Aswath Mohan & Ankur Chadda discuss why an advanced security testing strategy is an essential component in preparing for the onslaught of cyber-attacks. Learn more about security testing: http://bit.ly/P5cTXz
2. Cyber Security Market Trends
Growth of Targeted Attacks
Rise of Social Engineering
CaaS – Crime as a Service
2 PROPRIETARY AND CONFIDENTIAL
3. Rapid Increase In Targeted Attacks
Between 2005 to 2011 the number of targeted
attacks rose by a factor of:
• 10
• 50
• 500
• 1000
In 2005 the number of targeted attacks detected by
Symantec.cloud was 1 per week. In Nov 2011 it
was 95 per day
3 PROPRIETARY AND CONFIDENTIAL
4. Social Engineering Is The Main Attack Vector
Report indicates that a large % of people reused
passwords or the passwords were very similar:
• 55 %
• 75 %
• 95 %
University of Cambridge study found that 75% of
users shared passwords between two separate
accounts
4 PROPRIETARY AND CONFIDENTIAL
5. The Growth Of The Zero Day Market
The price for one exploit is as high as $250K
• iOS
• Chrome
• Windows
• Microsoft Word
A Bangkok based security researcher with a
handle called ‘The Grugq’ sold an iOS exploit for
$250K. He is on track to make over $1M this year.
5 PROPRIETARY AND CONFIDENTIAL
6. Requirements for Advanced Security Testing
Accurate
• Test with the latest attacks and vulnerabilities
• Discover unknown weaknesses in software
Agile
• Recreate new apps and attacks immediately
• Leverage new threat profiles
Simple
• Intuitive workflow for ease-of-use and adoption
• Auto-generate test cases using Studio
7 PROPRIETARY AND CONFIDENTIAL
7. Spirent TestCloud – Apps & Security Test Store
1,000s of ready-to-run tests
Continuous stream of the latest attacks and apps
Multiple end–points (iPhone, PC, Android) & versions (Skype v5.3.0.8)
8 8 PROPRIETARY AND CONFIDENTIAL
8. DEMO 1 – Let’s Discover A Zero Day in Jabber
10 PROPRIETARY AND CONFIDENTIAL
9. DEMO 2 – Now Let’s Unleash Attacks At Scale
11 PROPRIETARY AND CONFIDENTIAL
Small and medium businesses are seen as easy targets by hackers as they lack the resources and budget to secure their infrastructure like larger businesses do.Government and private entities are teaming up together to deal a blow to perpetrators which one might not be able to do on its own.Mobile Apps, social media, cloud computing
In 2005 the number of targeted attacks detected by Symantec.cloud was 1 per weekIn Nov 2011 it was 95 per day An attack can be considered as targeted if it is intended for a specific person or organization, typically created toevade traditional security defenses and frequently makes use of advanced social engineering techniques.1. Symantec Intelligence Report Nov 2011. Also the number of attacks against online businesses rose by a factor of 5 according to Verizon Business Report
University of Cambridge researcher - http://www.lightbluetouchpaper.org/2011/02/09/measuring-password-re-use-empirically/. Rootkit.com and gawker.com.An addition 8% only changed capitalization. FaceBook now has 1B accounts (not including China)