Defending Against Known & Unknown Threats Jack Walsh, New Initiatives & Mobility Programs Manager Copyright 2016 ICSA Labs
Introducing ICSA Labs
About ICSA Labs We re known for Providing independent 3 rd -party assurance Security-focused certification testing Stakeholder consortia Founded in 1989 25 years of testing Anti-malware products, network firewalls, etc. ISO accredited ISO 9001: 2008 ISO/IEC 17025: 2005 ISO/IEC 17065: 2012 Recent initiatives Security product testing Advanced threat defense (ATD) Internet of Things devices & sensors Mobile testing Mobile device platform security Healthcare testing ONC EHR, HIMSS ConCert, IHE USA Our seal of approval
Some of our customers
The value of certification testing Buyers need an objective way to confirm that security products introduced into their organization will function as advertised, interoperate and conform to privacy & security requirements. Vendors need a cost effective way to credibly demonstrate that their products will satisfy buyers needs. Ongoing certification testing by a credible, independent third party like ICSA Labs helps satisfy the needs of both.
Defending Against Known & Unknown Threats
2005 2010 source: www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ Enterprises are being attacked
To defend against threats Organizations protected & secured themselves with all the traditional standards anti-malware, network firewalls, intrusion prevention systems, web application firewalls, etc.
2010 2016 Things did not improve source: www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ Enterprises still being breached!
Growth in security spend Up 294% since 2006 to $21B in 2014 (source Gartner) What resulted? Data breach explosion! 614 breaches reported in North America in 2013 Over 91M records disclosed AOL Breaches put another way TD RBS Ameritrade Worldpay TK / TJ Maxx Heartland AT&T Sony PSN Citigroup Washington Post source: https://blogs.bromium.com/2014/08/14/the-rise-and-fall-of-enterprise-security/ Target LexisNexis Michael s Home Depot Snapchat NASDAQ American Express ebay Neiman Marcus
Why haven t security products adequately protected enterprises?
Known and unknown threats
25 years (Known Threats) 1 year (Unknown Threats)
Known malicious threat testing ICSA Labs AV Testing Program Key Characteristics Wild List based testing Threats known in the wild On access On demand 25 years
Enhanced & Reloaded for 2017 ICSA Labs anti-malware testing From: From: To: To: More More Malicious Comprehensive Sample Sources Testing Wild List Static Signatures The Collection Wild List Static Wild List Signatures (Delta) Real Time URL Microsoft Threat List Blocking Prevalence ATD Anomaly Program Detection The Collection Enterprise Behavior- Samples Based
Testing unknown malicious threats ICSA ICSA Labs Labs began added ATD certification ATD-Email testing in in Q4 fall 2016 2015
What does ATD mean anyhow? Advanced threat defense (ATD) a. Protect from ADVANCED Threats? b. Protect from PERSISTENT Threats? c. Protect from UNKNOWN Threats?
Where does ATD occur? a. The Endpoint b. Network perimeter c. Local Sandbox d. Sandbox in Cloud e. Cloud Analysis Cluster A: Any or All of These!
Basis for ATD & ATD-Email testing Threat vectors leading to breaches Verizon Data Breach Investigations Report (DBIR) Direct Install Email Attachment Web Download Web Drive-By Email Link Download by Malware Network Propagation Remote Injection Removable Media Other 0 500 1000 1500 2000 2500 3000 3500 4000 3706 869 588 551 453 230 138 72 16 13
ATD & ATD-Email testing programs Does it detect 100s of new threats? Quarterly test cycles Does it have minimal FPs? Continuous testing for 3 to 5 wks Test cycles begin mid-month Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec FREE Reports available at quarter end
Testing focus Test cycles last 3-5 weeks Detecting threats Unknown Little-known While having minimal false positives
How you benefit Recurring testing with latest threats Keep informed with quarterly testing results. Know how ATD solutions perform against latest threats. Observe over time how products fare against the norm. No cost to enterprises Only participating vendors register and pay Includes free reports on our website https://www.icsalabs.com/products?tid[]=5352
ICSA Labs Certified ATD Solutions The value of certification testing
Without YOU certification testing disappears Want more choices? jwalsh@icsalabs.com
Statistics from 3 ATD test cycles Average Detection Effectiveness of Certified ATD Solutions Failing ATD Solutions Approximate Number of ATD Developers ~30 Vendors currently registered for ATD testing 11 Vendors with an ICSA Labs Certified ATD Solution 5 Average Test Cycle Length 30.75 days Average Number Test runs per test cycle 610
Data from previous 4 ATD test cycles Ransomware is huge lately
Poor Fred
Will ATD solve all your problems?
About Jack Walsh Jack has worked eighteen years at ICSA Labs. Currently driving development of programs that test the security of IoT devices, advanced threat defense solutions and all things mobile, his prior roles included network intrusion prevention systems program manager, anti-spam program manager and firewall lab technical lead. Prior to joining ICSA Labs, Jack tested commercial products at the National Security Agency. While there he co-authored the first firewall protection profile. Jack earned his B.S. in Electrical Engineering from Penn State and later earned an M.S. in Computer Science from Johns Hopkins. Jack Walsh New Initiatives & Mobility Programs Manager jwalsh@icsalabs.com 717.790.8126
Find out more at www.icsalabs.com/