Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim Manager, Client & Partner Services, Asia 1
Agenda 2010 Threats Targeted Attacks Defense Against Targeted Attacks Questions 2
2010 Threats 3
Window of vulnerability: Imsolk.B Here you have worm 4
Stuxnet Industrial Control Malware 5
Stuxnet Possible Target? http://www.telegraph.co.uk/news/worldnews/middleeast/iran/8169381/iran-confirms-stuxnet-worm-halted-centrifuges.html 6
Targeted Attacks 7
What is a Targeted Attack? Targeted attacks are probably the most malicious form of viral attack, they are sent specifically to people with the intention of stealing information from that company, whether this is just simply for financial gain or to steal company secrets. 8
Targeted Link Malware Example: Compromised Web Site of Defense Contractor A Bespoke malware Latest vulnerabilities (often zero-day) Recipients researched and targeted specifically 9
Targeted Link Malware Example: Email targeted at employees of Defense Contractor B 10
11
Targeted Email Attacks 12
Targeted Email Attacks 13
Targeted attacks seen per day 14
Targeted Industries High Value Information Assets 5% 26% 7% 8% 13% 15% 13% 13% Finance Manufacturing Education Prof. Services IT Services Media/Marketing Telecoms Other 15
Targeted attack flow between regions 16
Seniority of targeted employees March 2010 November 2010 High seniority 42% 25% Medium seniority 18% 29% Low seniority 5% 4% General mailboxes 19% 19% Unknown 16% 21% 17
Defenses Against Targeted Attacks 18
Know Your Assets, Know Attack Vectors 19
Layers of Protection Provide Maximum Detection (CLOUD/APPLIANCE) 20
A Broad Portfolio of Integrated Hosted Services Protect Control Secure Recover Email Web Skeptic TM Anti-Virus Anti-Spam Anti-Virus Anti-Spyware Content Control Image Control URL Filtering Boundary Encryption Policy Based Encryption Archiving Continuity IM Anti-Virus Anti-Spam Content Control EndPoint Hosted EndPoint 21
Hosted Email Security All mail to your organization All mail from your organization is clean, legitimate, relevant Brightmail Traffic Shaper Connection Manager AntiSpam Components SMTP Heuristics User Validation Commercial DNS Blocklists Brightmail Access your email even if your mail servers fail AntiVirus Components Apply encryption based on policy Commercial AV Engines Policy Based Encryption Symantec AV Engine Skeptic (AS & AV ) Archiving Continuity Control Store only relevant mails Less onpremises storage Easier to index and search Inbound Outbound All mails delivered to your users are clean, legitimate, and relevant Less strain on your email server 22
Hosted Web Security URL FILTERING AND WEB POLICY ENFORCEMENT CONFIGURED WITH AN EASY-TO-USE WEB- BASED INTERFACE GLOBAL, LOAD- BALANCED INFRASTRUCTURE Firewall Web Proxy Web Your Network MULTI-LAYERED ANTI-VIRUS, ANTI- PHISHING & ANTI-SPYWARE DEFENSES AVAILABLE REMOTE & MOBILE USER SUPPORT OPTIONS END USER PROTECTION AND WEB POLICY ENFORCEMENT Outbound traffic Inbound Traffic Multi-layered malware defenses with Skeptic proprietary heuristics detect known and emerging threats Global distributed architecture supports minimal latency Highly configurable URL filtering Enforce Web use policies by content, browse time & bandwidth use Roaming user support options 23
Accuracy: Skeptic Heuristic Technology Connection Manager AntiSpam Components AntiVirus Components All mail to your organization Brightmail Traffic Shaper SMTP Heuristics User Validation Commercial DNS Blocklists Brightmail Symantec AV Engine Commercial AV Engines Skeptic (AS & AV) What is Skeptic? Proprietary heuristic technology Deployed & observing Internet traffic since 1999 Detects threats traditional signature based scanners often miss Utilized by our Email, Web and IM security services Shares the threat data for enhanced protection 24
Identifying more threats, taking action faster & preventing impact Relevant Global Expertise Billions of email connections and Web requests/week Accurate In-depth Analysis Zero hour protection IT Policies and Controls Skeptic Multi-protocol Converged Threat Protection Threat intelligence shared across Email, Web, and IM Email Security Service Web Security Service Instant Messaging Security Service 25
Web Email Industry Leading Service Level Agreements Buy the Outcome.not just a Tool! AntiVirus Protection 100% protection from known and unknown email viruses Credit is offered if a client infected by a virus Latency Average roundtrip time of 100% of email delivered in less than 60 seconds Credit is offered if latency exceeds 1 minute Virus False Positives 0.0001% FP capture rate Credit is offered if we do not meet this commitment Delivery 100% delivery guarantee Client may terminate if we do not meet this Spam Capture Rate 99% capture rate (95% for emails containing Asian characters) Credit is offered if we do not meet this commitment Service Availability 100% uptime Credit is offered if availability falls below 100% Client may terminate if availability falls below 95% Spam False Positives 0.0003% FP capture rate Credit is offered if we do not meet this commitment AntiVirus Protection 100% protection against known viruses Credit is offered if a client infected by a virus Latency Average scanning time of 100% of web content is within 100 milliseconds Credit is offered if latency exceeds 100 milliseconds Service Availability 100% uptime Credit is offered if availability falls below 100% Client may terminate if availability falls below 95% 26
Symantec Hosted Services: Market Leadership 10 million SaaS users 31,000 clients 104 Countries Leader in Gartner MQ for Secure Email Gateway Leader in Gartner MQ for Secure Web Gateway Worldwide leader in messaging security SaaS (IDC) 27
Protect Yourself Now! 1. Sign up for a Free Trial http://www.messagelabs.com.hk/trials/free 2. Contact our Authorized Reseller for no-obligations Consultation Phone : 2201 7303 Email: service@jos.com.hk 29
Thank you Leonard Sim (leonard_sim@symantec.com) 30