Antivirus Technology in State Government Kym Patterson State Chief Cyber Security Officer Department of Information Systems.

Antivirus Technology in State Government

Kym PattersonState Chief Cyber Security

OfficerDepartment of Information

Systems

Current World Environment

•25,000 new virus samples submitted daily•Antivirus vendors leaning toward whitelisting•80% of malware is motivated by money•Increasingly hard to detect malware

Bot Activity

•Bots talking to each other in different ways•No command and control servers to identify•Communication between bots through peer to peer mode via encrypted web channels

Current State Network Environment

•SCSO tracks 150 ongoing issues each day•50 new issues identified each day•More than 5,000 DNS resolutions to foreign servers daily

oMost popular DNS server is in Eastern Europe

•Several hundred incident notifications from external organizations each year•At any given time, there are 60 state computers acting as primary nodes on a peer to peer network

oThree of these computers typically generate 500,000 peer to peer sessions daily

Current State Environment

•Purchase antivirus and endpoint protection software from 10+ vendors at several price points•Run 60 versions of these types of software•Some organizations don’t update signature files•Organizations pose a threat to each other on the state network

Future State

Limit number of AV or endpoint protection products in our environment

•Make wise use of state dollars by combining buying power•More bandwidth and computer availability due to low infection rate•Improved productivity resulting in better government service delivery•Improved response time to cyber outbreaks

Advantages of Less Diverse Environment

•Total cost of ownership would be less oSavings could be spent on other security measures

•More organizations likely to buy and be protected oLess threat on the state network

•Better reporting and auditing•Improved compliance with security mandates•Shorter threat period by working with fewer vendors•Manageability and scalability•Increased network reliability and performance

Endpoint protection can include:

•Host-based intrusion prevention system•Firewall•Antivirus•Antispyware•Central management capability•Data Loss Prevention•Encryption

Next Steps

•Gather requirements from agencies and state security working group•Work with Office of State Procurement to identify vendors to provide antivirus and endpoint protection products on state contract•Agencies would determine migration to these products as existing software licenses expire

Possible Antivirus and Endpoint Protection Requirements

•Ease of use

•Update frequency

•Service and support

•Update distribution

•Audit and report capability

•Log

•On demand scanning

•Port control

•Encryption

•Scheduled scans

•Link scanner

•Cross browser

•Webmail protection

•Ability to run on multiple

platforms

•Script protection

•Malware detection capabilities

•Policy management

SAMPLE

TIMELINE

Questions?

Kym PattersonState Chief Cyber Security

OfficerDepartment of Information

Systems