The year that shook the world

Copyright 2011 Trend Micro Inc.Classification 04/18/2023 1

2011 – The year that shook the worldWhat’s next?

Copyright 2009 Trend Micro Inc.

On the Radar…

APT

Consumerisation

Cloud?

Service Growth

Virtualisation


APTGetting on the same page


Four stages of an attack

Classification 04/18/2023 4




Perimeter Security

Game we thought we’d won




Hypothesis:If the attacker can commit enough resources they can gain entry to even the most secure organisation

Perimeter Security

Game we thought we’d won

Mass random attacks became unique, targeted and focused

But the rules changed


Hands in the air….


… put them down when you hear an attack that could affect you…


Random and Common


http://countermeasures.trendmicro.eu/facebook-419/

Source: http://en.wikipedia.org/wiki/File:PhishingTrustedBank.png


In the balance


Source: http://blog.trendmicro.com/fake-version-of-temple-run-unearthed-in-the-wild/


What’s your threshold?


LinkedIn Andy Dancer has indicated you are a Friend

I saw you attended my presentation at RSA today. I hope you found that useful and I wanted to reach out and connect in case you wanted any more information? - Andy Dancer

Accept

View invitation from Andy Dancer

WHY MIGHT CONNECTING WITH ANDY DANCER BE A GOOD IDEA?

Andy Dancer’s connections could be useful to you

After accepting Andy Dancer’s invitation, check Andy Dancer's connections to see who else you may know and who you might want an introduction to. Building these connections can create opportunities in the future.

© 2011, LinkedIn Corporation

…but what about something you were expecting…?

You wouldn’t click on a random link…


What’s your threshold?


LinkedIn Andy Dancer has indicated you are a Friend

I saw you attended my presentation at RSA today. I hope you found that useful and I wanted to reach out and connect in case you wanted any more information? - Andy Dancer

Accept

View invitation from Andy Dancer

WHY MIGHT CONNECTING WITH ANDY DANCER BE A GOOD IDEA?

Andy Dancer’s connections could be useful to you

After accepting Andy Dancer’s invitation, check Andy Dancer's connections to see who else you may know and who you might want an introduction to. Building these connections can create opportunities in the future.

© 2011, LinkedIn Corporation

…but what about something you were expecting?

You wouldn’t click on a random link…

ENTRY PHASECOMPLETE


People are the weakest link

Education is essential to reduce the volume of successful attacks to a manageable level


The Rise of Android Threats in 2011


How BIG will the Android Malware be in 2012?

• 1K: End of 2011! (60% increase rate month on month)

• 10K: Middle of 2012!

• 100K: End of 2012!

http://blog.trendmicro.com/how-big-will-the-android-malware-threat-be-in-2012/




Stuxnet


Source: http://threatinfo.trendmicro.com/vinfo/web_attacks/Stuxnet%20Malware%20Targeting%20SCADA%20Systems.html


Water pump control




Starting point for this phase




I own one PC

Starting point for this phase

Probably used by a Senior Manager

The data on there is valuable But that’s just the start…


New security mantra…


Too many attacks to stop

Block at my network edge

Treat my internal network as “safe”







Keep outwhat I can







Keep outwhat I canDon’t trust internal machines







Keep outwhat I canDon’t trust internal machinesClean internal infection sources







Keep outwhat I canDon’t trust internal machinesClean internal infection sources

So if I lose the battle I don’t lose the war




Level of damage from

advanced persistent

threats

Hours Days/ weeks

Weeks / months

Weeks / months





advanced persistent

threats

Hours Days/ weeks

Weeks / months

Weeks / months

1





advanced persistent

threats

Hours Days/ weeks

Weeks / months

Weeks / months

1

2





advanced persistent

threats

Hours Days/ weeks

Weeks / months

Weeks / months

1

2

3


Protect my data

28

Inside-out Security

Smart

Context aware

Self-Secured Workload

Local Threat Intelligence

When Timeline Aware

Who Identity Aware

Where Location Aware

What Content Aware

User-defined Access Policies

Encryption

DATAINSIDE-OUT SECURITY


So what does that look like?

29

Outer Perimeter

Inn

er P

erim

eter

sValuable Server

Valuable Server

Valuable Server

Endpoint

Endpoint


Deep SecurityInner Perimeter for valuable assets

30

VM VM VM VMVMSecurity

VM

Hypervisor

Deep Packet Inspection

Firewall

Anti-Virus

Log Inspection

Integrity Monitoring

Also works

for VDI


Deep Discovery

31

Outer Perimeter

Inn

er P

erim

eter

sValuable Server

Valuable Server

Valuable Server

Endpoint

Endpoint


Deep Discovery

Identify Attack Behaviour & Reduce False Positives

Detect Malicious Content and Communication

Analyze

Simulate

Real-Time

Inspection

Deep

Analysis

Correlate

Actionable

Intelligence

Visibility – Real-time DashboardsInsight – Risk-based Analysis

Action – Remediation Intelligence

Out of band network data

feed of all network traffic

Actionable

Intelligence


Mobile App Reputation

• Mobile App Reputation is a cloud-based technology that automatically identifies mobile threats based on app behavior– Crawl & collect huge number of Android apps

from various Android Markets– Identifies existing and brand new mobile

malware– Identifies apps that may abuse privacy / device

resources

– World’s first automatic mobile app evaluation service

– Secure App Store & provide “peace of mind” for end users

– Has been adopted by nDuoa, Nokia-Siemens Network.

• Malware?• Privacy Risk?• High Resource

Consumption?

Mobile App Reputation

Apps

No Issues

Issue Identified


Call 01628 400552www.trendmicro.co.uk

THANK YOU!

Technology

The year that shook the world