Robert Potter Vice President Americas Symantec. Copyright 2016, Symantec Corporation

Transcription

1 Robert Potter Vice President Americas Symantec 1

2 TODAY S ADVANCED ADVERSARY HACKING CYBER CRIME CYBER ESPIONAGE CYBER WARFARE

3 Notable Targeted Attack Groups Active in 2015 Black Vine CN based attacks on primarily aerospace and healthcare, including Anthem and OPM in search of intellectual property and identities Rocket Kitten Iran based state-sponsored espionage attacks on journalists, human rights activists, and scientists Duke State-sponsored attacks against Western state organizations Emissary Panda Attacks against aerospace, intelligence, telecommunications, energy, and nuclear engineering industries in search of intellectual property Turla RU-based espionage attacks against government institutions and embassies Butterfly Attacks against multi-billion dollar corporations in IT, pharmaceuticals, commodities and includes Facebook and Apple for insider trading 2016 Internet Security Threat Report Volume 21 3

4 In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582 That s 1 Million 179 Thousand A DAY! 4

5 AN ESCALATING THREAT LANDSCAPE RECORD HIGH NUMBERS DIGITAL EXTORTION ON THE RISE WEBSITES 429M total identities exposed 9 mega breaches, up 125% 191M identifies exposed in one breach 431M new malware created 35% increase in cryptoransom ware 992 devices held hostage each day 76% of websites had vulnerabilities ZERO-DAY THREATS MANY SECTORS UNDER ATTACK 54 all-time high Top 5 unpatched for 295 days Healthcare 120 security incidents Retail 33 security incidents Financial 30 security incidents Education 20 security incidents Government 17 security incidents

6 Top 10 Sectors Breached by Number of Incidents Sector Number of Incidents % of Incidents 1 Services % 2 Finance, Insurance, & Real Estate % 3 Retail Trade % 4 Public Administration % 5 Wholesale Trade % 6 Manufacturing 7 2.3% 7 Transportation & Public Utilities 6 2.0% 8 Construction 1 0.3% Top 10 Expanded Sectors Breached by Number of Incidents Sector Number of Incidents % of Incidents 1 Health Services % 2 Business Services % 3 Educational Services % 4 Insurance Carriers % 5 Hotels & Other Lodging Places % 6 Wholesale Trade - Durable Goods % 7 Eating & Drinking Places 9 3.0% 8 Executive, Legislative, & General 9 3.0% 9 Depository Institutions 8 2.6% 10 Social Services 6 2.0% 6

7 CHALLENGE IN BUILDING A SECURITY ARCHITECTURE Identity Symantec Access Manager Symantec VIP 2-Factor Provision & De-provisioning Symantec MPKI On Guard (Lenel) Picture Perfect (GE) SymPass SAFE Identity and Access Mgmt. Endpoint Devices Content & Collaboration Applications Data Infrastructure Symantec Data Loss Prevention Firewalls Cisco, Juniper Networ Red Seal k SecureW2 Wifi Security Symantec Endpoint Protection Symantec Endpoint Encryption Encryption in Transport Symantec Endpoint Encryption Assurance CM (SERT) Cenzic Application Scan Symantec Data Loss Prevention Data Enrichment Symantec Gateway SourceFire IDS QualysGuard Airmagnet Wifi Security Symantec Data Loss Prevention Symantec Device Mgmt. (ITMS) MS Exchange Protection Assurance NM (SIREN) Openfire Incident Response Chat Symantec Endpoint Encryption Symantec Endpoint Encryption File Analysis SafeNet Web Gateway Akami Layer 7 Filtering Mobile Device Mgmt. Secure Data Collaboration Instant Messaging Protection HP Fortify Symantec EV. Cloud & Enterprise Vault Secure / Sharing Un-structured Data Compute & Storage Symantec Certificates Symantec DLP QualysGuard Asset Mgmt/ServiceNow License Mgmt. ediscovery Clearwell Manager Enterprise Vault Data Retention Encase Product Suite Web Application Firewall Control Compliance Suite Critical Systems Security Monitoring & Analysis Syslog Splunk Symantec MSS Arcsight GSO Security Ops Center Co3 Systems OTRS SOC Ticketing User Behavior Analysis Services Symantec Incident Response DeepSight Managed Security Services Symantec Products Third Party Products Capability Gap Policy Required GSO Tool \ Service 7

8 The Boundaries Continue to Expand Creating Moving Targets Hackers Cloud Remote Offices/ Workers Authentication & Encryption Mobile Devices Virtualization Malicious & Well-meaning Users Cyber Threats Social Media Compliance Advanced Persistent Attacks 8

9 CRITICAL CRITERIA TO BUILDING YOUR SECURITY POSTURE FRAMEWORK & ARCHITECTURE INTELLIGENCE OF TELEMETRY & TECHNIQUE CAPABILITIES & INNOVATION ABILITY TO ENGAGE, RESPOND, AND REMEDIATE, TRUST 9

10 Organizations Defining/Following Frameworks 10

11 Organizations now reling on Defining Risk and Trust Models VULNERABILIITES THREATS & INTELLIGENCE CONSEQUENCES RISK 11

12 Leveraging and Building Intelligence and Knowledge Dangerous Threats Actors Telemetry - Techniques BIG DATA Massive Security Data Archive UNIQUE VISIBILITY Hundreds of millions of URLs, domains and IP addresses monitored 10 trillion logs/year collected GLOBAL INTELLIGENCE NETWORK THREAT INTELLIGENCE TEAMS ANALYST CONTEXT Analysts leverage Symantec s Managed Adversary Threat Intelligence about threat actors to provide tailored insights on what s happening in your environment Threat Researchers Across 6 Global SOCs 12

13 Scale is critical in offering UNIQUE THREAT VISIBILITY 175M endpoints 57M attack sensors in 156 countries 30% of world s traffic scanned/day 182M web attacks blocked last year 8 threat response centers, with 500+ security analysts 7.6T rows of telemetry 200K rows added/second

14 You Leverage A Framework, Invested in Intelligence, Invested in Innovative Capabilities Why do you still need to worry about Threats & Vulnerabilities? 14

15 Criminals Have Become Increasingly Active! There are those who have been caught and those who have not 15

16 Zero-Days 16

17 Zero-Day Vulnerabilities

18 Targeted Phishing Attacks 18

19 Spear-Phishing Attacks by Size of Targeted Organization Org Size 2015 Risk Ratio 2015 Risk Ratio as Percentage Attacks per Org Large Enterprises 2,500+ Employees Medium Business 251 2,500 Employees Small Business (SMB) Employees 1 in % in % in %

20 Ransomware 20

21 Growing Dominance of Crypto-Ransomware MISLEADING APP FAKE AV LOCKER RANSOMWARE CRYPTO RANSOMWARE 21

22 35% Increase in Crypto-Ransomware Attacks 35% 22

23 Consequences 23

24 Total Identities Exposed Through Breaches 500 ESTIMATED +30% +23% 24

25 Professionalization of Cyber Crime & Consumer Scams 25

26 TeslaCrypt Ransomware Technical Support Available 26

27 Why Retr3at and the Educational Concepts of Montreat College s Cyber Ethics is critical?

28 Robert Potter Vice President Americas Symantec Thank you! Copyright 2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.