Verisign iDefense Security Intelligence Services
-
date post
14-Sep-2014 -
Category
Technology
-
view
3.116 -
download
1
description
Transcript of Verisign iDefense Security Intelligence Services
VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
VeriSign® iDefense® Security Intelligence Services Overview
Anchises M. G. de Paula, CISSP
May, 2011
2 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
Security Incidents Dominate Headlines
Oracle to fix 73 security bugs
next week Computerworld, April 2011
WikiLeaks Releases Guantánamo Bay Prisoner Reports
Wired, April 2011
Royal Navy hacker claims to
have broken into space
agency site The
Register, April 2011
Malware Aimed at Iran Hit Five Sites, Report Says New York Tim, February 2011
Sony PlayStation suffers
massive data breach
Reuters, April 2011
3 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
Increased Sophistication of Attacks / Attackers
More than 286 million new malware variants detected in 2010 1
93% increase in malware attacks in 2011 1
56% of malicious code infections were Trojans in 2010 1
Reported online crime losses totaled $559.7M USD in 2009 – a total of 336,655
complaints, a 111% and 22.3% increase from 2008, respectively. 2
Cyber criminals are targeting Web 2.0 and cloud technologies
Ecommerce fraud in 2010 estimated to $2.7 billion 3
More than 115,000 reported phishing attacks in 2010 4
4 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
New and Emerging Attack Vectors—Real & Present
• Mobile Threats
• Virtualization; Cloud Computing
• IPv6
Source: Lattuf2: http://tinyurl.com/djyqk4
Waldec Trojan: 2500 Unique IPS
Source: Waldec: CarnalOwnage, 01/09
• Social Engineering Attacks
• Phishing/Whaling/Spear Phishing
• Data Stealing Trojans
Underground Evolution
Underground Evolution
MaliciousInfrastructure
MaliciousInfrastructure
Technology Disruptors
Technology Disruptors
5 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
The Challenge of Keeping Up
Which patches are critical?Which aren’t?
Which patches are critical?Which aren’t?
Is this a real threat? Are there threats I don’t know about?
Is this a real threat? Are there threats I don’t know about?
How do I get the most out of our security infrastructure
investments?
How do I get the most out of our security infrastructure
investments?
How can I stay aheadof the threat curve?
How can I stay aheadof the threat curve?
How do I maximize our incident response efforts?
How do I maximize our incident response efforts?
How can I make sense of global threat implications?How can I make sense of
global threat implications?
How do I best inform executive management of the most relevant risk factors?
How do I best inform executive management of the most relevant risk factors?
6 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
The Solution
Proactively Protect
Respond In Real-time
Understand Global
Implications
Remediate OnlineFraud
Prioritized Vulnerability
and Patch Management
Enable Risk Management
7 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
What Can VeriSign iDefense Do for You?
VeriSign iDefense pinpoints which threats pose the greatest risk•Know what you need to do to proactively protect your networks, Web applications and sensitive data•Apply customized threat intelligence to your unique geographical and contextual needs of your business•Access to exclusive research and VeriSign iDefense analysts – far beyond publicly known vulnerabilities•Support faster and smarter incident response capabilities
™
8 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
VeriSign iDefense Security Intelligence Services
The Leading Security Intelligence Research Shop
VeriSign iDefense delivers deep analysis and actionable intelligence related to vulnerabilities, malicious code and geopolitical threats to enable protection against critical infrastructure attacks
Industry-Leading Services Offerings
• Intelligence is our core competency 24/7• 100% vendor-agnostic
Actively Gathering Global IntelligenceSince 1998
• Based in the Greater Washington DC Area• Worldwide Reach
Recognized by Frost & Sullivan
The Leading Provider of ExclusiveVulnerabilities (2009)
9 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
VeriSign iDefense Security Intelligence Services
• Zero-day threat protection
• Vulnerability management support
• Critical infrastructure protection through public/private sector analysis and information sharing
• Faster and smarter incident response
• Fraud mitigation and response strategies
• Increased global threat awareness
VeriSign iDefenseIntelligence Organization
VulnerabilityAggregation
InternationalCyber Intelligence
MalcodeOperations Lab
FS-ISAC SOCFS Info Sharing & Analysis Center
VeriSign iDefense Fusion Cell
Rapid ResponseTeam
Vulnerability AdvancedResearch Labs
DeliveringSecurity Operational Support
10 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
The VeriSign iDefense Intelligence Process
Discovery Analysis Publication Delivery
XMLAppliance
Portal
OriginalVulnerabilities
GeopoliticalThreats
MaliciousCode
IntelligenceReport Archive
ArchiveIntelligenceReports
PublishIntelligenceReports
CreateIntelligence
Reports
Analyst Desktop
OriginalVulnerabilities
& VeriSign
iDefense Labs
The World
Public Sources
CentralizedData Collection Public
Vulnerabilities
Desktop Tools& Freeware
VeriSign Intelligence
Network
RSS Feed
Int’l Cyber Intelligence
VeriSign iDefense executes a disciplined process to get intelligence data to users
11 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
The VeriSign iDefense Original Vulnerability Process
Each Vendor Works with VeriSign on Public Disclosure Schedule
Discovery NotificationResponsibleDisclosure
Public DisclosureBy Vendor
The World
VeriSign iDefense
Vulnerability Advanced Research
Labs
Verification
OriginalVulnerabilities
VeriSign iDefense Customers
Vendor
VeriSign iDefense process for notifying customers and vendors of vulnerabilities
VCPNetwork
12 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
Get the Best Security Intelligence with iDefense
Quick StatsQuick Stats
• Over 170,000 published Intelligence reports
• On average 8 research reports published per major threat
• Reported on over 10,000 vulnerabilities of which 602 are exclusive vulnerabilities discovered over past three years
• On average, warns customers of Microsoft vulnerabilities 100 days in advance of Microsoft
• 181 days in advance for other vendors’ vulnerabilities
• Customized and Customer-Driven Tracking
• 21,500+ Products and Technologies
• 250+ Vendors
• 1550+ Public sources
• 1200+ Underground and Private sources tracked/infiltrated
Key Attributes Key Attributes
• 50+ full-time, dedicated security analysts= 500,000+ hours of collective experience & insight
• More than 600 Security Research Contributors Worldwide
• Multi-Lingual Threat Collection
• Over 20 Spoken Languages Covered
• Ongoing Global Field Operations in suspect countries
• Threat Data, Analysis and Attribution
• Not just “what”, but the “who”, “why” and “how”
• Access VeriSign iDefense Analysts
• Greater network visibility through the VeriSign .com/.net Global Infrastructure
13 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
iDefense Portal
14 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
Intelligence that Warns when a Threat Is Real
What VeriSign iDefense can do for its customers when a real threat emerges
• December 2008: Microsoft announces out-of-band patch with a zero-day tolerance
• Within 17 hours, VeriSign iDefense updated the alert for this one vulnerability 7x with new information about:
• How the vulnerability works• Potential impact• How to mitigate with the patch and other workarounds
Midnight
Microsoft Announces Out of Band Patch; Exploit Code in
the Wild
2 AM
First Leader Team Discussion
5 AM
Decision to go to War Room
10 AM
First Meeting; Situational Awareness
3 PM
Last Meeting; Situational Awareness
5:30 PM
Customer Call
1 PM
MS releases OOB Patch
VAT issued an alert
Exploit Code Found
PCAPS Developed;
Sigs Developed
Customer InformationComing In
Exploit Code Built
VeriSign iDefense
Threat Report Updated 7X
15 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
Ways to Consume VeriSign iDefense Intelligence
Frequency of Research Delivery DailyDaily
• Intelligence Feed• Public Vulnerability Reports• VeriSign iDefense® Exclusive
Vulnerability Reports • Malicious Code Reports• VeriSign iDefense ® Threat
Reports
• Flash Reports
Weekly / Bi-WeeklyWeekly / Bi-Weekly
• Weekly Threat Report• Weekly Vulnerability Summary
Report• Weekly Malicious Code
Summary Report• VeriSign iDefense® Threat
Briefings
MonthlyMonthly
• Topical Research Reports• Patch Tuesday Report
By RequestBy Request
• VeriSign iDefense® Analyst Service• Rapid Response Service• Focused Intelligence Reports• Malicious Code Rapid
Report Service• Phishing Shutdown Service• Malicious Code Shutdown Service
8 Reports / Year8 Reports / Year
• Global Threat Research Report
AutomatedAutomated
• Malicious Code Credential Recovery Service
• IP Reputation Service• Integration Services:
• QualysGuard• Archer• Agiliance• Skybox• ArcSight
16 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
VeriSign iDefense Integrated Intelligence
• Integrating deep and analytical research from VeriSign iDefense brings value to the landscape of security management tools and platforms
• Integration can maximize security infrastructure and management investments
• Future integrations are in development with leading Patch Management, Ticketing and IDS/IPS device vendors
Vulnerability ManagementVulnerability Management SIEM PlatformSIEM Platform IT GRCIT GRC
17 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
*VeriSign iDefense offers several integration scenarios with leading security management platforms and tools. Please consult your Account Executive to review a full list of available integrations and discuss the value of integrated analytical intelligence into your enterprise environment.
iDefense Service Bundles: Support Security Ops
Global Threat Intelligence Services
Global Threat Intelligence Services
• iDefense® Threat Briefings• Weekly Threat Report• Vulnerability Summary Reports• Malicious Code Summary
Reports• Topical Research Reports• Global Threat Research
Reports• iDefense® Analyst Service
Vulnerability Intelligence Services
Vulnerability Intelligence Services
• FLASH Reports• Threat Reports• Public Vulnerability Intelligence
Reports• iDefense® Exclusive Vulnerability
Reports• Vulnerability Summary Reports• Malicious Code Intelligence Reports• Patch Tuesday Reports • iDefense® Analyst Service• Optional iDefense Integration
Services*
Incident Response ServicesIncident Response Services
• Threat Reports• Malicious Code Intelligence
Report• Malicious Code Summary
Report• Malicious Code Rapid Report
Service• iDefense® Rapid-Response
Service• iDefense® Analyst Service
Fraud Mitigation ServicesFraud Mitigation Services
• IP Reputation Service• Victim IP Feed• iDefense® Analyst Service• Optional Phishing Shutdown
Service• Optional Malicious Code
Shutdown Service
Add-On ServicesAdd-On Services
• Focused Intelligence Report• Custom Intelligence Report• Artifact Analysis On-Demand
Service• iDefense® Rapid-Response
Service• Phishing Shutdown Service• Malicious Code Shutdown
Service• *iDefense Integration Services
for: - QualysGuard VM- Skybox Threat Alert
Manager- Archer- ArcSight- Agiliance
18 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
Core Service
Standard Service
iDefense® Intelligence Feed▪ Public Vulnerability Reports▪ Threat Reports
FLASH Reports
Tactical Research
iDefense® Intelligence Feed▪ Public Vulnerability Reports▪ Threat Reports▪ iDefense® Exclusive
Vulnerability Reports ▪ Malicious Code Reports
FLASH ReportsCyber Threat Brief
Tactical Research
Comprehensive ServiceTactical Research
iDefense® Intelligence FeedFLASH Reports
Strategic Research
iDefense® Analyst Service iDefense® Threat BriefingsiDefense® Designated Analyst ServiceMalcode Rapid Report ServiceIP Reputation Service
Analyst Team
Weekly Threat ReportVulnerability Summary ReportsMalicious Code Summary ReportsPatch Tuesday ReportsTopical Research ReportsGlobal Threat Research Reports
iDefense® Intelligence Feed▪ Public Vulnerability Reports ▪ iDefense® Exclusive Vulnerability
Reports▪ Malicious Code Reports▪ Threat Reports
FLASH Reports
iDefense® Analyst Service iDefense® Threat BriefingsMalcode Rapid Report Service
Enhanced Service
Strategic Research
Tactical Research
Weekly Threat ReportVulnerability Summary ReportsMalicious Code Summary ReportsMicrosoft Patch Tuesday ReportsTopical Research Reports
Analyst Team
iDefense Threat Protection-Level Service Bundles
19 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
Intelligence In Action—A Case Study
A top 10 enterprise services firm saved about $5M by using VeriSign iDefense analysis to decide—correctly—not to install three out-of-cycle patches… even though other security organizations were recommending them
Vulnerability Management AssistanceSave time and money
20 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
Intelligence In Action—A Case Study
On Feb 26, 2009, a mass mailer virus was identified internally within a top global enterprise services firm attempting to spread to all addresses within an address book. Within 3 hours of submission to VeriSign iDefense Rapid Response Team, analysis and remediation strategies were delivered that enabled institution of immediate and accurate file restrictions and updated AV signatures to thwart the threat of the Waledec Mass Email Worm.
Incident ResponseFaster and smarter remediation
21 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
A top 10 US bank leveraged VeriSign iDefense world-class malcode analysis services that lead to the identification and cancelation of a fraudulent online bank transaction in the amount of $82K.
Fraud MitigationGain visibilityand confidence
Intelligence In Action—A Case Study
22 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
Intelligence In Action—A Case Study
Recently, a VeriSign iDefense client was considering expansion into Russia and need to understand how this might impact their risk level. By leveraging iDefense Global Threat Intelligence Services, the organization increased awareness of prominent insider threats in the region. As a result, intelligence delivered in the context of the client’s geographical needs was used in making better decisions around review of local security practices, hiring of local personnel and background checks.
GlobalThreat IntelligenceDrives Threat Awareness
23 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
The Bottom Line
• Manage security risk. Not just threats• Know which threats matter most.
(And which ones don’t)• Get an average 100+ days advanced
notification on Zero-day vulnerabilities• Strengthen your security team • Trust the industry’s truly
vendor-independent provider of global cyber threat intelligence
24 VERISIGN CONFIDENTIAL
Q & A
Thank You
© 2010 VeriSign, Inc. All rights reserved. VERISIGN and other trademarks, service marks, and designs are registered or unregistered trademarks of VeriSign, Inc. and its subsidiaries in the United States and in foreign countries. All other trademarks are property of their respective owners.
26 VERISIGN CONFIDENTIAL
APPENDIX
27 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
*VeriSign iDefense offers several integration scenarios with leading security management platforms and tools. Please consult your Account Executive to review a full list of available integrations and discuss the value of integrated analytical intelligence into your enterprise environment.
iDefense Service Bundles: Support Security Ops
Global Threat Intelligence Services
Global Threat Intelligence Services
• iDefense® Threat Briefings• Weekly Threat Report• Vulnerability Summary Reports• Malicious Code Summary
Reports• Topical Research Reports• Global Threat Research
Reports• iDefense® Analyst Service
Vulnerability Intelligence Services
Vulnerability Intelligence Services
• FLASH Reports• Threat Reports• Public Vulnerability Intelligence
Reports• iDefense® Exclusive Vulnerability
Reports• Vulnerability Summary Reports• Malicious Code Intelligence Reports• Patch Tuesday Reports • iDefense® Analyst Service• Optional iDefense Integration
Services*
Incident Response ServicesIncident Response Services
• Threat Reports• Malicious Code Intelligence
Report• Malicious Code Summary
Report• Malicious Code Rapid Report
Service• iDefense® Rapid-Response
Service• iDefense® Analyst Service
Fraud Mitigation ServicesFraud Mitigation Services
• IP Reputation Service• Victim IP Feed• iDefense® Analyst Service• Optional Phishing Shutdown
Service• Optional Malicious Code
Shutdown Service
Add-On ServicesAdd-On Services
• Focused Intelligence Report• Custom Intelligence Report• Artifact Analysis On-Demand
Service• iDefense® Rapid-Response
Service• Phishing Shutdown Service• Malicious Code Shutdown
Service• *iDefense Integration Services
for: - QualysGuard VM- Skybox Threat Alert
Manager- Archer- ArcSight- Agiliance
28 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
Core Service
Standard Service
iDefense® Intelligence Feed▪ Public Vulnerability Reports▪ Threat Reports
FLASH Reports
Tactical Research
iDefense® Intelligence Feed▪ Public Vulnerability Reports▪ Threat Reports▪ iDefense® Exclusive
Vulnerability Reports ▪ Malicious Code Reports
FLASH ReportsCyber Threat Brief
Tactical Research
Comprehensive ServiceTactical Research
iDefense® Intelligence FeedFLASH Reports
Strategic Research
iDefense® Analyst Service iDefense® Threat BriefingsiDefense® Designated Analyst ServiceMalcode Rapid Report ServiceIP Reputation Service
Analyst Team
Weekly Threat ReportVulnerability Summary ReportsMalicious Code Summary ReportsPatch Tuesday ReportsTopical Research ReportsGlobal Threat Research Reports
iDefense® Intelligence Feed▪ Public Vulnerability Reports ▪ iDefense® Exclusive Vulnerability
Reports▪ Malicious Code Reports▪ Threat Reports
FLASH Reports
iDefense® Analyst Service iDefense® Threat BriefingsMalcode Rapid Report Service
Enhanced Service
Strategic Research
Tactical Research
Weekly Threat ReportVulnerability Summary ReportsMalicious Code Summary ReportsMicrosoft Patch Tuesday ReportsTopical Research Reports
Analyst Team
iDefense Threat Protection-Level Service Bundles
29 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
VeriSign iDefense Security Intelligence Services
• Vulnerability Aggregation Team
• Vulnerability Advanced Research Labs
• Malicious Code Intelligence and Operations
• Rapid-Response Team
• International Cyber Intelligence Team
• FS-ISAC (SOC)
• VeriSign iDefense Fusion Cell
• Editorial Team
VulnerabilityAggregation
InternationalCyber Intelligence
MalcodeOperations Lab
FS-ISAC SOCFS Info Sharing & Analysis Center
VeriSign iDefense Fusion Cell
Rapid ResponseTeam
Vulnerability AdvancedResearch Labs
VeriSign iDefense Intelligence Organization
Editorial
30 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
VeriSign iDefense Intelligence Organization
Vulnerability Applied Research Labs
•Vulnerability Contributor Program (VCP)
• A network of 600+ researchers worldwide
•Original Vulnerability Analysis and Discovery
•Responsible Disclosure of Original Vulnerability Discovery
VulnerabilityAggregation
InternationalCyber Intelligence
MalcodeOperations Lab
FS-ISAC SOCFS Info Sharing & Analysis Center
VeriSign iDefense Fusion Cell
Rapid ResponseTeam
Vulnerability AdvancedResearch Labs
Provides vulnerability mitigation intelligence by conducting leading-edge reverse-engineering research and analysis of submitted and internally uncovered computer vulnerabilities, exploits, and attacks
31 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
VeriSign iDefense Intelligence Organization
Vulnerability Aggregation Team
• 24X7 Operations
• Infiltration, Aggregation, Analysis
• Customer-driven, Customized Tracking• Tracks 1,550+ Public and Private Sources• 21,500+ Products and Technologies• 250+ Vendors
• Websites, Forums, Mailing Lists, Underground
• De-conflict Resolution• Analysis of conflicting information
• Deep Human Analysis in Every Report• Not just aggregated data
Provides in-depth research and analysis on public vulnerabilities and exploits to ensure customers receive actionable vulnerability notification and mitigation options
VulnerabilityAggregation
InternationalCyber Intelligence
MalcodeOperations Lab
FS-ISAC SOCFS Info Sharing & Analysis Center
VeriSign iDefense Fusion Cell
Rapid ResponseTeam
Vulnerability AdvancedResearch Labs
32 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
VeriSign iDefense Intelligence Organization
Financial Services Information Sharing and Analysis Center
(FS-ISAC)
•Security Operations Center (SOC) for 4,000+ member organization
•Collaborates with U.S. Department of Treasury
•Serves as the operational arm of the Financial Services Sector Coordinating Council
•Acts as the primary communications channel for financial services sector
The mission of the FS-ISAC is to enhance the ability of the financial services sector, and its critical infrastructure, to prepare and respond to cyber and physical threats, vulnerabilities and incidents
VulnerabilityAggregation
InternationalCyber Intelligence
MalcodeOperations Lab
FS-ISAC SOCFS Info Sharing & Analysis Center
VeriSign iDefense Fusion Cell
Rapid ResponseTeam
Vulnerability AdvancedResearch Labs
33 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
VeriSign iDefense Intelligence Organization
VulnerabilityAggregation
InternationalCyber Intelligence
MalcodeOperations Lab
FS-ISAC SOCFS Info Sharing & Analysis Center
VeriSign iDefense Fusion Cell
Rapid ResponseTeam
Vulnerability AdvancedResearch Labs
Rapid Response Team
•First Line of Defense to Customers
• Extension of Your Research Team
•Targeted Attack Analysis
• Expert Code Analysis
•Timely Research
• 10 Minutes, 3 Hours, 2 Days
•Comprehensive Reporting
• Remediation and Workaround Strategies
Provides a 24/7/365 incident response service in the form of an executive briefing to occur within three (3) hours of a customer submission and discussion of incident
34 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
VeriSign iDefense Intelligence Organization
VulnerabilityAggregation
InternationalCyber Intelligence
MalcodeOperations Lab
FS-ISAC SOCFS Info Sharing & Analysis Center
VeriSign iDefense Fusion Cell
Rapid ResponseTeam
Vulnerability AdvancedResearch Labs
Malcode Intelligence & Operations
•Global Aggregation
• Websites, IRC, Forums, Honey Pots
•De-conflict Resolution
• Analysis of conflicting information
•Code Analysis Lab
• Goat Machines, VM Network
•Reverse Code Engineering
• Industry Leading Engineers
•Malware Discovery
• New tactics and new targets
Provides notification of malicious code threats to IT security breaches to augment customers’ risk management process
35 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
VeriSign iDefense Intelligence Organization
VulnerabilityAggregation
InternationalCyber Intelligence
MalcodeOperations Lab
FS-ISAC SOCFS Info Sharing & Analysis Center
VeriSign iDefense Fusion Cell
Rapid ResponseTeam
Vulnerability AdvancedResearch Labs
International Cyber Intelligence
•Geopolitical Analysis and Actor Attribution
• Answers the “Who” and “Why” behind Attacks
•Field Research and Investigations
• Russia, China, Middle East, South America
•Threats in Context
• Trends, Events, Techniques
•Multilingual Analysts
• 20 Spoken Languages
• Arabic, Cantonese, Chinese Mandarin, Dari, Farsi, French, German, Hindi, Japanese, Kannada, Marathi, Russian, Sinhala, Spanish, Tagalog, Tajik, Turkish, Urdu, Wu, etc.
Provides research on the dynamics of the world’s cyber security environments and its interconnections through combined analytical methods—From the behavioral and information
sciences to the development of research programs and networks of relationships
36 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
VulnerabilityAggregation
InternationalCyber Intelligence
MalcodeOperations Lab
FS-ISAC SOCFS Info Sharing & Analysis Center
VeriSign iDefense Fusion Cell
Rapid ResponseTeam
Vulnerability AdvancedResearch Labs
Editorial
VeriSign iDefense Intelligence Organization
VeriSign iDefense Editorial Team
•Seven editors on staff available 24/7 to deliver on the publishing needs of up-to-the minute VeriSign iDefense intelligence
•VeriSign iDefense delivers on an average over 500 pages of text-based research per month in addition to daily threat reports and customer requested Focused Intelligence reports
•VeriSign iDefense editors have contributed to an industry-wide reputation of high quality VeriSign iDefense research and reporting
37 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
VeriSign iDefense Intelligence Organization
VulnerabilityAggregation
InternationalCyber Intelligence
MalcodeOperations Lab
FS-ISAC SOCFS Info Sharing & Analysis Center
VeriSign iDefense Fusion Cell
Rapid ResponseTeam
Vulnerability AdvancedResearch Labs
VeriSign iDefense Fusion Cell
•Plans and directs cross-functional VeriSign iDefense intelligence process and knowledge sharing
•Enables a comprehensive perspective of the threat environment to be shared across all intelligence teams
•Serves as the hub for public and private research and partnership
•Underground Operations
• Engage illicit markets with the aim of identifying core actors, methods and assets
• Maintaining reputable aliases and acquiring compromised information are the teams core capabilities
38 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
Ways to Consume VeriSign iDefense Intelligence
• VeriSign iDefense® Topical Research Reports• Notable Malware for 2010, 3/2010• Domain Name System Security Extensions (DNSSEC), 11/2009• IPv6 Technology, 11/2009• Mobile Threats, 11/2009• Review of MPLS Security Considerations, 10/2009• Browser Security, 5/2009• Cloud Computing, 5/2009• Exploring Stolen Data Markets Online, 3/2009
• VeriSign iDefense ® Global Threat Research Reports• Cyber Threat Landscape of Russia• Cyber Threat Landscape of Hong Kong• Cyber Threat Landscape of Saudi Arabia• Cyber Threat Landscape of China
• VeriSign iDefense ® Focused Intelligence Reports• Expanding More Sophisticated Online Censorship Efforts, 7/2009• Cisco VLAN Technology, 9/2008
• VeriSign iDefense ® Weekly Threat Report – Sample Table of Contents• Overview of Last Week's Publications• News in Brief• Trends and Developments: Revisiting iDefense Predictions for the 2010 Cyber Threat Landscape• Cyber Warfare: Russian Military Doctrine Includes Information Security• Response: Public Report Analysis—Lessons learned from Vol 7 of the Microsoft Security Intelligence Report• Cyber Crime: Identity Theft Statistics for 2009 • State of the Hack: VeriSign iDefense Explains ...
Depth and Frequency of VeriSign iDefense Intelligence
39 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
Security Incidents Dominate Headlines
Monster.com Hit With Possible
Monster-Sized Data Breach
InformationWeek, January 2009
Cyber Attacks Jam
Government and Commercial
Web Sites in U.S. and South
Korea New York Times, July 2009
Updated MyDoom Responsible for DDoS Attacks computerworld.com, July 2009
Electricity Grid in U.S.
Penetrated By Spies
Wall Street Journal, April 2009 Obama's Copter Plans Turn Up On The Web
New York Post, March 2009Vast Spy System Loots Computers in 103 Countries New York Times, March 2009
Former employee accused
of stealing secrets from
Goldman Sachs GroupChicago Tribune, July 2009
DOD seeks defense against denial-of-service attacks fcw.com, July 2009
Data breaches cost $6.6 million on average, survey finds CNET, February 2009
40 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
Growth of Threats and Exposure / Risk
Your Business Network
41 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
Intelligence that Warns when a Threat Is Not
• What really occurred with CONFICKER…
• Attracted significant attention as a critical issue
• Other intelligence groups and 60 Minutes reports of April 1 meltdown
• But, ultimately was declared a non-emergency by VeriSign iDefense
• The 7-month time lapse indicates why a threat lifecycle approach is both essential and cost-effective
60 Minutes Reports 1
Apr Internet Meltdown
29 Mar23 Oct
Microsoft Announces Out of Band
Patch; MS 08-067
24 Nov
First Conficker in the Wild
01 Jan10 Dec
First in-depth Analysis on Conficker
in MSR
2nd Conficker in the Wild
28 Jan
Publishes Domain
Generation Algorithm
29 Jan
Publishes Downatool
09 Mar
3rd Conficker in the Wild
16 Mar
4th Conficker in the Wild
Media Reports 1
Apr Internet Meltdown
23 Mar
Nothing Happens
1 Apr
Accurate Prediction
Detection Tool
VeriSign iDefense Threat
Report: Explaining Why
The Internet Would Not Melt
Accurate Intelligence Allows You to Focus on What Matters Most
42 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
What Customers Tell Us
This translates into a security strategy that consistently delivers:
• Substantial cost savings with proactive insights on true threats, the intelligence to avoid false alarms
• Revenue protection through improved system and application availability• Reputation protection through fraud mitigation and response support• Improved in-house security operations through analyst access, knowledge
transfer and tactics/technique sharing
“With VeriSign iDefense, they have the world’smost experienced multinational network of security experts
acting as an extension of their teams, with exclusive accessto the most in-depth cyber threat intelligence available.”
“With VeriSign iDefense, they have the world’smost experienced multinational network of security experts
acting as an extension of their teams, with exclusive accessto the most in-depth cyber threat intelligence available.”
43 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
VeriSign iDefense Research Methodology
• Vulnerability Aggregation Team
• Vulnerability Advanced Research Labs
• Malicious Code Intelligence and Operations
• Rapid-Response Team
• International Cyber Intelligence Team
• FS-ISAC (SOC)
• VeriSign iDefense Fusion Cell
• Editorial Team
VulnerabilityAggregation
InternationalCyber Intelligence
MalcodeOperations Lab
FS-ISAC SOCFS Info Sharing & Analysis Center
VeriSign iDefense Fusion Cell
Rapid ResponseTeam
Vulnerability AdvancedResearch Labs
VeriSign iDefense Intelligence Organization
Editorial
44 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
Ways to Consume VeriSign iDefense Intelligence
• VeriSign iDefense Research / Report Packages• Access to over 170,000 published research reports
• Variety of secure delivery methods • Secure and encrypted customer portal• Via email and RSS Feeds• XML Web services
• Integrated Intelligence• Integrating VeriSign iDefense analytical research into security
management tools and platforms
• Support for Security Operations• Global Threat Intelligence Services: Increased Global and Regional
Threat Awareness
• Vulnerability Intelligence Services: Improved Vulnerability Management
• Incident Response Services: Faster and Smarter Incident Response
• Fraud Mitigation Services: Risk Management Around Online Fraud
45 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
VeriSign iDefense Security Operational Support
VeriSign iDefense® Global Threat Intelligence Services• Increased Global & Regional Threat Awareness
• Strategic view of global and regional threats and emerging threat activity• In-depth country and regional reports• Real-time threat alert feed
VeriSign iDefense ® Vulnerability Intelligence Services• Prioritized and Accurate Vulnerability Management Assistance
• Vulnerability prioritization• Drives efficient and accurate remediation• Combine asset data, vulnerability scan data with VeriSign iDefense vulnerability data
VeriSign iDefense ® Incident Response Services• Incident Response Efficiency
• Acts as an embedded part of a company’s incident response program• Real-time auto analysis and in-depth human analysis of malicious code• Forensic capabilities and strategic malicious code research on the latest threats
VeriSign iDefense ® Fraud Mitigation Services• Manage Risk Around Online Fraud
• Phishing and Malware Shutdown Services• Online fraud risk management services• Monitoring of known malicious IPs and the victims they target
46 VERISIGN CONFIDENTIALVERISIGN CONFIDENTIAL
VeriSign iDefense in Summary
• Your IT security strategy needs timely, detailed and actionable cyber threat intelligence that applies to the unique needs of your business so you can protect your business from the onslaught of cyber attacks
• With attacks increasingly targeted and potentially devastating, ‘managing’ security isn’t enough. You have to manage risk – and that means proactive intelligence