Security 2.0: What is the Next Generation Security for Public Sector Organizations? John McCumber, Strategic Programs Manager 2 August 2007
Jan 02, 2016
Security 2.0:What is the Next Generation Security for Public Sector Organizations?
John McCumber, Strategic Programs Manager2 August 2007
Symantec Vision 2007
2
Agenda
Security 2.0: A Working Definition11
Part I: Building on a Security Foundation 22
Part II: Maintaining Information Security33
Part III: Security Management44
Why Symantec?55
Symantec Vision 2007
3
The Shifting Threat Landscape…
Threat Evolution Timeline
cu
riosit
ycri
me
1986 2006
Virus Destructive Virus Macro Virus
Vulnerabilities Openly Discussed
Mass Mailing Worms
Network Worms
Spam Tracking Cookies
Spam Explodes
Bots & Botnets
DDoSAttacks
Bots Explode
Paid Vulnerability Research
Adware SpywareRootkits On the Rise
Spyware & Adware Explode
Phishing CrimewarePhishing Explodes
Zero Day Exploits & Threats
Symantec Vision 2007
4
Phishers Relentlessly Assault Consumers Through Trusted Brands
Phishing is the main form of brand attack
For the 2nd Half of 2006, there was an 19% in total phishing messages blocked (pure volume)
Average of 904 unique phishing messages per day (6% )
Financial brands most commonly targeted (84%)
Symantec Vision 2007
5
¿Hablas Hacking?
• Threats are increasingly deception-oriented
– Trojans
– Misleading applications such as rogue anti-spyware
– Phishing
– Spam
• Given this, they have to be in the victim’s native tongue to truly be effective
• Attackers are increasingly localizing threats and targeting them specifically to their intended victims’ market
• Especially common with malware, spam & phishing
Symantec Vision 2007
6
Phishing in International Waters
• Non-English phishing attacks are on the rise, but still only 20% of overall volume through March 2007
• The leading non-English language is Chinese by a considerable margin
– However, not uncommon to see spikes in German phishing
Security Foundation: Protecting the Endpoint
Symantec Vision 2007
8
Business Problems at the Endpoint
• Endpoint management costs are increasing
– Cost of downtime impacts both productivity and revenue
– Costs to acquire, manage and administer point products are increasing, as well as the demand on system resources
• Complexity is increasing as well
– Complexity and staffing to manage disparate endpoint protection technologies are on the rise
Source: Infonetics Research - The Cost of Network Security Attacks: North America 2007
Symantec Vision 2007
9
Ingredients for Advanced Protection
• The World’s leading anti-virus solution*
• More consecutive Virus Bulletin certifications than any vendor**
• Best anti-spyware, leading the pack in rootkit detection and removal
• Includes VxMS scanning technology (Veritas)
• Industry’s best managed desktop firewall (Gartner)
• Leading adaptive policies for location awareness
• Sygate and Symantec Client Security
• Behavior-based Intrusion prevention
• Network traffic inspection adds vulnerability-based protection
• Device control to prevent data leakage at the endpoint (Sygate)
• Protection against mp3 players, USB sticks, etc
• Includes a NAC agent to ensure each endpoint is “NAC-ready”
• Adds endpoint compliance to endpoint protection
AntiVirus
Anti-Spyware
Firewall
IntrusionPrevention
Device Control
Network AccessControl
Symantec Vision 2007
10
Ingredients for Advanced Protection
Symantec Endpoint Protection 11.0
AntiVirus
Anti-Spyware
Firewall
IntrusionPrevention
Device Control
Network AccessControl
Symantec’s Information Foundation
Symantec Vision 2007
12
Symantec Mail Security – Keep Important Things In
• Personal data, patient records, employee information
– Scan within email message body or attachments
Database ServerDatabase ServerFile ServerFile Server Messaging ServerMessaging Server
PhishingPhishing
Frau
d P
reventio
nF
raud
Preven
tion
SpamSpam
Traffic S
hap
ing
&
Traffic S
hap
ing
&
Sp
am F
iltering
Sp
am F
iltering
Malicious CodeMalicious Code
An
ti-Viru
sA
nti-V
irus
SymantecSymantecMailMail
SecuritySecurity
I recently left Acme, and believe your engineering team have stolen your #1 competitors intellectual property. You might want to let your lawyers see this
Bob
I recently left Acme, and believe your engineering team have stolen your #1 competitors intellectual property. You might want to let your lawyers see this
Bob
SymantecSymantecMailMail
SecuritySecurity
Credit Card #Credit Card #
Employee InfoEmployee Info
Patient RecordsPatient Records
Symantec Vision 2007
13
Information Risk In Database Systems
• Keep audit trail of all SQL activity
– Zero overhead on database server
• Detect potential threats from insiders and outsiders
– Uses fraud policies and historical transaction information
• Detect leakage of confidential information
– Based on “extrusion” policies
Database ServerDatabase Server
SELECT Credit_Card, FROM Customers
Fraud DetectionFraud Detection FraudFraudPoliciesPolicies
SQL Audit TrailSQL Audit Trail AuditAuditPoliciesPolicies
Symantec Vision 2007
14
Managing Information Risk Via Enterprise Vault
• Automatically retain and manage email for set time based on business policies
• Archiving IM communication• Managing archived content for compliance/discovery
SMTP Gateway
IM Gateway
Microsoft ExchangeIBM Notes Domino
Microsoft LCSIBM/Lotus SameTime
Jabber
Vault Store
Archive
Security Management:IT Compliance and Beyond
Symantec Vision 2007
16
Security Management Challenges
• Managing security events – particularly those stemming from new threat types
• Managing security beyond organizational network
– Sensitive data entrusted to other agencies, partners, and outsourced vendors
• Federal and agency governance and regulatory compliance
– Requires greater visibility
Symantec Vision 2007
17
3. Map3. Map
2. Distribute2. Distribute
1. Create1. Create MalwareMalwarePolicyPolicy
EndpointEndpointPolicyPolicy
DataDataProtectionProtection
PolicyPolicy
IncidentIncidentResponseResponse
PolicyPolicy
Enterprise Security
NISTNISTPCIPCI CobitCobit SOXSOX ISOISO GLBAGLBA FISMAFISMA
IT Policy Management
4. Prove4. Prove
InfrastructureInfrastructure
Vulnerability, Patch, Configuration, Permissions
OperationalOperational
ArchiveBackup Virus
Spam
ProceduralProcedural
Attestation Of Controls
Symantec Vision 2007
18
Symantec™ Global Intelligence Network
Hundreds of MSS customersMillions of security alerts per monthMillions of threat reports per month200,000 malware submissions per month
Twyford, England
Munich, Germany
Alexandria, VA
Sydney, Australia
Redwood City, CA
Santa Monica, CA
Calgary, Canada
San Francisco, CA
Dublin, Ireland
Pune, India
Taipei, Taiwan
Tokyo, Japan
>6,200 Managed Security Devices + + AdvancedHoneypot Network
120 Million Systems Worldwide 30% of World’s email Traffic +
74 Symantec Monitored Countries
74 Symantec Monitored Countries+4 Symantec SOCs4 Symantec SOCs 40,000+ Registered Sensors
in 180+ Countries40,000+ Registered Sensors
in 180+ Countries+ + 8 Symantec Security Response Centers
8 Symantec Security Response Centers
Symantec Vision 2007
19
Symantec Security Strategy for Enterprises
Policy Management
Event & Log ManagementInformation ManagementVulnerability Management
Information SecurityInformation Security
Security FoundationSecurity Foundation
Cell PhoneCell Phone LaptopLaptop DesktopDesktop File ServerFile Server Application ServerApplication Server Messaging ServerMessaging Server Database ServerDatabase Server
Security ManagementSecurity Management
i!