanceimpacts
(Bandwidth/hardware
constraints)
Ourenvironmentis
adequatelyprotected
withoutthem
Unsure
OTHER
20. 20
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
APT / Targeted Attacks
Ponemon Research: 2013 State of the Endpoint
ISACA Research: Advanced Persistent Threats Are Real
» 93.6% feel APTs are a serious threat
» 63% think it is only a matter of time
» 79% feel this is the largest gap in APT prevention
» 1 in 5 have experienced an APT attack
47%
36%
36%
24%
24%
22%
23%
13%
Figure 4: IT security risks of most concern since 2010
More than three choice permitted in 2010 and 3 choices permitted in 2011 and 2012
Increased use of mobile platforms
Advanced persistent threats
Intrusion and data loss within a
virtual environment
2012 2011 2010 * This choice was not available in all fiscal years
*
21. New Threat Landscape
The Endpoint is the
New Attack Vector
21
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Browser, Apps and OS all have
known vulnerabilities
• 2/3 of all apps have known
vulnerabilities
• Time-to-Patch with change control is
long, resulting in a lack of security
and visibility
Rogue USB
• Transport method for injecting
malware (e.g., Conficker, Stuxnet)
• Easiest and most common means
of data loss / theft
Virus / Malware
• Best capture rate for day one
with AV is 33%. After 30 days
it is 93%
• 70,000 pieces of malware a
month remain undetected
23. Defense-in-Depth Strategy
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Successful risk mitigation requires a layered
defensive strategy which includes:
» Patch Management
» Configuration Control
» Application Whitelisting
» Memory Protection
» Data Encryption
» Port / Device Control
» Antivirus
Patch and Configuration Management
Application Control
Memory Protection
Device
Control
AV
Hard Drive and
Media Encryption
23
24. Defense-in-Depth – AV
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Benefits
» Stops “background noise” malware
» May detect reused or “hidden “code
» Will eventually clean payloads after they are
discovered – prevents spreading to less
protected machines
Patch and Configuration Management
Application Control
Memory Protection
Device
Control
AV
Hard Drive and
Media Encryption
24
25. Defense-in-Depth – Port / Device Control
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Benefits
» Can prevent unauthorized devices from
delivering payloads
» Can stop specific file types from being copied
to host machines
» Stops common delivery vector for evading
extensive physical and technical
security controls
Patch and Configuration Management
Application Control
Memory Protection
Device
Control
AV
Hard Drive and
Media Encryption
25
26. Defense-in-Depth – Encryption
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Benefits
» Protects data; stops leakage; etc.
» Makes lateral data acquisition more difficult for
APTs / targeted attacks
» Required by almost all regulations
Patch and Configuration Management
Application Control
Memory Protection
Device
Control
AV
Hard Drive and
Media Encryption
26
27. Defense-in-Depth – App Whitelisting
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Benefits
» Extremely effective against zero-day attacks
» Stops unknown, targeted malware payloads
» Low performance impact on endpoints
» Prevents sophisticated memory injection
attacks which bypass file system
Patch and Configuration Management
Application Control
Memory Protection
Device
Control
AV
Hard Drive and
Media Encryption
27
28. Defense-in-Depth – Patch / Config Mgmt
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Benefits
» Eliminates the attackable surface area that
hackers can target, including OS and 3rd party
apps across multiple platforms
» Centralizes configuration and enforcement
of native desktop firewalls and other
security settings
Patch and Configuration Management
Application Control
Memory Protection
Device
Control
AV
Hard Drive and
Media Encryption
28
29. Endpoint Management Complexity
Challenge
• Too Many Products, Too Much Complexity
» Endpoint management has become excessively
complex as multiple stand-alone solutions have
been implemented in the IT environment
Many
Consoles
Disparate
Architecture
Many
Agents
29
30. Endpoint Management Complexity
Challenge
• Too Many Products, Too Much Complexity
» Endpoint management has become excessively
complex as multiple stand-alone solutions have
been implemented in the IT environment
Solution
• Single, Extensible Platform
» Reduce the number of endpoint
agents, servers, consoles in use
» Improve visibility and control over endpoints
» Reduce learning curve, free up network resources
and improve IT productivity / resources
» Leverage existing organizational structures across
solutions and reduce data silos
Single
Console
Agile n-Tier Pluggable
Architecture
Single Promotable
Agent
30
34. True Cost of Malware
• Acquisition Costs
» Licensing
(license cost, maintenance, support)
» Installation
(HW / SW, roll-out, other)
• Operational Costs
» System Managemenet
» Incident Management
(help desk, escalation, re-imaging)
» Lost Productivity
• Does not include extraordinary
costs, such as a data breach
Operational
(60~80%)
Acquistion
(20~40%)
34
http://www.lumension.com/Resources/Value-Calculators/Cost-of-Malware-Calculator.aspx
35. More Information
• Free Security Scanner Tools
» Vulnerability Scanner – discover all OS and
application vulnerabilities on your network
» Application Scanner – discover all the apps
being used in your network
» Device Scanner – discover all the devices
being used in your network
http://www.lumension.com/Resources/
Security-Tools.aspx
• Lumension® Endpoint Management
and Security Suite
» Online Demo Video:
http://www.lumension.com/Resources/Demo-
Center/Vulnerability-Management.aspx
» Free Trial (virtual or download):
http://www.lumension.com/endpoint-
management-security-suite/free-trial.aspx
• Think Before You Renew Your AV
http://www.lumension.com/rethink-av
35
36. Global Headquarters
8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
info@lumension.com
http://blog.lumension.com
37. 37
• Download a copy of today’s slides
• Provide your feedback! Please complete our survey.
• A recorded version of this seminar will be available at
www.eSeminarsLive.com
• View a calendar of our Upcoming Events
Attendee Services