Upload
emmadesaint
View
62
Download
3
Embed Size (px)
Citation preview
0
presenter
Emmanuel OnwubikoKaspersky Technical Head Palette Business Solutions
Kaspersky Technical Training
June, 2016
1
Agenda1. What Changed?
2. New Rules.
3. A new world.
4. Gartner’s 2016 Magic Quadrant for Endpoint Protection Platforms.
5. The Rise of Ransomware.
6. Kaspersky with UTMs.
7. Threat Research.
8. Conclusion.
9. Q & A.
2
OUR MISSION TO PROTECT EVERYONE FROM CYBERCRIME
“Cybercrime today knows no borders, and its
technical capabilities are improving fast; we’re
seeing how attacks are becoming increasingly
sophisticated. Our mission is to combat all types
of cyberthreats, to make using internet safe and
secure”.@ IDC conference 2014 FourPoint Lagos Nigeria.
Stanisalus Mezu
Chief Executive Officer and Chairman
Palette Business Solution
4
HOME HAS CHANGED
I fear the day that technology will surpass our human interaction. -Albert Einstein
5
Knowledge workers will spend only
5%of the day in the same space and
time as their colleagues by 2017.
WORK HAS CHANGED
82%of companies allow use of employee-owned devices
84%of organizations have remote workers
2020Year
Millennials will comprise
50% of the global
workforce
6
SECURITY HAS CHANGED
3.2BILLIONINTERNET
USERS 1.3BILLIONSMARTPHONES SHIPPED WORLDWIDE 3
BILLIONNEW DEVICES
PER YEAR
THROUGH
2020
INCREASE IN CYBER THREATS
10,000xPUBLIC CLOUD MARKET IS ESTIMATED TO REACH
$191BILLION
7
SO HAVE THE RISKS
$11.56 $12.69
$15.42
2013 2014 2015
Average Cost of Cybercrime in the U.S.Dollars (Millions), per incident
Sony security spends $22M per year. Sony Breach…direct cost of $35M for one year….cost to reputation $100B+
Kowsik Guruswamy, CTO of Menlo Security
“ “
8
TODAY’S STANDARD APPROACHES
NO LONGER WORK
TOO MUCH
FOCUS ON
COMPLIANCEEnterprises spend too much on
checking boxes down a list.
TOO RISK BASED
Taking a reactive approach only
addresses known threats, not the
new unknowns.
TOO MANY POINT
SOLUTIONSToo many different security
vendors whose products do not
communicate with one another.
12
Pervasive UsersUsers expect to be able to work in any location and have access to all their work resources. Users expect work to be lifestyle-agnostic.
Devices ExplosionThe explosion of devices is eroding the standard-basedapproach to
corporateIT. BYOD is re-definingworkplace standard.
Ubiquitous AppsDeploying and managing plethora of applications across different platforms is becoming more difficult. Rouge Apps easily compromise BYOD devices.
Corporate Data on all DevicesAs yearning for productivity requires users to have access to corporate data on all devices, this presents new challenges of data loss, espionage and compliance/regulator violation.
HOW PERVASIVE IS TODAY’S WORKPLACE?
13
HOW BUSINESS CAN TAKE CONTROL?
Today's workplace culture is fast-evolving. Productivity now continues to
demand that Users use different lifestyle-fit Devices to run Ubiquitous
Apps and access Business Data. More business data are shifting from on-
premise repositories to cloud and devices. Users have increasing liberty to
access corporate data from any device, anywhere and anytime. This new
"workplace culture" requires new tool to secure endpoints, manage
identity and protect organization data asset.
Enterprise Software Mobility Suite is a comprehensive cloud-based
solution to address consumerization of IT, BYOD and ubiquitous
Apps/Data challenges.
16
Borderless Attack Surface
Branch Office HQ
Data Center
Remote Office
Mobile
PoS
IoT
There’s more ways in
More ways out
18
Rule number 3.
Slowing down the network to
implement security is not, never
has been nor will it ever be a
satisfactory strategy.
20
The enterprise IT staff is faced with what has been an
unsolvable problem. The enterprise depends on the network to
ensure the continuity of the business and depending upon the
business model, the network may be at the center of its strategy.
Injecting security into this model has traditionally meant slow
downing the network, sometimes to the point of affecting
application performance resulting in complaints. The
organization is then forced to find a middle ground between the
two, a compromise that pleases no one. But until now, this has
been compromise that enterprises have been forced to make.
22
Advanced Security
Network Performance
SECURITY FOR A NEW WORLD IS SECURITY WITHOUT COMPROMISE
Kaspersky Security
Center
24
Data Protection
DATA
LOSS
DATA
LEAKAGE
CYBER
THREATS
The average cost of a serious
breach may be up to $1.6 mln
of organizations lost
business-sensitive data28%
Source: Corporate IT Security Risks Survey 2014,
25
BUSINESS CONTINUITY
65% 35% malware attack
60%
<4h.
22%
4-24h.
18%
>24h.
• Software errors
• SCADA failure
• Operator mistakes
• Other
Source: Repository of Industrial Security Incidents (RISI)
26
Business Continuity – Risk Factors
EXTERNAL
FACTORS
INTERNAL
FACTORS
BUSINESS CRITICAL
INFRASTRUCTURE
ONLINE
SERVICES
MALWARE
OUTBREAK
EMPLOYEE
AWARENESS
28
MOBILITY
Sources: 1 - Forrester Research, 2 – Gartner, 3 - Corporate IT Security Risks Survey 2014,
of the world’s
workforce is mobile1
Today,
~37%of all companies
worldwide are
expected to adopt
the BYOD model2
By 2017,
50%devices is among
the top priorities for
the corporate IT
security function3
Security of
mobile/portable
31
Kaspersky Lab Threat IntelligenceInsight and Expertise Gained Through a history of Discoveries
2014
REGIN
THE MASK
TURLA
ENERGETIC BEAR/
CROUCHING YETI
DARKHOTEL
2013
RED
OCTOBER
WINNTI
NETTRAVELER
ICEFOG
KIMSUKI
2012
FLAME
GAUSS
MINIFLAME
2011
DUQU
Q1 2015
DESERT
FALCONS
EQUATION
CARBANAK
HELLSING
32
IT’S TIME TO RETHINK YOUR IT SECURITY
MOBILITY DATA
SECURITY
BUSINESS
CONTINUITY
SECURITY
INTELLIGENCETRUSTED
PARTNER
COMPREHENSIVE
PROTECTION
TO PREPARE FOR THE INEVITABLE!
33
Kaspersky Lab’S ENTERPRISE SOLUTIONS PORTFOLIOBuilt to Address key Customer Needs
ENDPOINT
SECURITY
MOBILE
SECURITY
VIRTUALIZATION
SECURITY
SECURITY
INTELLIGENCE
DDOS
PROTECTION
SOLUTIONS FOR
DATA CENTERS
INDUSTRIAL
SECURITY
FRAUD
PREVENTION
ANTI-APT
MOBILITY DATA
SECURITY
BUSINESS
CONTINUITY
35
Strengths: In particular, Gartner praised the range
of malware protection options from OfficeScan, the
company's endpoint detection and response solution
(which many others do not offer), its malware
detection sandbox and its "very complete" Endpoint
Application Control solution. Gartner also said the
company's relationship with VMware has proven
beneficial for anti-malware scanning, intrusion
prevention and file integrity monitoring capabilities.
Weaknesses: Most of Gartner's cautions about Trend
Micro concerned a list of integration it wished the vendor
offered, including bringing anti-malware scanning
capabilities to OfficeScan, policy-level integration and
more variety of OS offerings for application control,
encryption, DLP and device control. Gartner said Trend
Micro could benefit from more granular product
management of its Control Manager and a central database
for its Endpoint Sensor alerts.mmmmm
Trend Micro: Leader
Trend Micro, based in Tokyo, is one of the largest enterprise
protection platform vendors on the Gartner list. Gartner also
praised Trend Micro's investment in application control,
vulnerability detection and shielding, malware sandboxing, and
endpoint detection and response. The company also has made
investments in next-generation IPS and network security with its
October acquisition of HP TippingPoint.
Trend Micro: Strengths And Weaknesses 1st Place in the Gartner’s rating
36
Strengths: Gartner praised Intel Security's
wide range of solutions, as well as EPP
integration with the company's ePO
administrative platform, Global Threat
Intelligence and Threat Intelligence
Exchange. Benefits also included Intel
Security's Advanced Threat Defense
sandboxing solution as well as its
Management for Optimized Virtual
Environments anti-malware scanning.
Weaknesses: Intel Security is plagued by
customer complaints based on its legacy
multiple agent architecture, Gartner said.
Gartner said the company shows slow
evolution around its integration framework,
upgrades required for detection and
administration improvements as well as the
requirement of Intel-based chipsets for some
advanced capabilities.
Intel Security: Leader
The second-largest EPP vendor on Gartner's list is Intel Security, which was named a
"leader" on this year's Magic Quadrant list. Gartner praised the Santa Clara, Calif.-
based vendor's extensive portfolio of security solutions, as well as its integration with
its ePolicy Orchestrator (ePO) solution. The company has been shedding multiple
product lines in recent months to accommodate its new strategy, but EPP is one area
that has remained relatively untouched.
2nd Place in the Gartner’s rating Intel Security
37
Strengths: Gartner praised Kaspersky for its
malware research team and wide variety of
integration client management tools. It also
had particular praise for Kaspersky's
Automatic Exploit Prevention, Zero-Day
Exploit and Targeted Attack Shield and
Security for Virtualization technologies.
Weaknesses: Some fallings for Kaspersky included
the company's lack of endpoint detection and
response or malware sandboxing, as well as the
long replacement cycle that will likely come with
its upcoming Endpoint Security For Business 10
SP2 edition. Gartner said the company's client
management tool is more ideal for SMBs and
operations validation, rather than for the enterprise.
3nd Place in the Gartner’s rating Kaspersky Lab
58
URGENT DETECTION SYSTEM 2 (UDS2)
Advantages:
The shingle lists are updated in real time, no database updates
Far more efficient at filtering unsolicited mail
Works in combination with “conventional” technologies
UDS – Cloud-based spam filtering system. Checks certain characteristics of email (not
content!) against cloud database to produce verdict. Relies on full message “signature”, not
able to detect slightly modified messages.
UDS2 – dissects emails to tokens and combines tokens “signatures” to create a “shingle”- new
type of signature not vulnerable to slight spam alternations.
59
AUTOMATIC EXPLOIT PREVENTION The purpose of any exploit is to trigger certain vulnerabilities in software in order to launch various types
of malicious code.
Signature/heuristic scan
Vulnerability scan
Patch management
Raised alert level to attempts of most frequently targeted software to execute
code
Application actions history to see the context
Matching against templates of actions performed by know exploits
Code origin tracking, detecting code execution without user’s consent
Forced Address Space Layout Randomization to break exploit behavior
Known exploits:
Unknown (zero-day) exploits:
60
PROTECTION QUALITYPROVEN BY INDEPENDENT TESTS
N of independent
tests/reviews
Score
of TOP
3
places
*Notes:
• According to summary
results of independent tests
in 2014 for corporate,
consumer and mobile
products.
• Summary includes tests
conducted by the
following independent
test labs and
magazines:
Test labs: AV-
Comparatives, AV-Test,
Dennis;
Technology Labs, MRG E
tas, NNS Labs, PC;
Security Labs, VirusBulletin.
• The size of the bubble
reflects the number of 1st
places achieved.
* Top overall test rating for 2014. For details, seehttp://www.kaspersky.com/about/news/product/2015/kaspersky-lab-products-achieve-outstanding-results-in-independent-tests-throughout-2014
61
KSV TEST RESULTS
61
Tolly Group (KSV | Agentless v.2.0)
Tolly found that Kaspersky Security for Virtualization 2.0 blends efficient hypervisor resource usage with solid protection abilities by
delivering lower response time and disk usage than the other products tested. Kaspersky also defended against threats better than the
other agentless offerings under tests.
62
KSV Test results
62
AV-Test (KSV | Light Agent v.3.0)
While all measured products show similar protection levels their performance impacts differed significantly. Kaspersky Security for
Virtualization | Light Agent has shown the least impact on the virtual infrastructure which results in better efficiency of the virtual
environment empowered by this solution.
65
SECURITY INTELLIGENCE IS IN OUR DNA
Expertise from the TOP down. Our CEO/MD Stanislus Mezu is the foremost,
respected, influential security expert.
Respected among TOP security organizations. We are trusted
by and have partnerships with the world’s fastest-growing
cybersecurity companies and the largest one that is privately-
owned.
Independent recognition of our leadership.
Kaspersky Lab is consistently awarded top scores
in more independent tests than any other vendor.
We have been identified as a Leader in the three
most prominent and influential global analyst
vendor assessments
Leading global threat intelligence. Threat
Research and Global Research and Analysis
Teams are strategically located all around
the globe, providing unparalleled depth of
analysis and understanding of all kinds of
threatsLeading discovery of the most complicated threats. We
have a long-standing reputation of making the first and
most relevant security discoveriesSee and predict security incidents. The
Kaspersky Security Network gives us the
broadest view of millions of threats from every
corner of the world
Technology driven. We are the world’s largest privately held
IT security company whose R&D teams are solely focused on
technology quality and innovation, rather than being
constrained only by short-term, market-driven profit
expectations
66
SECURITY EXPERTISE FROM THE TOP DOWN
•More than 200 Partners locally
•More than 1/3 of the
company’s employees are
R&D experts
•We are a VAD company, our
R&D resources are quick
and flexible
68
Palette Business Solution HQ
9 Adebola Street (Entrance on Alhaji Masha),
Surulere, Lagos, Nigeria.
www.paletteng.com
LET'S TALK?