Summit 2011 trends in information security

Trends in Information Security

Shahar Geiger Maor
VP & Senior Analyst

www.shaharmaor.blogspot.com http://www.facebook.com/shahar.maor http://twitter.com/shaharmaor

Agenda

Introduction Cyber-Warfare Data Leakage
Prevention

“Social Mobile Cloud
Security” Computing

Security Market Data
Domains

Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 2

Technologies Categorization 20102011
Cyber
“Social” Warfare
Security
Market Curiosity
Mobile
Sec

IT Project
Major
DLP Changes
IRM
Cloud Size of figure =
Application Security complexity/
Security cost of project

Endpoint Security
Security Management
Network
Security

Using Implementing Looking
Market Maturity
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic
Source: STKI 3

STKI Index-20102011
–Top Queries to STKI
SIEM/SOC Miscellaneous Encryption
Regulations 3% 2% 1%
7%
Vendor/Product EPS/mobile
8% 14%
Market/Trends
DB/DC SEC 13%
9%
Access/Authenti
DCS cation
9% 12%
GW Network Sec
10% 12%

Source: STKI 4

Risk Management

InformationWeek Analytics 2011 5

The Value of Secrets

http://www.csoonline.com/documents/whitepapers/rsavalueofcorpsecrets.pdf

Cyber-Warfare

Cyber Warfare
is a
SCATTERED
HLS
TECHNOLOGY

http://edmahoney.wordpress.com/2010/01/13/cyber-war-home-theater/

Cyber Warfare –Key Takeaways
• Cyber-Warfare is Becoming A Giants’ Playground
• Cyber threats are more sophisticated, targeted and
vast than ever before
• Stuxnet has changed the game
• Countermeasures haven’t changed much:
– Proper security standards
– Technological controls
– Awareness
• “If a rich and equipped bad-guy wants to harm –only
God will help”.


Cyber-Warfare is Becoming A Giants’
Playground

http://www.bbc.co.uk/news/technology-11773146

Operation Aurora

http://www.damballa.com/downloads/r_pubs/Aurora_Botnet_Command_Structure. 10

Growing Number of Incidents -US

Incidents of Malicious Cyber
Activity Against Department of Defense
Information Systems, 2000–2009, with
Projection for 2010

http://www.uscc.gov/annual_report/2010/annual_report_full_10.pdf

Sources of Attacks on gov.il

Source: CERT.gov.il

M&As in the Cyber Underground…

SpyEye made headlines this year when
investigators discovered it automatically
searched for and removed ZeuS from infected
PCs before installing itself

http://krebsonsecurity.com/2010/10/spyeye-v-zeus-rivalry-ends-in-quiet-merger/

Cybercrime Return on Investment Matrix

Source: Cisco http://resources.idgenterprise.com/original/AST-0022126_security_annual_report_2010.pdf 15

Underground Economy
Products Price
Credit card details From $2-$90
Physical credit cards From $190 + cost of details
Card cloners From $200-$1000
Fake ATMs Up to $35,000
Bank credentials From $80 to 700$ (with guaranteed balance)
From 10 to 40% of the total
$10 for simple account without guaranteed
Bank transfers and cashing checks balance
Online stores and pay platforms From $80-$1500 with guaranteed balance
Design and publishing of fake online stores According to the project (not specified)
Purchase and forwarding of products From $30-$300 (depending on the project)
Spam rental From $15
SMTP rental From $20 to $40 for three months

http://press.pandasecurity.com/wp-content/uploads/2011/01/The-Cyber-Crime-Black-Market.pdf

Common “Positions” in the cyber-crime
business
Organization Leaders
Hosted
Programmers systems Cashiers
providers

Distributors Fraudsters Money mules

Tech experts Crackers Tellers

http://www.fbi.gov/news/speeches/the-cyber-threat-whos-doing-what-to-whom

Is Technology Good or Bad?


The Social Network (…at work)

http://it.themarker.com/tmit/
article/14567

http://www.ynet.co.il/articles
/0,7340,L-4012562,00.html


Stuxnet: (THE NEW YORK TIMES, 15/1/11)

http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?_r=2&hp

Stuxnet in Action: “A Game Changer”


Stuxnet in Action: “A Game Changer”
 10-30 developers (!!!)
 Stuxnet has some 4,000 functions (software that runs an average
email server has about 2,000 functions)
 Exploits a total of four unpatched Microsoft vulnerabilities
 compromise two digital certificates

• Self-replicates through removable drives
• Spreads in a LAN through a vulnerability in the Windows Print
Spooler
• Copies and executes itself on remote computers through network
shares
• Updates itself through a peer-to-peer mechanism within a LAN
• Contacts a remote command and control server
• modifies code on the Siemens PLCs
• Hides modified code on PLCs

Stuxnet Timeline

Eraly 2008: Siemens
cooperated with Idaho
National Laboratory ,
to identify the July 2009:
vulnerabilities of Stuxnet began
computer controllers circulating around the
that the company sells world

2008-2009: July 2010: Stuxnet is
Suspected exploits first discovered by
have been created for VirusBlokAda
Siemens SCADA
systems


Rootkit.Win32.Stuxnet Geography

Source: http://ebiquity.umbc.edu/blogger/wp-content/uploads/2010/09/stuxnet.gif

…Lets talk about Patch Management (PM)

• Mostly Microsoft, security-related patches
• “Its not the deployment, but the whole process
evolving” AKA Pizza Night.
• 20%-50% FTE is dedicated for PM
• Common SLAs: 3…6…or sometimes 12 Months!!
• VIP patches: up-to a week
• Hardwarenon-security patches’ SLA: Where
upgradesvendor support is needed

Data Leakage Prevention (DLP)


DLP –Key Takeaways
• Thank you, Mr. Assange! Thank you Ms. Kam!
• The human threat has never gone away
• Over-all DLP is still very difficult to implement
• Most organizations will:
– Use awareness and education as their main counter
measure
– First try compensating controls (e.g: device control,
encryption)
– Will prefer GW solutions over endpoint DLP
• IRM is still in the shadows of DLP


Market Trends: WikiLeaks


What’s the Incentive?

29
Source: http://datalossdb.org/statistics?timeframe=all_time

What’s the Incentive?

2,754 • Data loss incidents
396 (35%) • Credit-card related data loss

Hack (48%) • How?

297,704,392 • CCN compromised

751,779 • …CCNsIncident

? • Actual $$$ loss…

Source:Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or (2000-2010) 30
Shahar http://datalossdb.org/statistics?timeframe=all_time portion of graphic

Data Loss Analysis –Answering the “How” Q

Hack

Fraud

LostStolen X

Web
General

Unknown CCN

Disposal_Document

Email

Virus

0% 10% 20% 30% 40% 50% 60%

Source: Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic
Shahar http://datalossdb.org/statistics?timeframe=all_time (2000-2010) 31

Internal vs. External Human Threats

From

To


Incidents by Vector

http://datalossdb.org/statistics

Top three most effective Data-Security
controls

http://securosis.com/reports/Securosis_Data_Security_Survey_2010.pdf

What will you deploy next?

http://securosis.com/reports/Securosis_Data_Security_Survey_2010.pdf

Leakage Mitigation in Israel

+ AwarenessMethodology

-+IRMVaultingMail
Protection

+ GW DLP
+ Encryption
+Device Control
- Endpoint
DLP


DLP Insights

• 2011 -The Year of DLP???
• How to Approach DLP Projects?
• No Complete Leakage Prevention
• ROI? Yes, there is!
• Privacy, Privacy, Privacy!


Data Leak/Loss Prevention
- Israeli Market Positioning 1Q11
Solutions to Watch: Estimated Technology
CA Penetration
Using
Fidelis Evaluati
this
technolo
ngNot gy
using 39%
61%
Local Support

DLP Player
Websense
Worldwide
Leader

Symantec
McAfee
RSA
Verdasys
Safend This analysis should be used with its
Checkpoint supporting documents

Market Presence

Information Rights Management
Estimated Technology
Solutions to Watch: Penetration
Using this
Confidela technolog
y
Evaluating
Concealium Not using
5%
95%
Local Support

Player

Microsoft (RMS) Worldwide
Secure Islands Leader

Covertix
EMC
Oracle
Checkpoint This analysis should be used with its
supporting documents
Adobe

Market Presence

Database Protection
-Israeli Market Positioning 1Q11
Penetration

Evaluating Using this
Not using technology
48% 52%
Local Support

Player

Worldwide
Sentrigo Leader

Imperva

IBM

Oracle
Fortinet This analysis should be used with its
GreenSQL

Market Presence

“Social Security”

“Social
Security”
is a
SCATTERED IT
TECHNOLOGY


“Social Security” –Key Takeaways

• Social media is all around us
• Corporate network is opening up?
• Most employees use social media for leisure time
(Only minority uses it as a business tool)
• CIO: Find the balance between business
necessity, productivity, network considerations
and security
• CISO: Get involved!


10 Steps to Social-Computing
Compliance
Step 3 – Engage Step 4 – Formal
Step 1 – Take Step 2 –Establish
compliance education
ownership policy
function early program

Step 5 – Strong Step 6 – Content Step 8 – Selective
password monitoring and Step 7 – Education blocking of
management logging content

Step 9 – Routine
Step 10 – Regular
audits and review
policy review
of logs


Internet Policy –Allowing Facebook?

Israel: Cross-Sector, March 2011

Limited Yes
27% 38%

No
35%

Source: STKI 44

Internet Policy –Allowing Facebook?
Industry Healthcare Finance

Yes
Yes Yes
Limited 12%
37% 33%
38% No
25%
Limited
No 63%
67%
No
25%

Services High-Tech Government

Limited No Limited Yes
14% 17% 23% 15%
No
14%

Yes
72% Yes No
83% 62%

Source: STKI 45

Internet Policy –Allowing Skype?
Limited
4%
Yes
18%

No
78%

Source: STKI 46

Internet Policy –Allowing Skype?

Yes
Yes 12%
37%

No
63% No
No
88%
100%

Limited
8%

Limited Yes
14% 8%
No Yes
50% 50%

No No
86% 84%

Source: STKI 47

Internet Policy –Allowing Gmail?

Limited
18%

No
Yes
24%
58%

Source: STKI 48

Internet Policy –Allowing Gmail?

Limited No Limited
13% 33% 25%
Yes Yes
50% 50%
No Limited
37% No
67%
25%


Limited Limited No
29% 17% 23%
No
16%
Yes
No 57% Yes
14% 67% Yes
77%

Source: STKI 49

Internet Policy –Allowing P2P?
Limited
4%

No
96%

Source: STKI 50

Mobile sec
Mobile is a
SCATTERED IT
TECHNOLOGY


Mobile Security –Key Takeaways

• New Wave of Change: “Consumerization of IT”
• 38% (…and rising….) Of mobile devices are
considered “smartphones”
• Take control over mobile devices
• Manage Smartphones as if they were another
endpoint


New Wave of Change: “Consumerization
of IT”
Computing Cycles in Perspective
(from Morgan Stanley)

1,000,000

Mobile
100,000 Internet
Devices/Users (MM in Log Scale)

Desktop
10,000
Internet
10B+
1,000 Units??
PC 1B+ Units/
Users
100
100M Units
Minicomputer
10

“
10M Units
Mainframe
1
1M Units The desktop internet ramp was just a warm-up act for
1960 1980 2000 2020
what we’re seeing happen on the mobile internet. The
pace of mobile innovation is “unprecedented, I think, in

”
world history.
Mary Meeker, Morgan Stanley – April 2010

53
Source: McAfee
Shahar Maor’s work Copyright 2011 @STKI Do not remove source or attribution from any graphic or portion of graphic 53 October 17, 2011

Mobile Traffic in the Next Years

over 400 million of those devices
may represent the only means of
connecting to the Internet that
some people will have

5 billion
personal
devices

Source: http://www.readwriteweb.com/archives/mobile_data_traffic_surge_40_exabytes_by_2014.php

What’s Going on in Israeli Orgs?

• 38% (…and rising….) Of mobile devices are
considered “smartphones”
• In 26% of the market there is no policy
regarding the allowed brands


What type of smartphone are you considering to
provide your employees?

Israeli Survey 36%
Word Wide Survey
35%
30%
28%

20%
15% 16%
11%
6%

Win iPhone Android
Mobile 7 BlackBerry

Source: STKI Source: InformationWeek

What Kind of Services?

88%

90%
80%
70%
60%
50%
40%
30% 13%
8%
20% 4%
10%
0%
Mail & Calendar Mail, Calendar No Services Don't Know
& Apps

Source: STKI

What About Your Security Policy?
Insufficient

100%

Source: STKI 58

What are You Looking For?


Mobile Security: What worries CISOs?

Internal users:
• No central management
• How to protect corporate data on device?
• Device’s welfare ???

External users:
• Sensitive traffic interception
• Masquerading Identity theft


What are You Looking For?

1. Manage Smartphones as if they were another

endpoint

2. Multi-platform support

3. Protecting business information on your device


Solutions (Existing Support in Israel)
Good Juniper
Agat Solutions Checkpoint Fancyfon
Technologies Networks
Junos Pulse Mobile
Product Name AG ActiveSync filter Pointsec Mobile FAMOC Good for Enterprise
Security Suite
MDM and asset Blackberry-like
In a Nut Shell Content filtering Device encryption
management server
Device healthcare
Appliancesoftw Software
software software Software Appliancesoftware
are (SmartCenter™)
Client No yes yes yes yes

One console yes yes yes yes yes

Yes. Detects Yes, including SIM
Remote-wipe No No
unauthorized SIM
yes
removal detection
Device control
(BT, Wi-Fi, GPS, No No yes yes no
camera)
configurations, files,
BackupRecover Password
No applications back No yes
y recovery
up/restore

Source: STKI 62

Solutions (Existing Support in Israel)
McAfee MobileIron Phonaris Sybase Symantec Trend-Micro
Enterprise Virtual
Product Phonaris For Mobile
Mobility Smartphone Afaria Mobile Solutions
Name Enterprise Security
Management Platform
MDM –Android,
Secure access iOS, BB, Win Mobile
MDM and basic
In a Nut Shell and MDM MDM Security – Security
security
management Winmobile,
Symbian
Client Yes Yes Yes yes yes yes
Very nice and Yes, a “Single Plane
Yes:
One console yes Yes friendly web YES of Glass”. neat web
OfficeScan™
console portal
Yes + tracing lost
Remote-wipe yes Yes yes Yes no
devices
Device
control (BT, Yes (not including
yes Yes yes yes no
Wi-Fi, GPS, Symbian)
camera)
BackupReco
no yes no yes no no
very
Source: STKI 63

Mobile security and management capabilities compared

Source: InfoWorld, 2010 64

MDMSecurity Solutions
-Platform Support
Good
Agat Juniper Mobile- Trend-
Checkpoint Fancyfon Technolog McAfee Phonaris Sybase Symantec
Solutions Networks Iron Micro
ies

iOS Yes No Yes Yes Yes Yes Yes Yes Limited Yes No

Android Yes No Yes Yes Yes Yes Yes Yes Limited Yes No

Symbian Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
BlackBer
Yes No Yes Yes Yes No Yes Yes Yes Yes No
ry

WinMo
Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes
bile

PalmOS Yes Yes Yes Yes No Yes Limited No Yes No No

Java
based
Other Yes No Yes No No No No Yes No No
Feature
Phones

Source: STKI 65

Conclusion

Mobile is IT Another
the new shouldn’t
king of stay Managed
comm. behind endpoint


Cloud Computing


Cloud Security –Key Takeaways

• Cloud Computing is here to stay
• Security is an EASY showstopper
• CISOs will have to be agile and creative in order
to keep up with the trend
• Look for certifications, standards and guidelines
ASAP
• Wait for regulations in the long-term
• (In the meanwhile) Find yourself a solid provider

We Should Know, by now, What Cloud
Means

http://www.opengroup.org/jericho/cloud_cube_model_v1.0.pdf

Cloud Services Concerns

Security (especially
access issues) is still
considered a top
concern

“We won’t be involving our
security team in this project until
the last possible moment,
because the answer will be ‘no.’”
-VP at one of the largest retailers
in the world

Source: InformationWeek, State of Cloud, Jan 2011 70

Top Threats To Cloud Computing
Abuse and
Nefarious Use of
Cloud Computing

Unknown Risk Malicious
Profile Insiders

Shared
Account or
Technology
Service Hijacking
Issues

Insecure
Data Loss or
Interfaces and
Leakage
APIs

http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf

Top Threats To Cloud Computing
IaaS PaaS SaaS Remediation
Stricter initial registration and validation processes.

√ √ ×
Abuse and
Nefarious Use Enhanced credit card fraud monitoring and coordination.
of Cloud Comprehensive introspection of customer network traffic.
Monitoring public blacklists for one’s own network blocks.
Computing
Malicious Enforce strict supply chain management and conduct a
Insiders √ √ √ comprehensive supplier assessment.
Specify human resource requirements as part of legal contracts.
Require transparency into overall information security and
management practices, as well as compliance reporting.
Determine security breach notification processes.
Implement security best practices for installation/configuration.

√ × ×
Shared
Technology Monitor environment for unauthorized changes/activity.
Issues Promote strong authentication and access control for
administrative access and operations.
Enforce service level agreements for patching and vulnerability
remediation.
Conduct vulnerability scanning and configuration audits.


Top Threats To Cloud Computing -
Continued
IaaS PaaS SaaS Remediation
Insecure Analyze the security model of cloud provider interfaces.
Interfaces and
APIs √ √ √ Ensure strong authentication and access controls are
implemented in concert with encrypted transmission.
Understand the dependency chain associated with the API.
Data Loss or Implement strong API access control.
Leakage √ √ √ Encrypt and protect integrity of data in transit.
Analyzes data protection at both design and run time.
Implement strong key generation, storage and management, and
destruction practices.
Contractually demand providers wipe persistent media before it is
released into the pool.
Contractually specify provider backup and retention strategies.
Account or Prohibit the sharing of account credentials between users and services.
Service
Hijacking
√ √ √ Leverage strong two-factor authentication techniques where possible.
Employ proactive monitoring to detect unauthorized activity.
Understand cloud provider security policies and SLAs.
Unknown Risk Disclosure of applicable logs and data.
Profile √ √ √ Partial/full disclosure of infrastructure details (e.g., patch
levels, firewalls, etc.).
Monitoring and alerting on necessary information.

Top Security and Privacy Issues

Governance Compliance Trust

Identity and
Access Software
Architecture
Isolation
Management

Incident
Data Protection Availability
Response

http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf 74

Security and Privacy Issues and
Precautions
Areas Precautions
Governance Extend organizational practices pertaining to the policies, procedures, and
standards used for application development and service provisioning in the
cloud, as well as the design, implementation, testing, and monitoring of
deployed or engaged services. Put in place audit mechanisms and tools to
ensure organizational practices are followed throughout the system lifecycle.
Compliance Understand the various types of laws and regulations that impose security and
privacy obligations on the organization and potentially impact cloud computing
initiatives, particularly those involving data location, privacy and security
controls, and electronic discovery requirements. Review and assess the cloud
provider’s offerings with respect to the organizational requirements to be met
and ensure that the contract terms adequately meet the requirements.
Trust Incorporate mechanisms into the contract that allow visibility into the security
and privacy controls and processes employed by the cloud provider, and their
performance over time. Institute a risk management program that is flexible
enough to adapt to the continuously evolving and shifting risk landscape.


Security and Privacy Issues and
Precautions
Areas Precautions
Architecture Understand the underlying technologies the cloud provider uses to
provision services, including the implications of the technical controls
involved on the security and privacy of the system, with respect to the full
lifecycle of the system and for all system components.
Identity and Access Ensure that adequate safeguards are in place to secure authentication,
Management authorization, and other identity and access management functions.
Software Isolation Understand virtualization and other software isolation techniques that the
cloud provider employs, and assess the risks involved.
Data Protection Evaluate the suitability of the cloud provider’s data management solutions
for the organizational data concerned.
Availability Ensure that during an intermediate or prolonged disruption or a serious
disaster, critical operations can be immediately resumed and that all
operations can be eventually reinstituted in a timely and organized
manner.
Incident Response Understand and negotiate the contract provisions and procedures for
incident response required by the organization.

Outsourcing Activities and Precautions
Areas Precautions
Preliminary Activities Identify security, privacy, and other organizational requirements for cloud services
to meet, as a criterion for selecting a cloud provider.
Perform a risk assessment, analyzing the security and privacy controls of a cloud
provider’s environment with respect to the control objectives of the organization.
Evaluate the cloud provider’s ability and commitment to deliver cloud services
over the target timeframe and meet the security and privacy levels stipulated.
Initiating and Ensure that all contractual requirements are explicitly recorded in the SLA,
Coincident Activities including privacy and security provisions, and that they are endorsed by the cloud
provider. Involve a legal advisor in the negotiation and review of the terms of
service of the SLA. Continually assess the performance of the cloud provider and
ensure all contract obligations are being met.
Concluding Activities Alert the cloud provider about any contractual requirements that must be
observed upon termination. Revoke all physical and electronic access rights
assigned to the cloud provider and recover physical tokens and badges in a timely
manner. Ensure that resources made available to the cloud provider under the SLA
are returned in a usable form, and confirm evidence that information has been
properly expunged.


Division of Liabilities in the Cloud

http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-information-assurance-
framework/ 78

How to Secure the Cloud?
Technologies believed to be most important in securing the cloud computing
environment

http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 79

Lack of Confidence in IT?
Who is responsible for ensuring a secure cloud computing environment?

Isn't cloud security an IT
responsibility???
-So why is it 3rd?
Don’t let it scatter

http://www.ca.com/files/IndustryResearch/security-cloud-computing-users_235659.pdf 80

Regulations, Standards and Certifications

Regulations????? Looking for regulations?

…Please wait for the next
-Nothing (so far…)
disaster



• Standards:
– AICPA: SAS 70:
• there is no published list of SAS 70 standards (Recommendation:
ask to review your cloud provider’s SAS 70 type Ⅰ/Ⅱ report!!!)
• Certifications:
– NIST (National Institute of Standards and Technology)
• Recommended Security Controls for Federal Information Systems
and Organizations* === > FISMA (Federal Information Security
Management Act) ATO (Authorization to Operate).
– CSA:
• CCSK –Certified Cloud Security Knowledge



• Guidelines:
– CSA (Cloud Security Alliance):
• CCM -Cloud Controls Matrix
– NIST (National Institute of Standards and Technology):
• DRAFT Guidelines on Security and Privacy in Public Cloud
Computing
– ENISA (European Network and Information Security
Agency):
• Cloud Security Information Assurance Framework

* Not related directly to cloud security

Addressing Cloud Issues in the Israeli
Government

‫0102/01 מתוך נייר עמדה בנושא: עקרונות להגנת הפרטיות במידע אישי במיקור חוץ בישראל‬

http://www.justice.gov.il/NR/rdonlyres/1FB266DE-95A0-4C31-939B-3796DCB0C232/23065/positionmikurhuz.pdf

?


Virtualization Security Solution
Existing solutions Threat protection Integrated virtual
certified for protection of delivered in a virtual form- environment-aware threat
virtual workloads factor protection

Firewall +Intrusion Prevention
▪ System auditing  Virtual network segment  Virtual host protection and
▪ File integrity monitoring protection/policy enforcement network policy enforcement
▪ Anti-malware  Network access control
▪ Security configuration Mgmt  Virtual infrastructure monitoring
Source: IBM

Cloud Security Solutions

Business

Cloud
Virtual Volumes Databases in the cloud
VPD™ Intrusion Porticor
Web App
detect. & Access Policy
Firewall Site
prevent.

Self-service
Compute Virtual Virtual
Application Database
servers servers Threat
mgmt.
VPD™ Crypto- Data de- Events & Logging &
Key mgmt.
graphy construction Alerts
Distributed Storage Auditing Deployment

Data Operations

Source: Porticor

Cloud Security Solutions

http://www.cloudflare.com/

(Cloud-Based) Cyber-Crime Prevention

Source: Seculert

Cloud Privacy and Security -Navajo

Source: Navajo

Cloud Privacy and Security -Concealium

Source:Concealium

In Short

Security is an …”We put
The cloud is
EASY our money in No rush!
here to stay
showstopper the cloud”

Find yourself
Look for
a solid
standards
partner


Security Domains –Key Takeaways

• Network Security is climbing to the Application
layer
• Application Security is moving on to business
process
• EPS: There is a new approach to fight malware
• Nobody likes IAMIDM but everybody needs it
• Interesting changes in the SIEMSOC arena


Network Security

https://securosis.com/images/uploads/Securosis-Coverage-Map.pdf

Next-Generation Firewall
Identify Categorize Control

Application Chaos Users/Groups Policy
Many on Port 80 Critical Apps: Prioritized Bandwidth

Acceptable Apps: Managed Bandwidth
Re-Assembly Free
Deep Packet
Inspection

Unacceptable Apps: Blocked

Malware Blocked
Cloud-based
Extra-Firewall
Intelligence Visualize &
Manage Policy

9
4 Source: SonicWALL

Enterprise Network Firewall
Solutions to Watch: Checkpoint
SonicWall
Local Support

Player

Worldwide
Juniper Leader

PaloAlto
Fortinet
Cisco

Microsoft
This analysis should be used with its

Market Presence

Secure Remote Access
Penetration

Evaluating
Not using Juniper
13% Using this
technology
Local Support

87%

Player

Worldwide
Leader
Checkpoint
Microsoft
Citrix
Cisco
F5
SonicWall This analysis should be used with its
Array

Market Presence

Intrusion Prevention/Detection Systems -
Israeli Market Positioning 1Q11
Solutions to Watch: Estimated Technology
SonicWall
Penetration

Evaluati Using
ngNot this
using technolo
48% gy
Local Support

52%

McAfee
Player
IBM-ISS
Worldwide
Juniper Leader
Radware
PaloAlto
Checkpoint
HP Look for me
Cisco
Fortinet This analysis should be used with its
Sourcefire supporting documents
(Snort)

Market Presence

Network Access Control
Penetration

Evaluating Using this
Not using technology
52% 48%
Local Support

Access Layers
Player
Cisco
Worldwide
Symantec Leader
Check Point Juniper

ForeScout

Microsoft Insightix
Enterasys Wise-Mon
McAfee supporting documents
HP
Market Presence

Secure Web-Gateway
Local Support

Websense
Player
BlueCoat
Worldwide
Leader
SafeNet
Cisco Fast
Movement
Microsoft (TMG)
Symantec
Trend Micro
Fortinet
McAfee supporting documents
Zscaler
Market Presence

Email Security
Hosted/Cloud Solutions:
Microsoft (Forefront)
Google (Postini)
Symantec (MessageLabs)
Cisco (Ironport)
Local Support

McAfee (MX Logic)
Player
Cisco
Symantec Worldwide
Leader
Fast
Movement
PineApp
Trend Micro
Microsoft
McAfee This analysis should be used with its
Mirapoint SafeNet supporting documents
Websense

Market Presence

Application Security

https://securosis.com/images/uploads/Securosis-Coverage-Map.pdf

Need for Application Security
 Application security flaws jeopardize sensitive business
information, data integrity, availability and company
reputation
 Over 97% of applications are vulnerable to attacks
 90% of attacks are carried out on Application and Data
layers
 Penetration testing is an effective, yet “ad-hoc” solution.
 Budgetary constraints do not allow for daily manual
testing


AppSec –Among Top 3 Security Threats

http://www.informationweek.com/news/galleries/security/vulnerabilities/showArticle.jhtml?article
ID=226700232&pgno=6&isPrev=
103

Web Application Security Risks
OWASP Top 10 – 2007 (Previous) OWASP Top 10 – 2010 (New)
A2 – Injection Flaws A1 – Injection

A1 – Cross Site Scripting (XSS) A2 – Cross Site Scripting (XSS)

A7 – Broken Authentication and Session Management A3 – Broken Authentication and Session Management

A4 – Insecure Direct Object Reference = A4 – Insecure Direct Object References

A5 – Cross Site Request Forgery (CSRF) = A5 – Cross Site Request Forgery (CSRF)

<was T10 2004 A10 – Insecure Configuration Management> + A6 – Security Misconfiguration (NEW)

A8 – Insecure Cryptographic Storage A7 – Insecure Cryptographic Storage

A10 – Failure to Restrict URL Access A8 – Failure to Restrict URL Access

A9 – Insecure Communications = A9 – Insufficient Transport Layer Protection

<not in T10 2007> + A10 – Unvalidated Redirects and Forwards (NEW)

A3 – Malicious File Execution
- <dropped from T10 2010>

A6 – Information Leakage and Improper Error Handling - <dropped from T10 2010>

http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Summit 2011 trends in information security

Summit 2011 trends in information security

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (7)

Ähnlich wie Summit 2011 trends in information security

Ähnlich wie Summit 2011 trends in information security (20)

Mehr von Shahar Geiger Maor

Mehr von Shahar Geiger Maor (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Summit 2011 trends in information security