Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise /...
Transcript of Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise /...
![Page 1: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/1.jpg)
Vital Threat Management for
Enterprise / CarrierIn a Digitally Integrated World
Derek Manky
Project Manager, Cyber Security & Threat Research
CMMA: June 17th, 2009
![Page 2: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/2.jpg)
Presentation Overview
Vital Threat Management For:
Enterprise & APAC
Malware Trends
Cost Effective, Next Generation Security
The Threatscape Today
Layered Security
Mobile Threats
Q&A
Fortinet Confidental 2
![Page 3: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/3.jpg)
Enterprise & APAC
Targeted Attacks
Documents Favored
Various Exploits Used
PDF, XLS, DOC
Common Malware Dropped
Social Engineering 2.0
Location Based Services
Profiling
UPS / DHL Attacks
Salesforce Snow-Ball Effect January 31, 2007: 29,800 Customers
September 2007: Phishing attacks compromise sensitive data
November 2007: FTC spoofed attacks with compromised data
Fortinet Confidental 3
![Page 4: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/4.jpg)
Enterprise & APAC
Targeted Attacks
GhostNet[1]
1,295 unique infections:103 countries
Ministry of Foreign Affairs, Embassies
Concentration in Asia
Spoofed Email (ie: [email protected])
Malicious MS Word document – exploit
Drops trojan (Ghost RAT), and innocent document
HTTP Communication Used for C&C
Fortinet Confidental 4
GhostNet Source
1: Information Warfare: http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network
![Page 5: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/5.jpg)
Enterprise & APAC
Targeted Attacks
Fortinet Confidental 5
XLS, DOC, PDF Exploits
January - May 2009
0
5,000
10,000
15,000
20,000
25,000
Jan-09 Feb-09 Mar-09 Apr-09 May-09
Det
ecte
d A
ctiv
ity
AMER APAC EMEA
![Page 6: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/6.jpg)
Enterprise & APAC
Targeted Attacks
Fortinet Confidental 6
![Page 7: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/7.jpg)
Enterprise & APAC
W32/Virut.A
Dominant in Asia
Prevalent for 1+ Years in Korea
Parasitic File Infector
Newly Discovered Hybrids
Especially Nasty to Clean
Hybrid Effect
Blended Threats
MyDoom, Netsky, Scareware
Botnets & Control
Polymorphic
Fortinet Confidental 7
![Page 8: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/8.jpg)
Enterprise & APAC Volume & Infection Rate Increase Over 1.5 Years
Source: Fortinet’s FortiGate and Worldwide Intelligence Systems
Fortinet Confidental 8
Netsky vs. Virut
0
200,000
400,000
600,000
800,000
1,000,000
1,200,000
Oct
07
Nov
07
Dec
07
Jan
08
Feb
08
Mar
08
Apr
08
May
08
Jun
08
Jul
08
Aug
08
Sep
08
Oct
08
Nov
08
Dec
08
Jan
09
Feb
09
Mar
09
Apr
09
May
09
Dete
cte
d A
cti
vit
y
W32/Netsky!similar W32/Virut.A
![Page 9: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/9.jpg)
Cost Effective
Next Generation Security
Vital Threat Management
![Page 10: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/10.jpg)
Cost Effective, Next Gen Security Volume & Infection Rate Increase Over 2 Years
Source: Fortinet’s FortiGate and Worldwide Intelligence Systems
Malware Received (Annual)
Infected
Infected
Totals
Totals
2007 2008
Receiv
ed
Sam
ple
s
+52.6%
+31.8%
Fortinet Confidental 10
![Page 11: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/11.jpg)
Cost Effective, Next Gen Security Volume & Infection Rate Increase Over 3 Quarters
Source: Fortinet’s FortiGate and Worldwide Intelligence Systems
Malware Received (Q1)
InfectedInfected
Infected
Totals
Totals
Totals
2007-Q1 2008-Q1 2009-Q1
Receiv
ed
Sam
ple
s
+54.9%
+92.0%
+54.0%
+54.9%
Fortinet Confidental 11
![Page 12: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/12.jpg)
Cost Effective, Next Gen Security APAC Leading 2009 Malware Detections
Source: Fortinet’s FortiGate and Worldwide Intelligence Systems
Fortinet Confidental 12
Global Malware Volume
January - May 2009
0
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
6,000,000
2009/01 2009/02 2009/03 2009/04 2009/05
Dete
cte
d A
cti
vit
y
AMER APAC EMEA
![Page 13: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/13.jpg)
Ringfence corporate security networks
Blended Threatscape curve
Y2 – Point solutions: costly, patchy security
Z1 – Perceived competitive gap over
time (when economy recovers) if
enterprises adopt UTM security
approach. Z1 can be reduced if IT
managers are trained and FortiGuard
updates are applied due diligence.
Z3 – Greatest perceived gap, if
enterprises are unfocused in
spending and approach. Worst case
scenario, big attack takes place and
enterprises’ assets are compromised.
Will need to play catch up game over
time to bridge the competitive gap.
Z2 – Perceived gap when companies
attempt to patch security holes with
costly point services. Creates a
greater gap for enterprises, which
indirectly causes enterprises to be
less competitive over time.
Protection versus
Threatscape
Competitive
Outcome overtime
Fortinet Confidental 13
![Page 14: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/14.jpg)
Next Gen Threats
Public
Internet
Social
Networks
Koobface
Web
XSS
CSRF
SQL Injections
Exploit Kits
Telecomm
Bridge
SymbOs/Yxes
Platforms++ == Vulnerabilities
Bridged Threats
Search
EnginesCloud
ServicesSEO Attacks
Data Breaches
Legacy
Mass Mailers
File Infectors
Digital UndergroundPortable
USB
Bluetooth
MP3
Cameras
Laptops
Financial
/ Auction
Phishing
ScamsIM/Games
Fortinet Confidental 14
![Page 15: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/15.jpg)
Layered Security
Solution A
AntiVirus
Public
Solution D
AntiSpam
UTM
Solution
Solution B
WCF
Solution C
IPS
UTM vs. End Point Approach
Fresh
Web
0-Day
Exploit
Variant #2
Hosted
Variant #1
AttachedMass Mail
12
3
4
5
1
1 2 3 4 5
2 5
3
4
Fortinet Confidental 15
![Page 16: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/16.jpg)
Security
Function
The Big Picture
Layered Security
Gateway
End PointsServers
Web
Database
Mobile
Employees
Threatscape
Updates Monitoring Administration
IPS
AntiVirus
WebFiltering
AntiSpam
DLP
Firewall
Fortinet Confidental 16
![Page 17: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/17.jpg)
Consolidated Approach (UTM)
Consolidates Management and Deployment
Operating Expenses Smoothed
Licenses--
Smaller Footprint
Capital Expenditures Reduced
Scalable to Address:
Threat Growth
Growing Operations
Manageable
Monitored View of all Threat Vectors
Increased Incident Response
Layered Security
Fortinet Confidental 17
![Page 18: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/18.jpg)
In Summary
Modern Threats Require Layered Solution
Too Complex of a Challenge
Defense in Depth
UTM
Cost Effective; Security != $$
Provides Enhanced Security
Both Client & Server Side
Policies & Education
Scalable Solution Required for Threatscape
Security is Essential
Huge Losses Possible
Breaches Damage Reputation
Layered Security
Fortinet Confidental 18
![Page 19: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/19.jpg)
Mobile Threats
Vital Threat Management
![Page 20: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/20.jpg)
Mobile Threats on the Rise
Past and Present
2004:
• SymbOS/Cabir (PoC) Bluetooth
• SymbOS/Skulls (DoS)
2005:• SymbOS/CommWarrior
Bluetooth, MMS, MMC
2008/2009: • SymbOS/Flocker
• SymbOS/BeSeLo File Extension Tricks
• SymbOS/CurseSMS (DoS)
• SymbOS/YxesBeSeLo Propagation on S60 Phones
Destruction & Defacement Monetization
![Page 21: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/21.jpg)
Mobile Threats on the Rise
A Growing Trend
Statistics from Fortinet’s network security appliances worldwide
Mobile Threat Detections
January 2008 - May 2009
20,000
40,000
60,000
80,000
100,000
120,000
Jan-08 Mar-08 May-08 Jul-08 Sep-08 Nov-08 Jan-09 Mar-09 May-09
Det
ecte
d M
ob
ile T
hre
ats
SymbOS Threats
![Page 22: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/22.jpg)
Moving Forward: Securing The Future
Active Threat Ingredients
• Plethora of smart devices
• Increased complexity / functionality
Bridges created
Security holes introduced
• New platforms introduced
• Roaming insider threat
• Adoption of 3G Roadmap to 4G
Traffic == Cold Hard Cash
On The Horizon
• Increased integration
Smart devices & cloud services
• Digital underground invests
Custom malware / targeted attacks
Zero-days, roaming botnets
![Page 23: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/23.jpg)
Moving Forward: Securing The Future
Protecting Against Attacks
• Enterprise Security
Endpoint Solution (Roaming)
Gateway Solution (Bridged)
Policies & Education
• Carrier Security
Gateway Solution (MMS)
Monitoring & Alerts
• Vendor Security
Safe Coding / R&D Practices
Responsible Disclosure
FortiCarrier
FortiClient Mobile
FortiGuard Global Security Research Team
![Page 24: Vital Threat Management for Enterprise / Carrier€¦ · Vital Threat Management for Enterprise / Carrier In a Digitally Integrated World Derek Manky ... CMMA: June 17th, 2009. Presentation](https://reader033.fdocuments.in/reader033/viewer/2022053003/5f07add87e708231d41e315f/html5/thumbnails/24.jpg)
Questions
Thank You!