Security Management
Download
Report
Transcript Security Management
Security 2.0:
What is the Next Generation Security
for Public Sector Organizations?
John McCumber, Strategic Programs Manager
2 August 2007
Agenda
1
Security 2.0: A Working Definition
2
Part I: Building on a Security Foundation
3
Part II: Maintaining Information Security
4
Part III: Security Management
5
Why Symantec?
Symantec Vision 2007
2
The Shifting Threat Landscape…
crime
Threat Evolution Timeline
Phishing
Explodes
Phishing
Adware
Spyware
Bots &
Botnets
Spam
curiosity
Vulnerabilities
Openly Discussed
Virus
1986
Destructive Virus
Tracking
Cookies
DDoS
Attacks
Crimeware
Spyware &
Adware Explode
Bots
Explode
Zero Day
Exploits
& Threats
Rootkits
On the Rise
Paid
Vulnerability
Research
Spam Explodes
Mass Mailing
Worms
Network
Worms
Macro Virus
Symantec Vision 2007
2006
3
Phishers Relentlessly Assault
Consumers Through Trusted Brands
Phishing is the main form of brand attack
For the 2nd Half of 2006, there was an 19% in total phishing
messages blocked (pure volume)
Average of 904 unique phishing messages per day (6% )
Financial brands most commonly targeted (84%)
Symantec Vision 2007
4
¿Hablas Hacking?
• Threats are increasingly
deception-oriented
– Trojans
– Misleading applications such
as rogue anti-spyware
– Phishing
– Spam
• Given this, they have to be in
the victim’s native tongue to
truly be effective
• Attackers are increasingly
localizing threats and targeting
them specifically to their
intended victims’ market
• Especially common with
malware, spam & phishing
Symantec Vision 2007
5
Phishing in International Waters
• Non-English phishing attacks are on the rise, but still only 20% of overall volume
through March 2007
• The leading non-English language is Chinese by a considerable margin
– However, not uncommon to see spikes in German phishing
Symantec Vision 2007
6
Security Foundation: Protecting the
Endpoint
Business Problems at the Endpoint
• Endpoint management costs are
increasing
– Cost of downtime impacts both
productivity and revenue
– Costs to acquire, manage and
administer point products are
increasing, as well as the
demand on system resources
• Complexity is increasing as well
– Complexity and staffing to
manage disparate endpoint
protection technologies are on
the rise
Source: Infonetics Research - The Cost of
Network Security Attacks: North America 2007
Symantec Vision 2007
8
Ingredients for Advanced Protection
Network Access
Control
Device Control
• Includes a NAC agent to ensure each endpoint is
“NAC-ready”
• Adds endpoint compliance to endpoint protection
• Device control to prevent data leakage at the
endpoint (Sygate)
• Protection against mp3 players, USB sticks, etc
• Behavior-based Intrusion prevention
Intrusion
Prevention
Firewall
Anti-Spyware
• Network traffic inspection adds vulnerabilitybased protection
• Industry’s best managed desktop firewall (Gartner)
• Leading adaptive policies for location awareness
• Sygate and Symantec Client Security
• Best anti-spyware, leading the pack in rootkit
detection and removal
• Includes VxMS scanning technology (Veritas)
• The World’s leading anti-virus solution*
AntiVirus
• More consecutive Virus Bulletin certifications
than any vendor**
Symantec Vision 2007
9
Ingredients for Advanced Protection
Network Access
Control
Device Control
Intrusion
Prevention
Firewall
Anti-Spyware
Symantec Endpoint Protection 11.0
AntiVirus
Symantec Vision 2007
10
Symantec’s Information Foundation
Symantec Mail Security – Keep
Important Things In
• Personal data, patient records, employee information
– Scan within email message body or attachments
Malicious Code
Employee Info
Anti-Virus
Fraud Prevention
Spam
Traffic Shaping &
Spam Filtering
Phishing
Credit Card #
Symantec
Mail
Security
Symantec
Mail
Security
File Server
I recently left Acme, and
believe your engineering
team have stolen your #1
competitors intellectual
property. You might want
to let your lawyers see
this
I recently left Acme, and
Patient
believe your engineering
Bob
team have stolen your #1
competitors intellectual
property. You might want to
let your lawyers see this
Messaging Server
Records
Database Server
Bob
Symantec Vision 2007
12
Information Risk In Database Systems
• Keep audit trail of all SQL activity
– Zero overhead on database server
• Detect potential threats from insiders and outsiders
– Uses fraud policies and historical transaction information
• Detect leakage of confidential information
– Based on “extrusion” policies
SELECT Credit_Card, FROM
Customers
Fraud Detection
Fraud
Policies
SQL Audit Trail
Audit
Policies
Database Server
Symantec Vision 2007
13
Managing Information Risk Via
Enterprise Vault
• Automatically retain and manage email for set time
based on business policies
• Archiving IM communication
• Managing archived content for compliance/discovery
SMTP
Gateway
Microsoft Exchange
IBM Notes Domino
Archive
Vault Store
IM
Gateway
Microsoft LCS
IBM/Lotus SameTime
Jabber
Symantec Vision 2007
14
Security Management:
IT Compliance and Beyond
Security Management Challenges
• Managing security events – particularly those stemming from
new threat types
• Managing security beyond organizational network
– Sensitive data entrusted to other agencies, partners, and outsourced
vendors
• Federal and agency governance and regulatory compliance
– Requires greater visibility
Symantec Vision 2007
16
IT Policy Management
3. Map
1. Create
PCI
Cobit
Malware
Policy
SOX
ISO
GLBA
Data
Protection
Policy
Endpoint
Policy
NIST
FISMA
Incident
Response
Policy
2. Distribute
Procedural
4. Prove
Operational
Archive
Backup
Virus
Spam
Attestation Of Controls
Enterprise Security
Infrastructure
Vulnerability, Patch,
Configuration, Permissions
Symantec Vision 2007
17
Symantec™ Global
Intelligence Network
4 Symantec SOCs
+
74 Symantec Monitored
Countries
>6,200 Managed Security Devices
+
+
40,000+ Registered Sensors
in 180+ Countries
+
8 Symantec Security
Response Centers
200,000
Millions
Millions
Hundreds
malware
of
of security
threat
ofsubmissions
MSS
reports
alerts
customers
per
per
month
month
month
30%
of World’s email Traffic
120
Million
Systems
Worldwide
+per
+
Advanced
Honeypot Network
Dublin, Ireland
Tokyo, Japan
Calgary, Canada
San Francisco, CA
Redwood City, CA
Twyford, England
Santa Monica, CA
Munich, Germany
Alexandria, VA
Pune, India
Taipei, Taiwan
Sydney, Australia
Symantec Vision 2007
18
Symantec Security Strategy for
Enterprises
Policy Management
Security
Management
Vulnerability Management
Information Management
Event & Log Management
!
i
Information Security
Security Foundation
Cell Phone
Laptop
Desktop
File Server
Application Server Messaging Server
Database Server
Symantec Vision 2007
19
QUESTIONS
ANSWERS
John McCumber
[email protected]
Symantec Vision 2007
20