Big Trends in IT and how they shape Security. Gerhard Eschelbeck, CTO

Transcription

1 Big Trends in IT and how they shape Security Gerhard Eschelbeck, CTO

2 Industry Trends #1 The Rapidly Growing Demand for Processing and Data Storage Google processes 20 PB a day London s traffic cams processing 8TB / day CERN s LHC generates 15 PB a year Personal Photos 10,000 PB (CAGR 100%) NOAA has ~1 PB climate data Global data surpassed Zettabyte barrier (10 21 or 1 billion Terabytes) Data Intensive applications Data Mining and Indexing Machine Learning Financial Analysis 640K ought to be enough for anybody.

3 Industry Trends Expand your Infrastructure! Buy new servers, increase your software costs, provision more datacenter capacity!!

4 Industry Trends Look to the cloud! Pay for the bandwidth and server resources that you need. When your job is done then turn the whole thing off!

5 Industry Trends #2 It s all about the cloud

6 Industry Trends #3 Virtualization The ability to run multiple operating systems on a single physical system and share the underlying hardware resources App App Guest OS (Linux) App Guest OS (NetBSD) Virtual Machine Monitor (VMM) / Hypervisor Hardware App Guest OS (Windows) VM VM VM App Xen VMWare UML Denali etc.

7 Industry Trends #4 Mobile and the changing endpoint platforms By 2013, the number of mobile workers will grow to nearly 1.2 billion people, representing more than a third of the world s workforce. IDC, 2010 Gartner predicts that by % of organizations will support corporate applications on consumer devices

8 The Mobility of Data

9 What does this all mean to users? Information anywhere Accessible from any device Easy to share Security is at the core of all these changes

10 Security was easy in the early days

11 Today: Security is complex Dropbox Researchers discovered at least three different ways to hack into Dropbox and access data without authorization Epsilon Leaked millions of names and addresses from the customer databases of some of its clients, including trusted brands like Best Buy, Marks & Spencer, Marriott Rewards and Chase Bank Sony Corp. s PlayStation Network/Online Entertainment Suffered a series of breaches that placed 100 million customer accounts at risk It s been speculated that this is the most expensive data breach ever, costing the company up to $2 billion Stratfor A subscription-based provider of geopolitical analysis, saw its servers breached. The stolen data included 75,000 credit card numbers and 860,000 user names and passwords, which the hackers then exposed online

12 The Security Landscape Reduce attack surface Protect everywhere Stop attacks and breaches Keep people working URL Filtering Web Application Firewall Endpoint Web Protection Encryption for cloud Data Control Access control Automation WiFi security Anti-spam Patch Manager Mobile Control Virtualization Anti-malware User education Visibility Local self-help Device Control Application Control Secure branch offices Mobile app security Intrusion prevention Firewall Clean up Technical support Encryption Tamper protection Free Home use VPN encryption Live Protection Performance Small updates

13 The Changing Threat Landscape Financially motivated, computer generated malware Number of variants is growing sharply From Destructive to Stealth Vulnerabilities in well known and broadly used software are common attack vectors Targeted and organized attacks are becoming widely prevalent Social Networking sites are increasingly used as a distribution mechanism Short lifetime (hours to days) with fast mutation More bad files than good files

14 Web is the primary vector of attack new malicious pages every day 80% belong to legitimate sites

15 Exploit kits/packs Web-based kits to make it trivial for anyone to exploit users over the web Exploit packs can be bought relatively cheaply No skill required Kit automatically create content to target relevant browser and application vulnerabilities Silent infection of victims

16

17 Inside Blackhole Unique rental option within business model. Tight control.

18 Inside Blackhole Targets variety of exploits. Java & Flash most successful. CVE Target Description CVE Java Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability CVE Flash Adobe Flash Player unspecified code execution (APSB11-18) CVE Flash Adobe Flash Player unspecified code execution (APSA11-02) CVE Java Skyline CVE Windows Microsoft Windows Help and Support Center (HCP) CVE Java Java Deployment Toolkit insufficient argument validation CVE Java Unspecified vulnerability CVE Java JRE MixerSequencer invalid array index CVE Java Java trusted Methods Chaining CVE PDF LibTIFF integer overflow CVE Java Deployment Toolkit ActiveX control CVE PDF Use after free vulnerability in doc.media.newplayer CVE PDF Stack overflow via crafted argument to Collab.getIcon CVE PDF Stack overflow via crafted argument to util.printf CVE PDF collab.collect info CVE IE MDAC

19 Inside Blackhole Countries hosting Blackhole exploit kit

20 Inside Blackhole Administration interface

21 Inside Blackhole Administration interface optimized for mobile

22 Blackhole payloads Zbot FakeAV ZeroAccess rootkit TDSS rootkit Ransomware Even OSX payloads?

23 Police Ransomware

24 FakeAV: A very clever threat Scare the user into believing machine is infected

25 FakeAV for Mac No longer are just Windows users the target!

26 There is even FakeAV for Android!

27 Android malware Over 30k variants of malware known Information stealers (Andr/SMSRep) SMS senders (Andr/AdSMS) Phishing (fake mobile banking software) Privilege escalation exploits (DroidDream) Zeus for Android (Zitmo)

28 New Platforms require a new security approach Challenges: Loss/Theft Policy, Reporting Cross Platform Vulnerable, malicious apps DLP Secure browsing Application Security Data Protection Device Management

29 Simplifying the entire Security Lifecycle Reduce attack surface Protect everywhere Stop attacks and breaches Keep people working URL Filtering Web Application Firewall Endpoint Web Protection Encryption for cloud Data Control Access control Automation WiFi security Anti-spam Patch Manager Mobile Control Virtualization Anti-malware User education Visibility Local self-help Device Control Application Control Secure branch offices Mobile app security Intrusion prevention Firewall Clean up Technical support Encryption Tamper protection Free Home use VPN encryption Live Protection Performance Small updates

30 Covering the entire Security Lifecycle 1) New computing platforms (Mobile, Cloud, Virtual) 2) The expanded threat (including data loss) 3) More regulations around compliance, data loss and privacy 4) Few IT resources to manage the increasingly complex security landscape

31 Complete Security Vision Branch office Data in the cloud RED 10 Endpoints Active Protection Mobile / BYOD user Road warrior VPN Central office Visitor UTM OR Web Network Management Secure Wi Fi Endpoints Servers

32 Thank You Q&A Gerhard Eschelbeck