Embed Size (px)
Citation preview
The Real World of IT Security – Insight From a Survey of Business
Aaron C. Goldberg
July 2013
Interactivity Tips
1. Ask A Question
2. Download a PDF copy of today’s presentation
3. Social Networking Tools
Key Discussion Points• The IT Security landscape• Identifying the concerns• The reliance on Anti-Virus• The barriers to increased levels of IT security
About the Survey
• How many• When• How was it done
Today’s IT Security Landscape
• Biggest areas of IT security concern• Threat impact• Protection in use for endpoints• Protection in use for servers
Key Concerns for IT SecurityO
pera
ting
sys
tem
laye
r at
tack
s
App
lica
tion
laye
r at
tack
s
USB
dev
ice
atta
cks
Unw
ante
d ap
plic
atio
n in
stal
la-
tion
Mem
ory-
base
d at
tack
s
Phis
hing
Zer
o-da
y at
tack
s
Adv
ance
d Pe
rsis
tent
Thr
eats
(i
.e. u
sing
mul
tipl
e at
tack
ro
utes
)
OT
HE
R
Non
e of
the
abov
e0%5%
10%15%20%25%
Impact of ThreatsMalware Incidents Per Month
5-10 10-20 20-30 30-40 40+0%
10%
20%
30%
40%
50%
60%
70%
Protection In Use At EndpointsA
nti-
viru
s (A
V)
App
lica
tion
con
trol
/ w
hite
list
ings
Dat
a en
cryp
tion
Fir
ewal
ls
US
B d
evic
e se
curi
ty
Pat
ch m
anag
emen
t
Har
d dr
ive
secu
rity
Web
fil
teri
ng
Dat
a lo
ss p
reve
ntio
n
OT
HE
R
Non
e of
the
abov
e0%
20%
40%
60%
80%
100%
Protection Installed for ServersA
nti-
viru
s (A
V)
App
lica
tion
con
trol
/whi
teli
stin
g
Dat
a en
cryp
tion
Fir
ewal
ls
US
B d
evic
e se
curi
ty
Pat
ch m
anag
emen
t
Har
d dr
ive
(sec
urit
y)
Web
fil
teri
ng
Acc
ess
cont
rol t
echn
olog
ies
OT
HE
R
Non
e of
the
abov
e0%
20%
40%
60%
80%
100%
Focusing on Anti-Virus
• Most common security tool• Viruses seem to be the single most prominent
threat mentioned in the general press• Developed when viruses were the vast majority
of threats, but that’s no longer true• Yet reliance is still there
How Important Do You Believe Anti-Virus is to Protect Your Network
Extre
mely
impo
rtant
Very i
mpo
rtant
Somew
hat i
mpo
rtant
Not ve
ry im
porta
nt
Not im
porta
nt at
all
0%
10%
20%
30%
40%
50%
60%
70%
The Barriers to Increased IT Security
• This is one aspect of IT where the trade-off of dollars vs. risk is most apparent
• The lack of a “finish line” makes it hard to know what investment is enough
• Different industries have different needs
What Prevents You From Deploying Additional Security Layers
Bud
get c
onst
rain
ts
Lab
or c
onst
rain
ts
Perf
orm
ance
impa
cts
(Ban
dwid
th/h
ardw
are
cons
trai
nts)
Our
env
iron
men
t is
adeq
uate
ly p
ro-
tect
ed w
itho
ut th
em
Uns
ure
OT
HE
R
0%10%20%30%40%50%60%
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Antivirus:Required but not Sufficient
New Threat Landscape
New Malware in 2013
16PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
New Malware in 2013
17PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
2012 Avg ≈ 2.8M / mo.
2013 YTD Avg ≈ 5.5M / mo.
Total Malware Growth
18PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Total Malware Growth
19PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
~50% increase
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION20
APT / Targeted Attacks
Ponemon Research: 2013 State of the Endpoint
ISACA Research: Advanced Persistent Threats Are Real» 93.6% feel APTs are a serious threat» 63% think it is only a matter of time» 79% feel this is the largest gap in APT prevention» 1 in 5 have experienced an APT attack
47%36%
36%24%24%
22%23%
13%
Figure 4: IT security risks of most concern since 2010More than three choice permitted in 2010 and 3 choices permitted in 2011 and 2012
Increased use of mobile platforms
Advanced persistent threats
Intrusion and data loss within a virtual environment
2012 2011 2010 * This choice was not available in all fiscal years
*
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
New Threat Landscape
The Endpoint is the New Attack Vector
21
Browser, Apps and OS all have known vulnerabilities
• 2/3 of all apps have known vulnerabilities
• Time-to-Patch with change control is long, resulting in a lack of security and visibility
Rogue USB
• Transport method for injecting malware (e.g., Conficker, Stuxnet)
• Easiest and most common means of data loss / theft
Virus / Malware
•Best capture rate for day one with AV is 33%. After 30 days it is 93%
• 70,000 pieces of malware a month remain undetected
Safeguarding Your Environment
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Defense-in-Depth Strategy
Successful risk mitigation requires a layered defensive strategy which includes:
» Patch Management
» Configuration Control
» Application Whitelisting
» Memory Protection
» Data Encryption
» Port / Device Control
» Antivirus
Patch and Configuration Management
Application ControlMemory Protection
DeviceControl
AV
Hard Drive andMedia Encryption
23
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Defense-in-Depth – AV
Benefits
» Stops “background noise” malware
» May detect reused or “hidden “code
» Will eventually clean payloads after they are discovered – prevents spreading to less protected machines
Patch and Configuration Management
Application ControlMemory Protection
DeviceControl
AV
Hard Drive andMedia Encryption
24
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Defense-in-Depth – Port / Device Control
Benefits
» Can prevent unauthorized devices from delivering payloads
» Can stop specific file types from being copied to host machines
» Stops common delivery vector for evading extensive physical and technical security controls
Patch and Configuration Management
Application ControlMemory Protection
DeviceControl
AV
Hard Drive andMedia Encryption
25
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Defense-in-Depth – Encryption
Benefits
» Protects data; stops leakage; etc.
» Makes lateral data acquisition more difficult for APTs / targeted attacks
» Required by almost all regulations
Patch and Configuration Management
Application ControlMemory Protection
DeviceControl
AV
Hard Drive andMedia Encryption
26
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Defense-in-Depth – App Whitelisting
Benefits
» Extremely effective against zero-day attacks
» Stops unknown, targeted malware payloads
» Low performance impact on endpoints
» Prevents sophisticated memory injection attacks which bypass file system
Patch and Configuration Management
Application ControlMemory Protection
DeviceControl
AV
Hard Drive andMedia Encryption
27
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Defense-in-Depth – Patch / Config Mgmt
Benefits
» Eliminates the attackable surface area that hackers can target, including OS and 3rd party apps across multiple platforms
» Centralizes configuration and enforcement of native desktop firewalls and other security settings
Patch and Configuration Management
Application ControlMemory Protection
DeviceControl
AV
Hard Drive andMedia Encryption
28
Endpoint Management Complexity
Challenge• Too Many Products, Too Much Complexity
» Endpoint management has become excessively complex as multiple stand-alone solutions have been implemented in the IT environment
ManyConsoles
Disparate Architecture
ManyAgents
29
Endpoint Management Complexity
Challenge• Too Many Products, Too Much Complexity
» Endpoint management has become excessively complex as multiple stand-alone solutions have been implemented in the IT environment
Solution• Single, Extensible Platform
» Reduce the number of endpoint agents, servers, consoles in use
» Improve visibility and control over endpoints» Reduce learning curve, free up network resources
and improve IT productivity / resources» Leverage existing organizational structures across
solutions and reduce data silos
SingleConsole
Agile n-Tier Pluggable Architecture
Single Promotable Agent
30
Overcoming Barriers
Tolly Study: Clients
32PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Tolly Study: Servers
33PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
True Cost of Malware
• Acquisition Costs» Licensing
(license cost, maintenance, support)» Installation
(HW / SW, roll-out, other)
• Operational Costs» System Managemenet» Incident Management
(help desk, escalation, re-imaging)» Lost Productivity
• Does not include extraordinary costs, such as a data breach
Operational(60~80%)
Acquistion(20~40%)
34
http://www.lumension.com/Resources/Value-Calculators/Cost-of-Malware-Calculator.aspx
More Information
• Free Security Scanner Tools» Vulnerability Scanner – discover all OS and
application vulnerabilities on your network » Application Scanner – discover all the apps
being used in your network» Device Scanner – discover all the devices
being used in your network
http://www.lumension.com/Resources/Security-Tools.aspx
• Lumension® Endpoint Management and Security Suite» Online Demo Video:
http://www.lumension.com/Resources/Demo-Center/Vulnerability-Management.aspx
» Free Trial (virtual or download):http://www.lumension.com/endpoint-management-security-suite/free-trial.aspx
• Think Before You Renew Your AVhttp://www.lumension.com/rethink-av
35
Global Headquarters8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
http://blog.lumension.com
37
• Download a copy of today’s slides
• Provide your feedback! Please complete our survey.
• A recorded version of this seminar will be available at
www.eSeminarsLive.com
• View a calendar of our Upcoming Events
Attendee Services
![Malware Fails Best Bugs in Malware Felix Leder [Malware ... · 1 Malware Fails Best Bugs in Malware Felix Leder [Malware Detection Team] Felix.Leder@norman.com 5. desember 2011 malware](https://img.dokumen.tips/doc/110x75/5e24a0182957fc7c07460194/malware-fails-best-bugs-in-malware-felix-leder-malware-1-malware-fails-best.jpg)
