1. Today’s IT Attacks:
An Title of Presentation
IT Security Strategy
To Protect Your Assets
Francis deSouza
Symantec
Session ID: SPO1-107
Session Classification: Intermediate
2. Agenda
Sources of a Breach
Security Market Drivers
Breach Analysis
Security Strategy
2
3. A CRIME IS COMMITTED
Secure EVERY ¼ OF A SECOND
Endpoints
ON THE WEB
3
4. Secure
1 IN 5
Endpoints
WILL BE A VICTIM
OF CYBER CRIME
4
10. Sources Of A Breach
Organized
Organized Well
Well
Well Malicious
Malicious
Malicious
Targeted Meaning Insider
Criminal
Criminal Meaning
Meaning
Insider Insider
Insider
Attackers
Insider
Insider
10
11. History of Targeted Attacks
US Government: January 12:
Systems in the Department of Google announces they
Solar Sunrise: Defense, State, Commerce, have been a victim of a
Attacks stealing passwords Energy, and NASA all comprised targeted attack
from DoD systems and terabytes of information
conducted by 2 Californian confirmed stolen.
and 1 Israeli teenager
1998|1999|2000|2001|2002|2003|2004|2005|2006|2007|2008|2009|2010
Ghostnet:
Moonlight Maze: Titan Rain: Attacks on Tibetan
Organized
Organized
Attacks targeting US Well
Well
Coordinated attacks on Malicious
Malicious
organizations and
Criminal
military secrets reported
Criminal Meaningmilitary
US government
Meaning Insider many
embassies of
Insider
to be conducted by Russia Insider
installations and private EMEA countries, and
Insider
contractors NATO systems.
11
12. Anatomy Of A Breach
Anatomy Of A Breach
> Incursion
> Discovery
> Capture
Organized
Organized Well
Well Malicious
Malicious
Criminal
Criminal Meaning
Meaning Insider
Insider
Insider
> Exfiltration Insider
12
13. Mass Attack vs Targeted Attack
Phase Mass Attack Targeted Attack
Incursion Generic social engineering Handcrafted and personalized
By-chance infection methods of delivery
Discovery Typically no discovery, Examination of the infected resource,
assumes content is in a monitoring of the user to determine
predefined and predictable additional accessible resources,
location and network enumeration
Capture Predefined specific data or Manual analysis and inspection of the
data which matches a data
predefined pattern such as a
credit card number
Well Malicious
Exfiltration Organized
Organized Well
Information sentMeaning
to a dump Malicious
Information sent back directly to the
Insider
Criminal site often with little
Criminal Meaning
Insider attacker Insider stored in a known
and not
Insider
protection and dump site location for an extended period
serves as long term storage
13
14. IncursionIncursion
Security Market Drivers
In 2009 spam accounted for 90% of all email traffic
In 2008, Symantec documented 5,471 vulnerabilities, 80% of
which were easily exploitable
90% of incidents wouldn’t have happened if systems were patched
In 2009 we found 47,000 active bot-infected computers per day
14
15. DiscoveryDiscovery
Security Market Drivers
91% of records compromised in 2008 involved organized crime
targeting corporate information
81% of attacked companies were non-compliant in PCI
67% of breaches were aided by insider negligence
15
16. Capture Capture
Security Market Drivers
285 million records were stolen in 2008, compared to 230 million
between 2004 and 2007
Credit card detail accounts for 19% of all goods advertised on
underground economy servers
IP theft costs companies $600 billion globally
16
17. Exfiltration
Exfiltration
Security Market Drivers
“Hackers Targeted Source Code of More Than 30 Companies”
Jan 13, Wired.com
“SS Numbers Of Californians Accidently Disclosed” Feb 9 KTLA.com
“HSBC Bank Reports Lost Client Data From Swiss Private Bank”
Dec 9, Reuters
“Gov’t Posts Sensitive List of US Nuclear Sites” Associated Press
17
19. Dissecting Hydraq
Hi Francis,
I met you at the Malware Conference
last month. Wanted to let you know I
Incursion got this great shot of you doing your
presentation. I posted it here:
Attacker Breaks into the
networkOrganized
by delivering
Organized Well
Well Malicious
Malicious
targeted malware to
Criminal
Criminal Meaning
Meaning Insider
Insider
vulnerable systems and Insider
Insider
employees
19
20. Dissecting Hydraq
Discovery
Hacker Maps
Organizations Defenses
Organized
Organized
From the Inside and Well
Well Malicious
Malicious
Criminal
Criminal Meaning
Meaning Insider
Insider
Creates a Battle Plan Insider
Insider
20
21. Dissecting Hydraq
Capture
Attacker Accesses Data
on Unprotected Systems
Organized
Organized
and Installs Malware to
Criminal
Criminal
Secretly Acquire Crucial
Data
21
22. Dissecting Hydraq
Hydraq
Victim
Exfiltration
Confidential Data Sent
Back to Enemy’s “Home
Base” for Organized
Exploitation
Organized Well
Well Malicious
Malicious
Criminal Meaning Insider
and FraudCriminal Meaning
Insider Insider
Insider
Attacker
72.3.224.71:443
22
23. Prelude to a
Poorly Enforced
IT Policies
Breach
1
Poorly Enforced
IT Policies
Organized
Organized
Criminal
Criminal
Well
Well
Meaning
Meaning
Insider
Insider
Malicious
Malicious
Insider
Insider
23
24. Poorly Protected
Prelude to a
Information Breach
2
Poorly Protected
Information
Organized
Organized
Criminal
Criminal
Well
Well
Meaning
Meaning
Insider
Insider
Malicious
Malicious
Insider
Insider
24
25. Prelude to a
Breach
Poorly Managed
Systems
3
Poorly Managed
Systems
Organized
Organized
Criminal
Criminal
Well
Well
Meaning
Meaning
Insider
Insider
Malicious
Malicious
Insider
Insider
25
26. Poorly Protected
Prelude to a
Infrastructure Breach
4
Poorly Protected
Infrastructure
Organized
Organized
Criminal
Criminal
Well
Well
Meaning
Meaning
Insider
Insider
Malicious
Malicious
Insider
Insider
26
27. The Challenge
Develop and Enforce IT Policies
Protect The Information
Manage Systems
Organized
Organized Well
Well Malicious
Malicious
Criminal
Criminal Meaning
Meaning Insider
Insider
Insider
Insider
Protect The Infrastructure
27
27
28. A Comprehensive Security Strategy
Is Required
Risk Based and Policy Driven
IT Governance, Risk and Compliance
Information - Centric
Information Risk Management
Organized
Organized Well
Well Malicious
Malicious
Criminal Well Meaning Insider
Criminal Managed Infrastructure
Meaning
Insider Insider
Insider
Infrastructure Protection and Management
28
29. New Threats Require New Technologies
Integrated Security Platform
Open Console Security Dynamic
Platform Unification Intelligence Protection
Develop & Enforce IT Policies Manage Systems
• IT Risk Management • Workflow
• Compliance Process Automation • Application Streaming
• Information-Centric Policy • Portable Personalities
Protect the Information Protect the Infrastructure
Organized
Organized Well
Well Malicious
Malicious
• Data Ownership
Criminal
Criminal Meaning • Reputation Based Security
Meaning Insider
Insider
Insider
• Automated Content Classification • Mobile and Server Security
Insider
• Content Aware Endpoint Security • Encryption
29
30. Symantec Focuses on Meeting These Challenges
Develop and Enforce > Control Compliance Suite
IT Policies
Protect the > Data Loss Prevention Suite
Information
Manage Systems > IT Management Suite
Organized
Organized Well
Well Malicious
Malicious
Criminal
Criminal Meaning
Meaning Insider
Insider
Protect the Insider
Insider
Infrastructure > Symantec Protection Suite
30
31. Addressing Important Security Questions
> Can you enforce IT policies and remediate deficiencies?
> Do you know where your sensitive information resides?
> Can you easily manage the lifecycle of your IT assets?
> Can you improve your security posture by rationalizing
your security portfolio?
Organized
Organized Well
Well Malicious
Malicious
Criminal
Criminal Meaning
Meaning Insider
Insider
Insider
Insider
31
32. Thank You
Organized
Organized Well
Well Malicious
Malicious
Criminal
Criminal Meaning
Meaning Insider
Insider
Insider
Insider
32