Upload
arrow-ecs-uk
View
471
Download
5
Embed Size (px)
DESCRIPTION
Presented at the Arrow ECS Accelerate your Virtualisation Business with Symantec and VMware event, 18th January 2012 at Williams F1 Conference Centre
Citation preview
Presentation Identifier Goes Here 1
The Changing Security landscape
Anthony LeighTechnical Account Manager, Security
Evolution of Strategy RequirementsNow Structured and Unstructured
2
Jan, 2007 - 250,000 viruses
2011 – over 300 million
3Symantec Endpoint Protection 12.1
4
MoreSophisticated
AttacksComplex
HeterogeneousInfrastructure
Explosion ofInformation
IncreasedCost of
Incidents
Key IT Security Trends
5
The Current Approach Is Not Working
Stopping LessSpending More
IT Must Evolve to Meet New Demands
• Driver: Business automation, e.g., ERP, functional apps
• Data: Centralized, structured
• Infrastructure: Physical
• IT focus: Systems tasks
• Driver: Next level of productivity and agility with collaboration and knowledge sharing
• Data: Distributed, unstructured
• Infrastructure: Virtual, cloud, outsourced
Information-CentricInformation-Centric
System-CentricSystem-Centric
6
7
The Evolution of IT & Security...
Threat Landscape2011 Trends
8
Social Networking + social engineering = compromise
Attack Kits get a caffeine boost
Targeted Attacks continued to evolve
Hide and Seek (zero-day vulnerabilities and rootkits, cryptors)
Beyond the PCattackers branch out
IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive
Threat Landscape1. Targeted Attacks continue to evolve
IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive
• High profile attacks in 2010 raised awareness of impact of APTs
• Stuxnet was incredibly sophisticated– Two (2) Stolen digital signatures
– Two (2) different root kits
– Four (4) zero-day vulnerabilities
– Seven (7) different propagation mechanisms
– Fifteen (15) modules, ten thousand (10,000) lines of code
Detailed review in the:W32.Stuxnet Dossier& W32.Stuxnet
More Info:
9
Presentation Identifier Goes Here 10
Threat Landscape 2. Social Networking + Social Engineering = Compromise
IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive 11
… has given way to Social Networking – Use profile information to create targeted social engineering
– Impersonate friends to launch attacks
– Leverage news feeds to spread spam, scams and massive attacks
Dumpster diving…
Problem: Social EngineeringRecent example: W32:Yimfoca.B
Presentation Identifier Goes Here 12
Presentation Identifier Goes Here 13
Threat Landscape3. Hide and Seek
Trivial to use14IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive
Threat Landscape4. Attack Kits Get a Caffeine Boost
IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive 15
• Java exploits added to many existing kits• Kits exclusively exploiting Java vulnerabilities appeared
More Info:
Detailed information available in ISTR Mid-Term: Attack Toolkits and Malicious Websites
Threat Landscape 5. Beyond the PC
• Mobile activity on the rise– Complex OS environments– Increasing numbers of trojanized Android apps– Mobiles will be targeted more when used for financial
transactions
• Java based threats– Jnanabot is a truly cross-platform bot that
infects Windows, Linux, and MacOS
• Mac OS Threats– Starting to see Fake AV
IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive 16
42%
Symantec Endpoint Protection 12
17
• Up to 70% reduction in scan overhead
• Smarter Updates• Faster Management
• Powered by Insight • Real Time Behavior
Monitoring with SONAR
• Tested and optimized for virtual environments• Higher VM densities
Unrivaled Security
Built for Virtual Environments
Blazing Performance
Intelligence sourcesLots of information…
IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive 18
Internet Security Threat Report (ISTR)- AnnualInterim ISTR Deep Dive Reports (1 – 2 per year)- Rogueware applications- Web Attack Toolkits & Malicious WebsitesQuarterly Intelligence Updates- Speeds and Feeds update
Security Response Blog- Dozens of articles each month written by analystshttp://www.symantec.com/connect/symantec-blogs/sr
Business Security Response Website
- >25% of all symantec.com traffic is to a ‘Response’ page
http://www.symantec.com/