Advanced Security Testing in the Age of Cyber War

PROPRIETARY AND CONFIDENTIAL

Oct 11, 2012

Advanced Security Testing In The Age of Cyber War

2PROPRIETARY AND CONFIDENTIAL

Cyber Security Market Trends

Growth of Targeted Attacks

Rise of Social Engineering

CaaS – Crime as a Service

3PROPRIETARY AND CONFIDENTIAL

Between 2005 to 2011 the number of targeted attacks rose by a factor of:• 10

• 50

• 500

• 1000

In 2005 the number of targeted attacks detected by Symantec.cloud was 1 per week. In Nov 2011 it was 95 per day

Rapid Increase In Targeted Attacks

4PROPRIETARY AND CONFIDENTIAL

Report indicates that a large % of people reused passwords or the passwords were very similar:• 55 %

• 75 %

• 95 %

University of Cambridge study found that 75% of users shared passwords between two separate accounts

Social Engineering Is The Main Attack Vector

5PROPRIETARY AND CONFIDENTIAL

The price for one exploit is as high as $250K • iOS

• Chrome

• Windows

• Microsoft Word

A Bangkok based security researcher with a handle called ‘The Grugq’ sold an iOS exploit for $250K. He is on track to make over $1M this year.

The Growth Of The Zero Day Market

7PROPRIETARY AND CONFIDENTIAL

Accurate• Test with the latest attacks and vulnerabilities

• Discover unknown weaknesses in software

Agile• Recreate new apps and attacks immediately

• Leverage new threat profiles

Simple• Intuitive workflow for ease-of-use and adoption

• Auto-generate test cases using Studio

Requirements for Advanced Security Testing

8PROPRIETARY AND CONFIDENTIAL

1,000s of ready-to-run tests Continuous stream of the latest attacks and apps Multiple end–points (iPhone, PC, Android) & versions (Skype v5.3.0.8)

8

Spirent TestCloud – Apps & Security Test Store

10PROPRIETARY AND CONFIDENTIAL

DEMO 1 – Let’s Discover A Zero Day in Jabber

11PROPRIETARY AND CONFIDENTIAL

DEMO 2 – Now Let’s Unleash Attacks At Scale

PROPRIETARY AND CONFIDENTIAL

Thank you