Security 2.0: What is the Next Generation Security for Public Sector Organizations? John McCumber, Strategic Programs Manager 2 August 2007.

Security 2.0:What is the Next Generation Security for Public Sector Organizations?

John McCumber, Strategic Programs Manager2 August 2007

Symantec Vision 2007

2

Agenda

Security 2.0: A Working Definition11

Part I: Building on a Security Foundation 22

Part II: Maintaining Information Security33

Part III: Security Management44

Why Symantec?55

Symantec Vision 2007

3

The Shifting Threat Landscape…

Threat Evolution Timeline

cu

riosit

ycri

me

1986 2006

Virus Destructive Virus Macro Virus

Vulnerabilities Openly Discussed

Mass Mailing Worms

Network Worms

Spam Tracking Cookies

Spam Explodes

Bots & Botnets

DDoSAttacks

Bots Explode

Paid Vulnerability Research

Adware SpywareRootkits On the Rise

Spyware & Adware Explode

Phishing CrimewarePhishing Explodes

Zero Day Exploits & Threats

Symantec Vision 2007

4

Phishers Relentlessly Assault Consumers Through Trusted Brands

Phishing is the main form of brand attack

For the 2nd Half of 2006, there was an 19% in total phishing messages blocked (pure volume)

Average of 904 unique phishing messages per day (6% )

Financial brands most commonly targeted (84%)

Symantec Vision 2007

5

¿Hablas Hacking?

• Threats are increasingly deception-oriented

– Trojans

– Misleading applications such as rogue anti-spyware

– Phishing

– Spam

• Given this, they have to be in the victim’s native tongue to truly be effective

• Attackers are increasingly localizing threats and targeting them specifically to their intended victims’ market

• Especially common with malware, spam & phishing

Symantec Vision 2007

6

Phishing in International Waters

• Non-English phishing attacks are on the rise, but still only 20% of overall volume through March 2007

• The leading non-English language is Chinese by a considerable margin

– However, not uncommon to see spikes in German phishing

Security Foundation: Protecting the Endpoint

Symantec Vision 2007

8

Business Problems at the Endpoint

• Endpoint management costs are increasing

– Cost of downtime impacts both productivity and revenue

– Costs to acquire, manage and administer point products are increasing, as well as the demand on system resources

• Complexity is increasing as well

– Complexity and staffing to manage disparate endpoint protection technologies are on the rise

Source: Infonetics Research - The Cost of Network Security Attacks: North America 2007

Symantec Vision 2007

9

Ingredients for Advanced Protection

• The World’s leading anti-virus solution*

• More consecutive Virus Bulletin certifications than any vendor**

• Best anti-spyware, leading the pack in rootkit detection and removal

• Includes VxMS scanning technology (Veritas)

• Industry’s best managed desktop firewall (Gartner)

• Leading adaptive policies for location awareness

• Sygate and Symantec Client Security

• Behavior-based Intrusion prevention

• Network traffic inspection adds vulnerability-based protection

• Device control to prevent data leakage at the endpoint (Sygate)

• Protection against mp3 players, USB sticks, etc

• Includes a NAC agent to ensure each endpoint is “NAC-ready”

• Adds endpoint compliance to endpoint protection

AntiVirus

Anti-Spyware

Firewall

IntrusionPrevention

Device Control

Network AccessControl

Symantec Vision 2007

10

Ingredients for Advanced Protection

Symantec Endpoint Protection 11.0

AntiVirus

Anti-Spyware

Firewall

IntrusionPrevention

Device Control

Network AccessControl

Symantec’s Information Foundation

Symantec Vision 2007

12

Symantec Mail Security – Keep Important Things In

• Personal data, patient records, employee information

– Scan within email message body or attachments

Database ServerDatabase ServerFile ServerFile Server Messaging ServerMessaging Server

PhishingPhishing

Frau

d P

reventio

nF

raud

Preven

tion

SpamSpam

Traffic S

hap

ing

&

Traffic S

hap

ing

&

Sp

am F

iltering

Sp

am F

iltering

Malicious CodeMalicious Code

An

ti-Viru

sA

nti-V

irus

SymantecSymantecMailMail

SecuritySecurity

I recently left Acme, and believe your engineering team have stolen your #1 competitors intellectual property. You might want to let your lawyers see this

Bob

I recently left Acme, and believe your engineering team have stolen your #1 competitors intellectual property. You might want to let your lawyers see this

Bob

SymantecSymantecMailMail

SecuritySecurity

Credit Card #Credit Card #

Employee InfoEmployee Info

Patient RecordsPatient Records

Symantec Vision 2007

13

Information Risk In Database Systems

• Keep audit trail of all SQL activity

– Zero overhead on database server

• Detect potential threats from insiders and outsiders

– Uses fraud policies and historical transaction information

• Detect leakage of confidential information

– Based on “extrusion” policies

Database ServerDatabase Server

SELECT Credit_Card, FROM Customers

Fraud DetectionFraud Detection FraudFraudPoliciesPolicies

SQL Audit TrailSQL Audit Trail AuditAuditPoliciesPolicies

Symantec Vision 2007

14

Managing Information Risk Via Enterprise Vault

• Automatically retain and manage email for set time based on business policies

• Archiving IM communication• Managing archived content for compliance/discovery

SMTP Gateway

IM Gateway

Microsoft ExchangeIBM Notes Domino

Microsoft LCSIBM/Lotus SameTime

Jabber

Vault Store

Archive

Security Management:IT Compliance and Beyond

Symantec Vision 2007

16

Security Management Challenges

• Managing security events – particularly those stemming from new threat types

• Managing security beyond organizational network

– Sensitive data entrusted to other agencies, partners, and outsourced vendors

• Federal and agency governance and regulatory compliance

– Requires greater visibility

Symantec Vision 2007

17

3. Map3. Map

2. Distribute2. Distribute

1. Create1. Create MalwareMalwarePolicyPolicy

EndpointEndpointPolicyPolicy

DataDataProtectionProtection

PolicyPolicy

IncidentIncidentResponseResponse

PolicyPolicy

Enterprise Security

NISTNISTPCIPCI CobitCobit SOXSOX ISOISO GLBAGLBA FISMAFISMA

IT Policy Management

4. Prove4. Prove

InfrastructureInfrastructure

Vulnerability, Patch, Configuration, Permissions

OperationalOperational

ArchiveBackup Virus

Spam

ProceduralProcedural

Attestation Of Controls

Symantec Vision 2007

18

Symantec™ Global Intelligence Network

Hundreds of MSS customersMillions of security alerts per monthMillions of threat reports per month200,000 malware submissions per month

Twyford, England

Munich, Germany

Alexandria, VA

Sydney, Australia

Redwood City, CA

Santa Monica, CA

Calgary, Canada

San Francisco, CA

Dublin, Ireland

Pune, India

Taipei, Taiwan

Tokyo, Japan

>6,200 Managed Security Devices + + AdvancedHoneypot Network

120 Million Systems Worldwide 30% of World’s email Traffic +

74 Symantec Monitored Countries

74 Symantec Monitored Countries+4 Symantec SOCs4 Symantec SOCs 40,000+ Registered Sensors

in 180+ Countries40,000+ Registered Sensors

in 180+ Countries+ + 8 Symantec Security Response Centers

8 Symantec Security Response Centers

Symantec Vision 2007

19

Symantec Security Strategy for Enterprises

Policy Management

Event & Log ManagementInformation ManagementVulnerability Management

Information SecurityInformation Security

Security FoundationSecurity Foundation

Cell PhoneCell Phone LaptopLaptop DesktopDesktop File ServerFile Server Application ServerApplication Server Messaging ServerMessaging Server Database ServerDatabase Server

Security ManagementSecurity Management

i!

Symantec Vision 2007

20

&ANSWERS

QUESTIONS

John McCumber

[email protected]