1. The document discusses security trends in 2014, including increased usage of SSL encryption, continued ransomware attacks, growing attacks on Windows 7 and 8 systems, new exploit kits, and more sophisticated smartphone attacks.
2. It also mentions the emergence of "system hopping malware" that can infect multiple device types.
3. The document provides examples of security trends and concludes by stating that threats are constantly evolving and the risk of data leakage is increasing.
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
La sécurité de l'emploi : protégez votre SI
1.
2. La sécurité de l'emploi :
protégez votre SI
Florian Malecki
EMEA Product & Marketing Solution
Director
Dell
Florian_Malecki@dell.com, www.dell.com/security
Sécurité
3. Donnez votre avis !
Depuis votre smartphone sur :
http://notes.mstechdays.fr
De nombreux lots à gagner toute les heures !!!
Claviers, souris et jeux Microsoft…
Merci de nous aider à améliorer les Techdays !
#mstechdays
Sécurité
4. Underlying foundation of threats:
Basic nature of threats is constant change
Expanding complexity and reach of threats
Global
infrastructure
• Cyber-terrorism, morphing
and complex threats
Regional
networks
• AI (learn) hacking
Multiple
networks
• Internet
• Worms
• Modem
Individual
computers
1980
• DOS/ DDOS
• Firewall 101
• Individual
computers
• Trojans
• Security
Individual
networks
• Physical again
(Portable media)
• TSRs
• XSS, SQL Injection attacks
• Espionage
• Financial gain
• Homeland security threats
• Delivery via Web 2.0 and
social networking sites
• Viruses
1990
2000
2014
13. Increase in Win7 & Win8 Attacks
http://www.independent.ie/business/technology/deadline-looms-for-xp-users-as-microsoft-shuts-system-support-29941733.html
http://www.zdnet.com/at-years-end-xp-usage-plunges-as-windows-7-and-8-take-over-7000024699/
14. Increase in Win7 & Win8 Attacks
http://www.independent.ie/business/technology/deadline-looms-for-xp-users-as-microsoft-shuts-system-support-29941733.html
http://www.zdnet.com/at-years-end-xp-usage-plunges-as-windows-7-and-8-take-over-7000024699/
15. Security Trends, 2014
1. Increased Usage of SSL Encryption
2. Ransomware Continues
3. Increase in Win 7 & Win 8 Attacks
4. New Exploit Kits in the Wild
16. New Exploit Kits in the Wild
http://threatpost.com/blackhole-and-cool-exploit-kits-nearly-extinct/103034
http://news.softpedia.com/news/BlackHole-Exploit-Kit-Author-Reportedly-Arrested-in-Russia-388949.shtml
17. New Exploit Kits in the Wild
http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html
http://www.scmagazineuk.com/exploit-kits-for-sale-on-a-website-near-you/article/301851/
18. Security Trends, 2014
1. Increased Usage of SSL Encryption
2. Ransomware Continues
3. Increase in Win 7 & Win 8 Attacks
4. New Exploit Kits in the Wild
5. Sophisticated Smartphone Attacks
24. The IT journey…
From mainframe to client server to distributed to risk everywhere
25. Powerful disrupters… the world is more
connected than ever.
Cloud
Big Data
Mobility
Security and
risk
85%
of businesses said their organizations will
use cloud tools moderately
to extensively in the next 3 years.
35
By 2020 volume of data stored will
reach 35 Zettabytes
5X
Mobility source shifts from 62%/38%
corporate/personal owned to 37%
corporate owned and 63% personal owned
79%
of surveyed companies experienced
some type of significant security incident
within the past year that resulted in
financial and/or reputational impact
26. Unfortunately, the bad guys are
more connected too.
They have many names
Spear-Phishers, BOTnets, DDoS, Zero-Day Threats,
Insider threats & former employees
They’re determined to exploit
“disconnected security”
Security tools, processes, user profiles and information,
separated in siloes that leave dangerous gaps inbetween
27. Business can’t stop to wait for security
Cloud SaaS
Data growth
BYOD
Desire: secure
How
is your
To embrace
environment
business trends
with all
these new
initiatives
Challenge:
coming into
Security often
play?
gets in the way
Web 2.0
Virtualization
Compliance
28. Users are Increasingly Out of Your Control
More…
Day
Extenders
Home Office
Users
Kiosks/Public
Machine Users
Traveling
Executives
Devices
Saas/Hosted Apps
Social Media
Network environments
Mobility
Business
Partners/
Extranet Users
Saas, Web 2.0
Real-Time Apps
Wireless LAN
Users
VOIP Users
Tablets & Smart
Phone Users
Internal Users
External Users
29. Mobile business use cases
It’s not just email and
calendar any more…
SOURCE: Yankee Group, June 2012
31. Every 56’’ a laptop is stolen
$49,246
Average value of lost
laptop1
46%
Of lost laptops
contained confidential
data1
Data is the most important asset
companies own:
+
Intellectual Property
+
Customer and employee data
+
Competitive information
IT managers are looking for ways to:
Were not protected
with mobile security
features1
$5.5M
Average organizational
cost of a data breach2
Source: 1. Poneman Institute Study
Source: 2 Symantec & Poneman Institute Study: US cost of a Data Breach, 2011
Fully protect data wherever it goes without
disrupting end users
+
Save time deploying and managing
security
+
Ensure they remain in compliance
+
57%
+
Flexible scale to ensure they meet the
requirements of different users
32. Mobile usage – blurred lines
Personal
Business
Email
Email
Calendar
Calendar
Internet access
Intranet file share
Social media
Intranet business apps
Increased risk of business data loss and
introduction of malware
33. Today, layers and silos get the security
job done but often have gaps =
business risk
Individual job done well in silos
• Solutions often don’t work together
• Solutions don’t work across
the
business
Silos and layers add stress to your
resources
• Difficult to get to work together
• Limited security resources
Dell
belief:
there is a
better
way
34. Dell’s vision: Connected Security for a
connected world
Effective
Security to
enable
business
while also
meeting the
needs of
security
Connected Security is security that…
•
•
•
•
Shares and applies intelligence
Works with the business, end-to-end
Maintains flexibility and open architecture
Enables broad contextual awareness with
dynamic control
Protect information
everywhere
Efficient
Work with the
business
35. Securing & Monitoring Data and Access
DDP|
E
KACE
Applications
SonicWALL
SecureWorks
Data
36. The Dell Approach is Simple and Modular with
Outside in and inside out protection, from device to
cloud.
Data
cloud
Data Security
Configuration &
Patch Management
Identity
Identity &
Access
Management
Data center
Network
End points
Next Gen Firewall
Secure Remote Access
Email Security
Security Services
Incident Response
Managed Security Services
Security & Risk Consulting
37. Dell
Security
Service
s
Let good
guys in
Keep bad
guys out
Enstratius
(Multi-Cloud
Manager) IAM
Dell Threat
Intelligence
Dell Incident
Response
Application
Security
Network
Security
Data & Endpoint
Security
Dell KACE
Dell
SonicWALL
Dell
SonicWALL
Secure
Remote
Access (SRA)
Mobile
Connect
Dell One
Identity
IAM
Dell Security
& Risk
Consulting
Configuration
& Patch
Management
Dell Data
Protection
Encryption
Dell KACE
Dell
SonicWALL
Embedded in
Dell
Infrastructure
& Devices
Email Security
Dell
SonicWALL
K3000 MDM
Next-Gen
Firewall
Dell Wyse
Cloud Client
Manager
Scalable and Mid-Market design point: endpoint to data center to cloud
Endpoint
Network
Server
Storage
Cloud
Did you know DELL does Security?
*formerly Quest One
Dell Managed
Security
Services
38. Better connected means better
protected
Connect security to
infrastructure
Embed: Security embedded natively
into infrastructure
Connect security to
information
Protect, Predict: Security solutions
that gather, analyze, report and
enable action
Connect security to
other security
solutions
Embed, Protect, Predict,
Respond: Security that is no longer
siloed…Data, User, Network,,
Services
40. Demo: Encryption Enforcement for Cloud
Services
Data protection assurance…
•
Dell Data
Protection |
Encryption
+
•
If encryption isn’t present, document
cannot be posted until device is
compliant with policy
•
Dell NextGeneration
Firewall
Ensures encryption is applied prior to
the document being posted to a cloud
service
Applies company access policies to
cloud service, if desired
Better connected means better protected
42. Demo: Secure Mobile Access
Dell Kace
+
Dell Secure
Mobile
Access
Better connected means better protected
43. Demo: Secure Mobile Access
•
Quarantine systems not
running the KACE agent
•
Redirect users to KACE
User Portal
•
Allow KACE agent to bring
endpoint to compliance
Better connected means better protected
44. Demo: Secure Mobile Access
Secure Mobile Access…
Dell
Defender
+
Dell Secure
Mobile
Access
•
Increased security using SSL VPN and 2
Factor Authentication solutions
Better connected means better protected
45. Mobile Connect for Windows 8.1
• Microsoft ships Mobile Connect VPN plugin ‘Inbox’ in Windows 8.1
• Supports all versions of Windows 8.1 including Windows RT and (Window
Phone Future)
• Integrated Windows user experience with management via Windows UI, MDM
solutions and PowerShell.
46. Dell security and business solutions are recognized in
the Gartner Magic Quadrants 2011 to 2013
Challengers
Leaders
• Identity and Access
Governance
• Managed Security
Service Providers
• Unified Threat
Management
• User Administration and
Provisioning
Security Solutions
Niche Players
• Enterprise Network
Firewalls
• Secure Email Gateways
• Enterprise
Backup/Recovery
Software
Visionaries
• E-Class SRA SSL VPN
• Mobile Data Protection
47. Snapshot
Patagonia grew out of a small company that made tools for
climbers. Alpinism remains at the heart of a worldwide
business that still makes clothes for climbing – as well as
for skiing, snowboarding, surfing, fly fishing, paddling and
trail running, and employs over 1600 employees worldwide.
Challenge
The company needed to update its legacy firewalls and
implement a centralised management tool to make it easy
to deploy and manage. Application Intelligence and Control
firewall functionalities and QoS were also key
requirements.
Results
•
Fast implementation of the Dell SonicWALL E-Class
NSA 5500, TZ series and Wireless Access Points at
the EMEA HQs and remote locations
•
Better bandwidth usage and management
•
Efficient and cost-effective distributed network
implementation
•
Better work-life balance thanks to secure remote
access
•
Dell SecureWorks for 24/7 security
monitoring/auditing
•
Dell Eco System: servers, storage, laptops/PCs
Software
So before we dive into our security strategy, let’s first talk about how we got here… where we are as an industry… the IT journey.In the mainframe and mini computer/AS400 era, data, device access to the data and applications were all safe and in one place. Even as the datacenter got distributed it was still easy to secure it was all in one place, inside a firewall and glass house.But with the advent of x86 servers and internetworking, data and applications became distributed and the dawn of client server computing and multi-tier architecture emerged….users, applications and data started spreading out and number of security products started to grow, but data still relatively safe inside a network firewall. As the web emerged, and applications were becoming accessed by the web, much of the data was still hosted on a back end system and still fairly safe, security risk increased in terms of access to data and new tools emerged to fix the new vulnerabilities such a virus’ that crept in, denial of service attacks, etc., however the data was fairly resident inside the enterprise firewalls. Today, data and applications can be anywhere, and users can access these applications from anywhere, and security tools are everywhere like a patch work of utilities trying to plug the old vulnerabilities and they new types of vulnerabilities. The complexity of data anywhere and users everywhere as well as a patchwork of siloed security is now so extreme, that legacy security methods and managing in SILO’s is dangerous and long past its time.
As we were thinking about our security strategy, we wanted to do what we do best… talk to customers. We surveyed our customers and learned the key things driving them today. The top 3 themes we heard from our customers is that they want to leverage the enormous opportunities presented by Cloud, Big Data and Mobility; however the opportunity is locked up due to the 4th trend: Security and Risk challenges.
Many organizations have adapted to their security challenges by applying layers of security, effectively managing security in silos. BYOD, the cloud, and APTs and other threats all dealt with inconsistently and separately with disparate solutions, leaving IT always reacting. But Dell believes that managing security in silos creates risk to the business. These risks exacerbate the existing security challenges of: compliance, new technologies, limited security resources, growing threats. Dell believes there is a better way.
EXEC QUESTION: As an example, how many programs have you delayed because of security? Which ones and what were the challenges? Or have you pushed through while accepting risk (known and/ or unknown)? How often have you continued with known/ or unknown risk (accepted risk)?Or do you give in and throw security caution to the wind? … can’t do that because of compliance requirements… more often stall projects.Question… What is your security profile: ostrich (claim ignorance), vigilant (get all data) and not invented here… what do you want to be… ideal profile, aware of risks, don’t slow down and be careful. Mega Security Threats: Security threats – Greater frequency and caliber New technologies that have security challenges (big data, BYOD, cloud computing, other) Resources are limited (people, money) Security can no longer be a disjointed effort Encourage innovation while protecting business
Increased mobile worker demand to access mc apps, not just email and calendar any more.IT has done a great job of enabling fast, easy mobile access to calendar and email, specifically, deploying activsync has made it pretty easy to enable secure access with minimal security risks.Mobile workers have enjoyed great productivity gains from this and are now demanding access to more than just email and calendar.As you can see from a Yankee Group survey last year, mobile workers want to further increase productivity and get access to more apps and data, including corporate data bases, financials, CRM….The challenge to IT is to enable this in a way that delivers a simple mobile user experience for a wide variety of business workloads while keeping management complexity and security threats to a minimum.
Of course, this is no surprise to IT, because mobile workers have increasingly been demanding access to mission-critical data and apps from personal smart phones, tablets and laptops. But, this personal and business, mixed -usage model, often results in co-mingling of personal and business data and apps on mobile devices . The typical scenario is a mobile user accessing email, calendar, the internet, social media and other apps for personal use, and also accessing business mail, calendar, intranet file share and intranet business apps for business use.The challenge for IT here, is that this comingling of apps and data increases the risk of business data loss and the risk of malware threats. So let let’s look more closely at the mobile threats, the impact co-mingling presents and the technologies available now and on the horizon to enable worker productivity while protecting from mobile threats
Many organizations have adapted to their security challenges by applying layers of security, effectively managing security in silos. BYOD, the cloud, and APTs and other threats all dealt with inconsistently and separately with disparate solutions, leaving IT always reacting. But Dell believes that managing security in silos creates risk to the business. What if a single solution could help you: Respond quickly to security threats and problems before they negatively impact the business.Protect every part of the infrastructure – inside and outside the network –reducing the number of vendors and disparate solutions and gaining efficiencies by reducing costs.Provide common-sense reporting that spans across areas of the network and infrastructure, helping to reduce the risk of errors from missed problems or threats, and saving time.Unify the patchwork of processes, reducing the complexity of meeting security and compliance objectives?. … and Dell provides that solution. It’s called Connected Security.
Dell Connected Security gives organizations the power to solve their biggest security and compliance challenges today, while helping them better prepare for tomorrow. From the endpoint to the data center to the cloud Dell helps mitigate risks to enable the business. Connected Security is security that: Shares and applies intelligenceWorks with the business, end-to-endMaintains flexibility and open architectureEnables broad contextual awareness with dynamic controlIt all means:Greater efficiency with solutions that are easy to deploy and manageGreater effectiveness, improving your security visibility, threat prevention and response 24x7Greater productivity, ensuring security without performance trade-offsWhat it’s NotFully converged security such that layers and pieces are irrelevantNon Dell technology still fits inCompletely centralizedstill going to have security with specific jobsMonolithic and heavyLocked in approachOpen architecture still the way to gomation everywhere (and maintain business operations)
Our lifecycle approach to security ha solutions that cover the entire spectrum of IT… … from the endpoint where we encrypt data at rest and secure devices… to the network where our award-winning capabilities in next-generation firewalls, secure remote access and email security protect the boundary without sacrificing user productivity or network performance … to the user where we ensure that the business has control over who has access to what information, that it can be governed, audited and managed for greater efficiency… to managed security services that provide counter-threat protection, incident response and risk consulting from some of the world’s largest dedicated team of security researchers.<CLICK TO BUILD>Here are the broad solutions we provide in our Connected Security approach… We’ll focus on three areas in particular in this presentation: Identity and access management, network security and endpoint security.
The best security is the security you just get wherever you are “end to end”Building it into the infrastructure so it is just there is the best way to get it (embedded in the hardware, infrastructure)
How are we doing this… Connected Security is all about providing customers with a balanced approach to security. It should be simpler, more unified and connected to the business. It should be an enabler to the business and not get in the way. Being too lax on security means too much risk, but applying too much security and end users can’t do their jobs. We Embed security natively at the time of manufacture into every piece of infrastructure, every device. This connects security to information (or data) wherever it resides. We Detect, Protect and enable you to Respond to threats before they have negative consequences on the business, or Predict them based on patterns of behavior or through shared intelligence. Our solutions collectively gather, analyze, report and enable you to act, connecting security to the infrastructure and applications critical to your business. We eliminate the silos of security information, connecting security across solutions – data, user, network, applications and services.
Is Dell Connected Security real? How exactly are we proving this out? Today… we already have solutions that we embed within hardware (connecting to infrastructure). We also have traditional security solutions that leverage all of the information on a network, in the wild to proactively protect (this is what security solutions do… no differentiation… but it is connecting to information).But our real differentiation is in how we can connnect disparate secruity solutions to other security solutions. We have two examples we want to review with you.
NOTE: the demo will be run live, or will be a video. If we go with the latter, the live demo will be run in the expo area at predetermined hours on THUR and FRI.
Is Dell Connected Security real? How exactly are we proving this out? Today… we already have solutions that we embed within hardware (connecting to infrastructure). We also have traditional security solutions that leverage all of the information on a network, in the wild to proactively protect (this is what security solutions do… no differentiation… but it is connecting to information).But our real differentiation is in how we can connnect disparate secruity solutions to other security solutions. We have two examples we want to review with you.
NOTE: the demo will be run live, or will be a video. If we go with the latter, the live demo will be run in the expo area at predetermined hours on THUR and FRI.
NOTE: the demo will be run live, or will be a video. If we go with the latter, the live demo will be run in the expo area at predetermined hours on THUR and FRI.
NOTE: the demo will be run live, or will be a video. If we go with the latter, the live demo will be run in the expo area at predetermined hours on THUR and FRI.
In 2012-2013, Dell security and business solutions are recognized in 19 Gartner MQ reports and Dell is positioned as a Leader in 8 of the reportsSources:See Appendix Security AR Contact: Ashley Vandiver/Security AR activities for Dell across bu’s, avandiver@secureworks.com)
More than 9,000 employees $4 billion in revenueEighth largest service provider in the U.S., serving about 5.8 million customers in 126 markets in 26 states. CHALLENGE: U.S. Cellular needed to secure a 4G LTE network by 2012. The company needed to protect its network traffic from outside attacks and a multitude of ever-evolving threats. U.S. Cellular needed a solution that could handle tremendous volumes of traffic and could support 40GB throughput per second. RESULTS:Dell SonicWALL SuperMassive Next-Gen Firewall provides extreme scalability and performance. The SuperMassive solution was specifically chosen because of its extensible multi-core architecture and ability to manage bandwidth for heavy loads of network traffic.US Cellular was able to expand remote access for employees to access corporate resources remotely by implementing Dell SonicWALL’s Aventail SSL VPN platform