Get documents about "McAfee presentn03Nov3
Document Sample
Confidential 8/6/2012
The evolving security threat
Jack Sebbag
Canadian General Manager and Vice-President
Confidential 8/6/2012 Page 2
The Escalating Threat
Security threats in global
business have become
a board room issue
The consequences of network
downtime caused by security issues have become
financially significant
Confidential 8/6/2012 Page 3
Major Business Case is Avoiding
Downtime
Confidential
Virus Count
80000
70000
60000
50000
40000
30000
20000
10000
0
1990 1992 1994 1996 1998 2000 2002
Source: McAfee’s VirusScan statistics
Confidential 8/6/2012 Page 5
The Good old days
New Virus infects a company
Sample sent to lab
New Driver written
Customer gets fix
All customer updated
Maybe virus spreads
over next weeks/months
Confidential 8/6/2012 Page 6
Today
Virus infects globally within hours
Sample sent to lab (30min)
New Driver written (1hr)
Customer deploys
update (hours/days)
Too late…
Confidential 8/6/2012 Page 7
The Speed Of Attacks Accelerates
SQL Slammer:
Blended threat exploits known vulnerability
Global in 3 minutes
Enterprises scramble to restore business availability
Discovered 1/25/03
Confidential 8/6/2012 Page 8
Propagation Explosion
120,000
100,000
Devices
80,000 Infected Population Increase
4,000
60,000
3,000
40,000
2,000
20,000
1,000
0
Code Red Nimda Goner Slammer Lovsan
0
2,777 6,250 12,500 100,000 120,000 2002 2003 2004 2005 2006 2008
7/17/01 9/18/01 12/04/01 1/25/03 8/11/03
IP Tel 10 20 50 100 200 400
PDAs 30 50 92 110 150 200
Cellular 300 600 1200 1500 1600 1800
Source: IDC 2002
PCs 450 460 470 480 500 520
Confidential 8/6/2012 Page 9
Market Drivers = Vulnerability Window
Melissa
18
Time needed to deploy counter
Time needed to infect 10,000
15
Loveletter
12 Kournikova
9
measures (in hrs)
devices (in Hrs)
6
3 Code Red Nimda
Goner
0 Klez What’s Next
Slammer
LovSan
1998 1999 2000 2001 2002 2003 2004 2005 2006 2008
Confidential 8/6/2012 Page 10
The Window Of Vulnerability
A combination of:
– The SPEED of attack
– The BLENDED attack mechanism
– The EVOLVING network environment
Reducing the window of vulnerability
– Proactively reduce the speed of attack
– Proactively reduce the chance of attack success
– Proactively reduce the exposure to attack
Confidential 8/6/2012 Page 11
Security vulnerabilities widespread
Typically a flaw in software
– Allows things to happen outside the defined rules
Microsoft posted over 70 last year!!!
– MS01-020 – all time #1 – IE Flaw
– MS03-026 – DCOM/RPC flaw
– MS03-032 – Another future favourite ??
It’s not just Microsoft
– Redhat has had MORE security fixes in 2003 than MS !
– Apache overflows are exploitable
– Sendmail is far more insecure than Exchange !
Confidential 8/6/2012 Page 12
Security vulnerabilities widespread
50% of 2002’s top threats used vulnerabilities
– All of 2003’s major threats have used vulnerabilities
Time for authors to utilise them is decreasing
– Vulnerability exploit worms in less than 30 days
Patches cannot be applied easily
– Admins don’t have visibility on where to deploy them
– Admins need time to evaluate patch stability
– Admins need to plan & execute deployment
Confidential 8/6/2012 Page 13
Threats are Changing Too
• Laptops: WLAN listeners
• Airports
• 802.11b offices
• Bluetooth on the bus
• Access to contact list
Confidential 8/6/2012 Page 14
Damage costs are escalating…
• Code Red cost $2.8bn in damages
• Loveletter cost business 40,000 man-years
in lost productivity
Downtime Cost: $200k- $400k • 51% of E-commerce sites not
down for 5 min to 3 hrs encrypted
1 to 3 times per annum • 60% of e-mail traffic not
business related.
• 70% of wireless networks (WiFi)
not secure
Confidential 8/6/2012 Page 15
The Response: Increased Security
Spending Intend to
Expect Spending Increase
to Stay Flat Security
Spending
35.4%
4.8% 59.6%
Intend to
Decrease
Security
Spending
Source: CIO Magazine
Confidential 8/6/2012 Page 16
SPAM – threat or nuisance?
Gartner: Spam messages cost US organizations $1
billion a year in lost productivity.
Aberdeen: The percentage of spam jamming
corporate networks is expected to climb from 25% in
2002 to 50% in 2003.
Raises Legal Concerns (e.g.: Pornographic spam)
– “27% of Fortune 500 organizations have defended themselves
against claims of sexual harassment stemming from
inappropriate email.” [The e-policy handbook, Nancy Flynn]
New delivery mechanism for trojans and viruses – we
have already seen Backdoors distributed via spam
Confidential
8000000
Spam counts
7000000
6000000
5000000
4000000
3000000
2000000
1000000
0
Ja Ma Ma J Se No Ja Ma Ma J Se No Ja Ma Ma
n- r- y- ul- p- v- n- r- y- ul- p- v- n- r- y-
01 01 01 01 01 01 02 02 02 02 02 02 03 03 03
Source: Brightmail probe network
Confidential 8/6/2012
How do we protect ourselves
In depth Security Strategy
Confidential 8/6/2012 Page 19
The Window Of Vulnerability
Fix
Posted
AVERT CUSTOMER
Window of
Vulnerability
Time
6 Months 3 Months 0 3 Hours 6 Hours 3 Days
Virus
Discovered
Confidential 8/6/2012 Page 20
Proactive Defence Impact On The Window
Before Virus After Virus
(Proactive) (Reactive)
Solution Solution Solution
Solution Solution
Solution Solution
Solution Solution
Solution Solution Solution
Time
6 Months 3 Months 0 3 Hours 6 Hours 3 Days
Virus
Discovered
Confidential 8/6/2012 Page 21
Comprehensive AV Strategy
But… AV is no longer enough
Confidential 8/6/2012 Page 22
Management – McAfee ePO
One Console For Your Security Needs
- A single, powerful easy to use interface for both the
- AV products AND security products
• Policy & Enforcement = Control
- Like AV, you need to be sure you are secure
- Powerful admin template feature for fast adoption
• Effective Maintenance And Visibility
- ePO’s reporting capabilities allow you to see, at a glance, who is at risk,
and who is secure.
Confidential 8/6/2012 Page 23
ePO 3.0: New Reports
a
Confidential 8/6/2012 Page 24
Vulnerability Assessment Tools ThreatScan –
Vulnerability Assessment by find unmanaged PC’s
• IP Range
• IP List
• Previous found PCs
• Subnet
Confidential 8/6/2012 Page 25
ThreatScan (Vulnerability Assessment)
Provides visibility to everything on your network
– Finds non ePO managed devices
– Lists devices by OS and SP levels
Provides auditing on open shares, ports & services
Detects and advises on virus related vulnerabilities
– OS
– Application
– Virus created
Confidential 8/6/2012 Page 26
Desktop Firewall
Traditionally used for remote users to protect against hackers
Required today on all devices as part of your anti-virus defence
– Stop malicious code and attacks
How?
• Only allow your specified traffic on the network
• Firewall prevents undefined applications from connecting
• Bi-directional IDS stops malicious code spreading
to other PCs
Confidential 8/6/2012 Page 27
Consider…Intrusion Prevention
Detect & Block threats in real-time
Minimize & Avoid attack-related costs
– Data recovery costs, productivity loss and potential loss of
revenue/service
Reduce costs, time in incident response and
forensic analysis
– Analysts focus on fewer, meaningful incidents
– Shiftfocus to pro-active steps including vulnerability
remediation and expanded blocking
Source: Giga Group Total Economic Impact study for IntruShield appliances– May 2003
Confidential 8/6/2012 Page 28
End-Goal - Protection-in-Depth™
Reliably STOP
Known & Unknown attacks
on your Information Technology infrastructure
Unknown
Known
Attacks
Attacks
Denial-of-Service Attacks
Confidential 8/6/2012 Page 29
End-Goal - Protection-in-Depth™
Best of Breed Intrusion Prevention to
Reliably STOP Known & Unknown attacks
on your Information Technology infrastructure
System/Host Network
Protection Solutions Protection Solutions
Desktop Server Core Edge
Confidential 8/6/2012 Page 30
SpamKiller
Rules Based - 750 processed rules that produce a weighted score
based on view of header, body, structure, routing
• Customizable threshold
• Default 5 points
Heuristic Analysis
– Engine is looking for email it doesn’t know is SPAM
– Probability scoring based on view of view of header, body, checksum, etc.
Black List / White List
– Personal
– Global
Content filtering
Confidential 8/6/2012 Page 31
McAfee® Protection-in-Depth™ Strategy
McAfee® System McAfee® Network
Protection Solutions Protection Solutions
Desktop Server Core Edge
Sniffer® Portable
McAfee® VirusScan® McAfee® SpamKillerTM Sniffer® Network McAfee ® IntruShieldTM
McAfee® Desktop Firewall™ McAfee® WebShield® Protection Platform nPOTM Solution
McAfee® ePolicy Orchestrator™ McAfee® GroupShield®
McAfee® IntruShieldTM Magic Service Desk
Magic Service Desk McAfee® Entercept®
InfiniStreamTM Forensics
Confidential 8/6/2012 Page 32
The Network Associates® Objective
Reliably stop known & unknown
Attacks on your
Information Technology
Infrastructure
Confidential 8/6/2012
Q&A
