3. What We See The Impact of Endpoint Attacks 9/20/2011 3 Copyright 2010. All Rights Reserved.
4. Losing the Battle Against Cybercrime 9/20/2011 4 Copyright 2010. All Rights Reserved. Even those companies making sizable efforts to keep their data secure admit it's almost impossible to outpace the bad guys. – Bill Brenner, Senior Editor, CIO Magazine
5. Losing the Battle Against Cybercrime 9/20/2011 5 Copyright 2010. All Rights Reserved. The number of attacks is now so large and the criminals sophistication is so great that many organizations are having trouble determining which new threats and vulnerabilities pose the greatest risk and how resources should be allocated to ensure that the most probable and damaging attacks are dealt with first. – SANS.ORG, “The Top Cyber Security Risks”
6. Your Business is a Target Cyber criminals have stolen at least from small to mid-sized companies across America in a sophisticated but increasingly common form of online banking fraud… $100million — Brian Krebs, Washington Post, 26 October 2009
8. Viruses Programs that attach / embed to other applications (and then attempt to hide). Distribution File sharing Email Instant Messenger Hosted Email Polymorphic /Metamorphic 9/20/2011 Copyright 2010. All Rights Reserved. 8
12. Malware For Profit Spyware Search revenue, Pop up ads Key logger Information pushed to bad guys Botnet General purpose network DoS, SPAM, Brute Force Attacks 12 9/20/2011 Copyright 2010. All Rights Reserved.
14. Losing the Battle Against Cybercrime 9/20/2011 14 Copyright 2010. All Rights Reserved. 88% of Fortune 500 companies has compromised PC’s running Trojan’s in their environments. – Uri Rivner, RSA
15. "Endpoint . . . solutions are now a PRIMARY line of defense . . .” — Charles Kolodgy Research Director, IDC Security Products Program The Endpoint Is The Target Malware On The Desktop Is The Goal 9/20/2011 15 Copyright 2010. All Rights Reserved.
16. "Endpoint . . . solutions are now a PRIMARYline of defense . . .” — Charles Kolodgy Search Director, IDC Security Products Program Why The Endpoint Is The Target Malware On The Desktop Is The Goal 9/20/2011 16 Copyright 2010. All Rights Reserved. Decentralized Data Keys To The Kingdom Complete Control
17. Why The Endpoint Is The Target The Endpoint is An Easy Target 9/20/2011 17 Copyright 2010. All Rights Reserved. Easy Access Mobile Data Multiple Vectors
19. The Web Under Permanent Siege Targeted Attacks 2008 2009 2010 (Jan/Feb) 61.20% 49.50% 38.50% 34.55% 28.61% 24.30% 19.97% 16.87% 7.40% 7.10% 6.90% 5.10% Adobe Reader MS Word MS Excel MS PowerPoint
20. Losing the Battle Against Cybercrime 9/20/2011 20 Copyright 2010. All Rights Reserved. “Once infected, malware, typically Trojans, will start recording all Internet related traffic, perform keylogging, grab emails, browser-stored passwords, and a long list of additional items. – Uri Rivner, RSA
22. Kaseya’s Solution 9/20/2011 Copyright 2010. All Rights Reserved. 22 Blended Protection / Unified Platform / Remediation / Partners
23. Why Is Kaspersky Different? A Pioneer in Fighting IT Threats for 25 Years Security Technology of Choice 9/20/2011 Copyright 2010. All Rights Reserved. 23
24. The Most Immediate Protection Small Updates for the Best Protection and User Experience Kaseya Antivirus 664 138 Microsoft 33 Symantec 32 Trend Micro 28 CA 24 McAfee 0 100 200 300 400 500 600 700 Updates per Month 9/20/2011 24 Copyright 2010. All Rights Reserved.
25. Fastest Response Time to New Threats Kaseya Antivirus < 2 hours 2 to 4 hours Eset 2 to 4 hours Sophos Symantec 4 to 6 hours McAfee 4 to 8 hours 0 2 4 6 8 Hours 9/20/2011 25 Copyright 2010. All Rights Reserved.
27. International awards | September 20, 2011 Kaspersky Lab Technology Alliances Business Division PAGE 27 | The largest number of industry awards from IT publications and malware testing organizations globally
28. Why Anti-Malware? Best in the industry 100+Million Downloads 5+ Billion Threats Removed What does it add? Layered Protection Lightweight Add-on to Antivirus Focuses MAINLY on Working WITH Antivirus Engines Zero Day Pulled from Web Antivirus Weaknesses Remediation & Cleaning 9/20/2011 Copyright 2010. All Rights Reserved. 28
29. Cleanup Best in the industry for cleanup Completely automated cleaning Cleaning all aspects Processes Browser Helper Objects Toolbars Registry Files Orphaned Folders Rootkits 9/20/2011 Copyright 2010. All Rights Reserved. 29
32. Roadmap Aggressive feature-set enhancements: Server Support (KAV) LAN Share Support Alert Integration Improved Reporting Enhanced logging and forensics Integration with newest releases UI Refinement and standardization Much more…
33. Question & Answers Jeff Keyes Product Marketing Jeff.keyes@kaseya.com Scott Brackett Product Manager scott.brackett@kaseya.com
34. Industry Buzz “ “ Kaseya'sproducts have a reputation for being easy to install and use, compared with many competitive products. Gartner, 2011 (#G00209766) Kaseya’s IT Automation Framework can help many types of IT management organizations. Quickly. Affordably. EMA, 2008 (#1429091307) ” ” “ “ Kaseya’s strength lies in the ease of implementation, support for their customers, and comprehensive service level management. IDC, 2009 (#219336) Service automation is vital to IT success. Kaseya is purpose-built for this next era of computing. OVUM, 2010 (#TA001974ITM) ” ”
36. Resources Learn More About Kaseya http://www.kaseya.com/industries/service-providers.aspx Free Trialhttp://www.kaseya.com/forms/free-trial.aspx Price Quotehttp://www.kaseya.com/forms/price_ent.aspx Contact Us sales@kaseya.com,or toll free +1 415-694-5700
Editor's Notes
CLICK ONE: On November 8, 2009, cybercriminals acquired the banking credentials, username and password, for Hilliary Machinery, Inc., out of Plano Texas. With these stolen credentials, the perpetrators processed more than 47 separate transactions to more than 40 different payees. Over the course of just 3 days, Hilliary Machinery lost $801,495. While the company was able to recover some of the money, there is still over $250K that remains unaccounted for, in addition to attorney fees and court costs resulting from of the an ongoing lawsuit between Hilliary Machinery and its bank. According to Troy Owen, owner of Hillary Machinery, “while the loss did not cause us to go out of business, it certain put off business growth plans that we had.”The cybercriminal used ACH transactions, Automated Clearing House system for electronic payment processing. According to a copy of a Nov. 12 memo between two PlainsCapital employees that was given to Owen, the institution's commercial banking platform requires that each customer not only enter a user name and password, but also register their computer's Internet address by entering a secure access code sent to the e-mail address on file for the customer. On Nov. 8, according to the memo, secure access code e-mails were sent to a Hillary email address, but that the request came from a computer with an Internet address in Italy. The memo then says the actual wire transfer requests were made from IP addresses in Romania. Owen says when Hillary Machinery people saw this, "We were all scratching our heads. Because we don't even do international business, let alone have anyone working in Italy or Romania." Owen says no one at Hillary received any of the secure access request emails. The cybercriminal was able to capture the username and password and, by spoofing the IP, capture the return authorization email. All of this happened inside of Hillary’s network, not the banks.CLICK TWO: Hillary was able to get $600K back but asked the bank for the remaining $200K. The bank then sued Hillary stating that it was not their fault – they had 2-factor authentication in place. CLICK THREE: Hillary has counter-sued hoping to recover all of their funds plus court costs.This is just one of many stories of companies that believed they were secure but suffered substantial losses as a result of cybercriminals gaining access to the endpoint.
Open a newspaper any given day and you’ll read stories of companies being attacked by cybercriminals. Data breaches are rampant. Banker Trojans are stealing online-banking credentials resulting in massive financial losses. In the 2010 Cyber Security Watch Survey, conducted by CSO Magazine, Senior Editor Bill Brenner said, “Even those companies making sizable efforts to keep their data secure admit it’s almost impossible to outpace the bad guys.” It is a war out there, a war against cybercriminals who have one goal in mind – to make money! Today’s cybercriminals are constantly after data that can be easily converted into profit, or after credentials that will allow them to transfer money directly from company coffers.
According to SANS.ORG in its report “The Top Cyber Security Risks:” “ the number of attacks is now so large and the criminals’ sophistication is so great that many organizations are having trouble determining which new threats and vulnerabilities pose the greatest risk and how resources should be allocated to ensure that the most probable and damaging attacks are dealt with first.” As IT Departments spend on security today, many are overlooking the real targeted attack vector of cybercriminals today – The Endpoint.
In addition to more virulent attack methods that result in more money stolen per intrusion, cybercriminals no longer target only large-sized companies. Small businesses, State and Local Government and Education organizations are specifically being targeted by cybercriminals because they are often behind in security spend. Mid-sized companies in the US lost over $100 million dollars in 2009 to fraudulent bank transfers.
RSA’s latest whitepaper on cybercrime reveals that 88% of Fortune 500 companies have compromised PC’s running Trojans in their environments. According to RSA’s Uri Rivner, “these Trojans are busy moving terabytes of corporate data to stealthy drop zones scattered around the ’Dark Cloud’ of the Cybercrime infrastructure.”
The Endpoint – a user’s desktop, laptop, or even a smartphone, and even the servers that support them – has become a wide open target for cybercriminals today. Endpoint systems have become more mobile, both outside the office and across the Internet, making the traditional perimeter ineffective in providing the right level of protection for these valuable corporate assets. According to IDC, “Endpoint . . . solutions are now a PRIMARY line of defense…” because cybercriminals are targeting the endpoint for the theft of data and money.In this presentation we’ll discuss the growing malware threat, how cybercrimals are targeting the endpoint, and how you can protect your endpoints from cybercrime.
As mentioned earlier, EPS are the primary line of defense.Why is the Endpoint a Target?The increasing malware threat is focused on one target today – The Endpoint. But why? Why are cybercriminals so interested in the endpoint today? There are several factors that make the endpoint interesting to cybercriminals:Decentralized Data. Data no longer resides on the mainframe. Sensitive and confidential corporate data now resides on the desktop, the laptop and the smartphone. Gaining access to these devices means gaining access to data with a monetary value.Keys to the Kingdom. Placing the right Trojan on an endpoint system gives a cybercriminal access to data and credentials to other corporate systems, including online banking systems. Millions of dollars are lost every day due to fraudulent transfers from corporate bank accounts through the use of login information captured by Banker Trojans.Complete Control. Gaining root access to the endpoint also gives cybercriminals access to any system or data the end-user can access. The cybercriminal also has the ability to make the endpoint part of a larger botnet, using the system to spread malware to other systems. In addition, endpoint access can give hackers the ability to watch email content, IM chats, web traffic, log keystrokes, etc., making the endpoint a wealth of opportunity.
Computer hackers today are not yesterday’s script-kiddies looking for fame and glory. Today’s cybercriminal seeks to gain access to the endpoint and remain hidden so that they can steal data and money without the user’s knowledge. There are a number of factors that make the endpoint an easy target:Easy Access. As the network perimeter has become more porous, allowing end users access to all that the Internet has to offer, the endpoint has become the new perimeter and, in turn, the new target for cybercrime.Mobile Data. Corporate road warriors span the globe on a daily basis connecting to unsecured networks in airports, hotels, at home and on airplanes. These systems, which are outside the confines of the corporate perimeter, are a constant threat to corporate data and make the perimeter even more porous and accessible to cybercrime.Multiple Attack Vectors. End-users today are using the corporate Internet for both business and personal purposes, providing the cybercriminal multiple attack vectors into the endpoint. Valid business websites (77%) are distributing malware. Social media sites have become a playground for cybercriminals, as they prey upon individuals and companies alike that are trying to understand and embrace social media to keep track of friends, family, customers, prospects and partners. Personal web surfing, dating sites, music sites, video sites, etc., are also vectors for cybercriminals to spread malware to the endpoint. And, let’s not forget the ever-present threat via Email. It is no wonder, and not by mistake, that cybercriminals are targeting the endpoint. Without the right endpoint protection organizations are subject to attack through a multitude of endpoint targets!
IT Departments rarely know what versions of these applications are running in their environment, let alone know what patch levels these applications have installed. According to Secunia PSI statics, only 2% of Windows computers are fully patched. It is through these vulnerabilities that cybercriminals are gaining access to the company endpoint and using malware to carry out their nefarious schemes.
The ultimate goal of all of these attack techniques is to get malware on the endpoint. According to Uri Rivner of RSA:“Once infected,” “malware, typically Trojans, will start recording all Internet related traffic, perform keylogging, grab emails, browser-stored passwords, and a long list of additional items. The Trojan doesn’t stop at online banking credentials and credit card data: it steals your social network posts, your medical content, your private chats, your constituent letters, and all of your work related content: credentials for internal systems, emails you sent or received, corporate financial results, sensitive customer-related web forms you completed in CRM systems.”
Excellent firewalls / routers / UTM devices on the market todayBasic firewallContent filteringSpam filteringVirus filteringLock down wireless accessWEP / WPA have been cracked – use higher levelsUse guest networksSPAM / Virus filtered mailAvailable on the router, email server, and desktop itselfPhishingAvailable via the firewall and on the desktop. Use bothPatching OS, key MS apps, key 3rd party applicationsAntivirusFile AV – on access scannersWeb content, web siteMail checkingIMBehavioral engineAntiMalware / AntiSpywareLayered with AV. Backup as a last resort (for cleaning, etc.)Imaging solution for total system restores
There is no “Mr. McAfee” or “Mr. Symantec.” But there is a “Mr. Kaspersky!” For over 25 years, Eugene Kaspersky has been developing technology that has set the standard for malware protection, resulting in more than 54 global technology patents, including those that are pending. Kaspersky “best of breed” heuristics engines span multiple operating systems, including Linux, Unix, Netware and Microsoft. Kaspersky’s iChecker and iSwift technologies ensure the best in performance.Kaspersky continues to have the best in detection rates for both known and unknown malware, including polymorphic and macro viruses as well as multi-level detection within archived files.Kaspersky also updates faster than any company today ensuring that our customers have the latest in malware protection.
Update FrequencyAn AV solution is only as good as it’s last update. With 3500+ signatures being created a day, it is critical that updates are timely and do not impact the performance of the system.Kaspersky updates more than anyone in the industry, 664 times per month, almost one per hour, making sure that our customers have the latest in protection while minimizing the impact of updates on system performance.
Response Time RankingAccording to AV-Test.org Kaspersky responses faster to new threats than anyone in the industry, dramatically reducing the window of vulnerability for our customers.