Defending Against Known & Unknown Threats

Transcription

1 Defending Against Known & Unknown Threats Jack Walsh, New Initiatives & Mobility Programs Manager Copyright 2016 ICSA Labs

2 Introducing ICSA Labs

3 About ICSA Labs We re known for Providing independent 3 rd -party assurance Security-focused certification testing Stakeholder consortia Founded in years of testing Anti-malware products, network firewalls, etc. ISO accredited ISO 9001: 2008 ISO/IEC 17025: 2005 ISO/IEC 17065: 2012 Recent initiatives Security product testing Advanced threat defense (ATD) Internet of Things devices & sensors Mobile testing Mobile device platform security Healthcare testing ONC EHR, HIMSS ConCert, IHE USA Our seal of approval

4 Some of our customers

5 The value of certification testing Buyers need an objective way to confirm that security products introduced into their organization will function as advertised, interoperate and conform to privacy & security requirements. Vendors need a cost effective way to credibly demonstrate that their products will satisfy buyers needs. Ongoing certification testing by a credible, independent third party like ICSA Labs helps satisfy the needs of both.

6 Defending Against Known & Unknown Threats

7 source: Enterprises are being attacked

8 To defend against threats Organizations protected & secured themselves with all the traditional standards anti-malware, network firewalls, intrusion prevention systems, web application firewalls, etc.

9 Things did not improve source: Enterprises still being breached!

10 Growth in security spend Up 294% since 2006 to $21B in 2014 (source Gartner) What resulted? Data breach explosion! 614 breaches reported in North America in 2013 Over 91M records disclosed AOL Breaches put another way TD RBS Ameritrade Worldpay TK / TJ Maxx Heartland AT&T Sony PSN Citigroup Washington Post source: Target LexisNexis Michael s Home Depot Snapchat NASDAQ American Express ebay Neiman Marcus

11 Why haven t security products adequately protected enterprises?

12 Known and unknown threats

13 25 years (Known Threats) 1 year (Unknown Threats)

14 Known malicious threat testing ICSA Labs AV Testing Program Key Characteristics Wild List based testing Threats known in the wild On access On demand 25 years

15 Enhanced & Reloaded for 2017 ICSA Labs anti-malware testing From: From: To: To: More More Malicious Comprehensive Sample Sources Testing Wild List Static Signatures The Collection Wild List Static Wild List Signatures (Delta) Real Time URL Microsoft Threat List Blocking Prevalence ATD Anomaly Program Detection The Collection Enterprise Behavior- Samples Based

16 Testing unknown malicious threats ICSA ICSA Labs Labs began added ATD certification ATD- testing in in Q4 fall

17 What does ATD mean anyhow? Advanced threat defense (ATD) a. Protect from ADVANCED Threats? b. Protect from PERSISTENT Threats? c. Protect from UNKNOWN Threats?

18 Where does ATD occur? a. The Endpoint b. Network perimeter c. Local Sandbox d. Sandbox in Cloud e. Cloud Analysis Cluster A: Any or All of These!

19 Basis for ATD & ATD- testing Threat vectors leading to breaches Verizon Data Breach Investigations Report (DBIR) Direct Install Attachment Web Download Web Drive-By Link Download by Malware Network Propagation Remote Injection Removable Media Other

20 ATD & ATD- testing programs Does it detect 100s of new threats? Quarterly test cycles Does it have minimal FPs? Continuous testing for 3 to 5 wks Test cycles begin mid-month Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec FREE Reports available at quarter end

21 Testing focus Test cycles last 3-5 weeks Detecting threats Unknown Little-known While having minimal false positives

22 How you benefit Recurring testing with latest threats Keep informed with quarterly testing results. Know how ATD solutions perform against latest threats. Observe over time how products fare against the norm. No cost to enterprises Only participating vendors register and pay Includes free reports on our website

23 ICSA Labs Certified ATD Solutions The value of certification testing

24 Without YOU certification testing disappears Want more choices?

25 Statistics from 3 ATD test cycles Average Detection Effectiveness of Certified ATD Solutions Failing ATD Solutions Approximate Number of ATD Developers ~30 Vendors currently registered for ATD testing 11 Vendors with an ICSA Labs Certified ATD Solution 5 Average Test Cycle Length days Average Number Test runs per test cycle 610

26 Data from previous 4 ATD test cycles Ransomware is huge lately

27 Poor Fred

28 Will ATD solve all your problems?

29 About Jack Walsh Jack has worked eighteen years at ICSA Labs. Currently driving development of programs that test the security of IoT devices, advanced threat defense solutions and all things mobile, his prior roles included network intrusion prevention systems program manager, anti-spam program manager and firewall lab technical lead. Prior to joining ICSA Labs, Jack tested commercial products at the National Security Agency. While there he co-authored the first firewall protection profile. Jack earned his B.S. in Electrical Engineering from Penn State and later earned an M.S. in Computer Science from Johns Hopkins. Jack Walsh New Initiatives & Mobility Programs Manager

30 Find out more at