Copyright © 2011 Trend Micro Incorporated. All rights reserved.
2012資安趨勢 Bob Hung
TW/HK GM, Trend Micro
Copyright © 2011 Trend Micro Incorporated. All rights reserved. Classification 2
Copyright © 2011 Trend Micro Incorporated. All rights reserved.
Agenda
2102資安預測
趨勢 #1: 進階式持續性威脅(APT)成為主流
趨勢 #2: 虛擬及雲端資安重要性漸增
趨勢 #3: 在後PC時代,行動裝置管理成為必要課題
Preparing for the Perfect Storm
Trend Micro Confidential 4/2/2012 3
Copyright © 2011 Trend Micro Incorporated. All rights reserved. Classification 4
2012 資安預測
Copyright © 2011 Trend Micro Incorporated. All rights reserved. Classification 5
1. 大部分企業及機構對消費者化(consumerization)雖然未能十分接受,但迫於層出不窮的資安及資料外洩事件,企業必須正視及面對員工自帶行動裝置(BYOD)相關的挑戰。
2. 資料中心(DataCenter)管理者須面對日益複雜的資安議題,包含如何保護實體、虛擬及雲端的系統安全。
Copyright © 2011 Trend Micro Incorporated. All rights reserved. Classification 6
3. 智慧型手機及平板的平台, 特別是 Android, 會遭受更多的網路犯罪者攻擊。
4. 資安漏洞會出現在合法的行動app上,使得駭客更容易竊取資料。
Copyright © 2011 Trend Micro Incorporated. All rights reserved. Classification 7
5. Botnet會有小型化的趨勢,但數量仍會增加,但會使偵測更為不易。
6. 駭客會對非傳統目標進行攻擊,像對重工業設備(如SCADA-controlled) 甚至到醫療設備,這類新的目標攻擊將會增加。
7. 因應各國的法律強制規範,網路犯罪者將有更創新的手法來進行網路攻擊。
Copyright © 2011 Trend Micro Incorporated. All rights reserved. Classification 8
8. 將有更多得駭客組織對企業/機關的機敏資料的保護造成更大的威脅。
9. 新的社群網路世代將重新定義何謂”隱私“ 。
10. 社交工程攻擊成為主流,中小企業也將受害。
11. 新時代駭客會使用更複雜完備的駭客工具,手法也會更純熟。
12. 更高調資料外洩事件將會發生,同樣是利用惡意程式及入侵的手法。
Copyright © 2011 Trend Micro Incorporated. All rights reserved.
趨勢 #1: 進階式持續性威脅(APT)成為主流
Classification 9
Copyright © 2011 Trend Micro Incorporated. All rights reserved.
2011 – 資料外洩之年
10 1
0
Sony PlayStation Network Data
Breach: Compromises 77 Million
User Accounts — April 26 2011
RSA suffers Data Security Breach
— May 22 2011
Massive Breach at Epsilon
Compromises Customer Lists — April 02 2011
— June 11 2011
Sophisticated Cyberattack is Reported
by the I.M.F.
— June 08 2011
Citigroup Inc breach may have
compromised hundreds of thousands
of bank card customers' data
Google Hack Attack Was Ultra
Sophisticated, New Details Show
— Jan 14 2010
Copyright © 2011 Trend Micro Incorporated. All rights reserved.
APT – Who, Why and How…
Source: Command Five, Advanced Persistent Threats: A decade in Review
Advanced - the hacker has the ability to evade detection and the capability to gain and maintain access to well protected networks and sensitive information contained within them. The hacker is generally adaptive and well resourced.
Persistent - the persistent nature of the threat makes it difficult to prevent access to your computer network and, once the threat actor has successfully gained access to your network, very difficult to remove.
Threat - the hacker has very specific intent and also the capability to gain access to sensitive information stored electronically.
Firstly, it tells us that humans are often the weakest link in the security chain and that users need to be better educated on the threat from social engineering. Socially engineered email campaigns are the most common social engineering technique used but not the only one. Secondly, it tells us organizations need to be review their existing security controls. Looking at the recent APT breaches, existing solutions & process are inadequate.
Copyright © 2011 Trend Micro Incorporated. All rights reserved.
傳統資安無法阻擋APT
• Firewall 無法發揮作用
– 利用正常的ports及
protocols
• 防毒對APT無效
– 63% 的APT惡意程式是客製化的 • 員工成為資安最弱的環節
– 魚叉式目標攻擊
– 社交工程電子郵件
• 漏洞及零時差攻擊
– 如何讓所有的PC及Server都上好最新的修補程式?
• 組織對自己已被攻擊完全無感
– 低調而緩慢,與病毒行為完全不同
13 Copyright 2011 Trend Micro Inc.
典型APT攻擊的流程
1. 情資蒐集 確認並研究攻擊目標的個人情資,利用公開資訊((LinkedIn, Facebook, 等) 以準備客製化攻擊。
2. 單點入侵 典型的起始攻擊是利用社交工程email或IM夾帶零時差漏洞的惡意程式。一旦後門被植入駭客即可隨意進入網路 (也有少數利用網站弱點直接駭入,但非主流方式)
3. 中繼站 Command & Control (C&C) Communication
作為駭客的跳板,駭客可利用操控數量龐大的僵屍電腦作為後續資料傳遞或下載其他惡意程式的中繼站。
4. 內部擴散 一旦進入企業內部網路,駭客會繼續攻擊其他電腦以獲取
更多權限以得到控制權方便下一階段的入侵,或取得權限以竊取極機密資料。
5. 辨識重要資料 利用數種技術(如 Port scanning) 找出重要Server或服務,以發掘出駭客有興趣的有價值資料。
6. 資料外送 一旦資料蒐集完畢,會找一台機器來做為資料傳輸之用,資料通常會以批次,壓縮甚至加密的方式向外傳送。
Copyright © 2011 Trend Micro Incorporated. All rights reserved.
1
Point of Entry
2
Command & Control (C&C)
3
Lateral Movement
4 Asset/Data Discovery
5 Data
Exfiltration
APT Attack Stages/Tactics
Antivirus & FW ineffective
Human weakest link
Lack of Compromise Visibility
Edge Vulnerabilities
Back-door Established
Lack of C&C visibility
Encrypted Communications over
HTTP/HTTPS
Unpatched Hosts
Zero-day Exploit
Privilege Escalation
Visibility of Log-in Failures
Overwhelmed with system events
Lack Server Setting &
Config. Change Visibility
Lack Network
Analysis Visibility
Data Exfiltration
APT Problems by Stages
Check for signs of infiltration
Analyze Exploits in
Sandbox Environment
- Vulnerability Assessment
Identify C&C IP/Domain
Monitor network traffic for C&C
communications
Update Gateway Security Policy
Vulnerability Shielding
System Integrity Monitoring
Restrict & Monitor User Access & Privilege Uses
Log Management & Analysis
Vulnerability Assessment
Integrity Monitor
Data Leak Prevention
Encryption
Incident Response
APT Needs by Stages
Copyright 2011 Trend Micro Inc.
防禦策略
15
外部防線
內部防線
Valuable Server
Valuable Server
Endpoint
Endpoint
Valuable Server
Copyright 2011 Trend Micro Inc.
對重要資產建立內部防線
16
VM VM VM VM VM Security VM
Hypervisor
Virtual Patching
Firewall
Anti-Virus
Log Inspection
Integrity Monitoring
• Shields zero-day and known Vulnerabilities with
Virtual Patching
• Monitors System and File Configuration
changes
Copyright 2011 Trend Micro Inc.
增加偵測及分析能力 先期攔阻;完整分析以便進階攔阻與清除
Identify Attack Behaviour & Reduce False Positives
Detect Malicious Content and Communication
Analyze
Simulate
Correlate
Visibility – Real-time Dashboards Insight – Risk-based Analysis
Action – Remediation Intelligence
Out of band network data
feed of all network traffic
Copyright © 2011 Trend Micro Incorporated. All rights reserved.
趨勢 #2: 虛擬及雲端資安重要性漸增
Classification 18
Copyright © 2011 Trend Micro Incorporated. All rights reserved.
混合型網路的跨平台資安
• 網路威脅不會因新平台並不會而有極大差異
• 跨平台整合式的資安方案方可有效管理
• 不同階段有其特有的資安風險
Virtual Cloud
Physical
Single Management Console
19
Copyright 2011 Trend Micro Inc.
Virtualization Adoption Production Environment Private/Public Cloud
Data destruction
Diminished perimeter
Resource Contention
Multi-tenancy
Data access & governance
Complexity of Management
Mixed trust level VMs
Compliance/ Lack of audit trail
1
2
3
4
5
6
7
8
9
10
11
在虛擬化各階段的資安挑戰
Inter-VM attacks
Instant-on gaps
Host controls under-deployed
Copyright © 2011 Trend Micro Incorporated. All rights reserved.
整合式資安應達到的效益
Higher
Density
Simpler
Management
IDS / IPS
Web Application Protection
Application Control
Firewall
Deep Packet Inspection
Log
Inspection
Anti-Virus
Integrity
Monitoring
Better
Security
Copyright 2011 Trend Micro Inc.
Cost Reduction & Consolidation 1 Cloud Security
挑戰: 資料管理及安全性
Cloud data can provide less visibility and control
10010011
01101100
22
Copyright 2011 Trend Micro Inc.
10011
01110
00101
Cost Reduction & Consolidation 1 Cloud Security
挑戰: 資料的銷毀
When data is moved, unsecured data remnants can remain
10011
01110
00101
10011
0
00101
23
Copyright 2011 Trend Micro Inc.
Who is responsible for security?
• With IaaS the customer is responsible for VM-level security
• With SaaS or PaaS the service provider is responsible for security
Public Cloud
PaaS
Public Cloud
IaaS
Servers Virtualization &
Private Cloud
End-User (Enterprise) Service Provider
Public Cloud
SaaS
Cost Reduction & Consolidation 1 Cloud Security
雲時代: 誰負責控制?
24
Copyright 2011 Trend Micro Inc.
Patient Medical Records Credit Card Payment
Information Sensitive Research Results Social Security Numbers
• Unreadable for
unauthorized users
• Control of when and
where data is accessed
• Server validation
• Custody of keys
Encryption with Policy-based
Key Management
Cloud Security
Modular Protection
• Self-defending VM security
• Agentless and agent-based
• One management portal for
all modules, all deployments
vSphere & vCloud
Cost Reduction & Consolidation 1 Cloud Security
VM 安全+ 雲端資料加密
Integration ensures servers have up-to-date
security before encryption keys are released
Copyright © 2011 Trend Micro Incorporated. All rights reserved.
趨勢 #3: 在後PC時代,行動裝置管理成為必要課題
Classification 26
Copyright © 2011 Trend Micro Incorporated. All rights reserved.
IT 的消費者化 (Consumerization)
• 新興的消費者端新技術已擴散到企業組機內部
• IT及消費電子合併成同一個工作及遊戲的設備
• 主導權逐漸從企業IT及企業IT供應商(IBM, HP)轉移到終端使用者及創新的消費市場供應商(Apple, Google)
“Consumerization will be
the most significant trend
affecting IT during
the next 10 years”
- Gartner
Copyright © 2011 Trend Micro Incorporated. All rights reserved.
Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice
over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi |
File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Email
Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices |
Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice
over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi |
File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Email
Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices |
Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice
over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi |
File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Email
Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices |
Social Networking | Email | Voice over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice
over IP | Cloud Applications | Wi-Fi | File Transfer/Sharing | Videoconference | Mobile devices | Social Networking | Email | Voice over IP | Cloud Applications | Wi-
…不只是行動裝置
Copyright 2010 Trend Micro Inc.
29
當前資訊人員的挑戰
iPad
Copyright 2010 Trend Micro Inc.
30
更多的問題即將發生
• 目前面對的問題僅僅是下一波大浪潮的開端
• 企業及組織須以較長遠的眼光面對此一新趨勢帶來的改變
iPad iPhone
Windows phone
Copyright 2010 Trend Micro Inc.
行動裝置的惡意程式大幅成長
• 15%: iPhone被解的比例
• 400%: Android 在2011年中毒的成長率 • 挑戰:
–保護行動裝置
–偵測及攔阻惡意 apps
–保護企業IT資源被行動裝置感染
Copyright 2010 Trend Micro Inc.
消費者化驅動IT資源的移轉
Classification 4/2/2012
32
• 過去幾年的消費者化已使企業及組織重新思考消費者等級的工具及服務的價值
Copyright 2010 Trend Micro Inc.
IT 的控制難度與日俱增
Copyright 2010 Trend Micro Inc.
Copyright © 2011 Trend Micro Incorporated. All rights reserved.
IT 的控制難度與日俱增
我如何…?
降低管理這些裝置的成本及資源
“大老闆都在使用iPad, 我該怎麼管?”
保護公司資料,尤其是這些裝置如果掉了或遭竊
“公司資料都在個人裝置上,誰知道會發生什麼事?"
“我如何在個人裝置上區分公司資料及個人資料?"
確保使用公司網路,資料及應用程式的裝置是安全的
“[Android 和 iPads], 就像沒保護的PC”
Copyright 2010 Trend Micro Inc. Classification 4/2/2012
35
"We cannot be binary and say ‘You can’ or ‘You cannot,’ we must enable people
to do their business.” - Trend Micro customer
Closed
Limited accessibility
Standard and uniform
Control!
擁抱消費者化: 需取得平衡
Open
Accessible and transparent
Heterogeneous
Freedom!
Consumerization
Copyright © 2011 Trend Micro Incorporated. All rights reserved.
IT 消費者化的防護策略
取得能見度及控制權
Device Discovery
• Device Enrollment
• Device Provisioning
• Asset Tracking
• S/W Management
• Remote Control
確保裝置安全
• Anti-Malware
• Firewall
• Web Threat Protection
• Email Security
• Call/ SMS Anti-Spam
• App Control/Lock-down
保護資料
• Encryption
• Remote Wipe
• Remote Lock
• SIM Change/ Watch
• Feature Lock
• Password Policy
Central & Policy Management
Copyright 2009 Trend Micro Inc.
Physical Virtual Cloud Virtualized
Desktop/Laptop/
Mobile
下個 世代的 資安解決方案 ..
Data
Protection
in the
Cloud
Data Leak Virtualizati
on Security
Advanced
Persistent
Threats
Post-PC
Era
Endpoints
37 Classification 4/2/2012
Except as expressly stated otherwise, you are not authorized to copy and distribute the content of this document. TRENDMICRO and Trend Micro Deep Security are registered trademarks of Trend Micro. All other trademarks are the property of their respective owners.
Copyright © 2012 Trend Micro Incorporated. All rights reserved.