Standardizing and Strengthening Security to Lower Costs

1 CONFIDENTIAL

Dima Kumetsdima@opendns.comSr. Product Manageropendns.com/msp

Standardizing and Strengthening Security

2 CONFIDENTIAL

GLOBAL SECURITY NETWORK208.67.220.220 208.67.222.2222% OF INTERNET WORLD-WIDE

23 DATA CENTER LOCATIONS

60B+ QUERIES PER DAY2,000+ ITSP PARTNERS

ASIA-PACIFIC

EUROPE, MIDDLE

EAST & AFRICA

AMERICAS

3 CONFIDENTIAL

Umbrella for MSPs:Cloud-delivered security service for MSPs

4 CONFIDENTIAL

DECREASED COSTS50-80%

reduction in malware cleanup

time

INCREASED

REVENUEGranular

Web Filter and cloud

service compliance

IMPROVED RETENTIO

NImproved customer

uptime and value

reports

Security ROI

5 CONFIDENTIAL

The Evolving Threatscape

6 CONFIDENTIAL

Changes in Technology

SaaSSubscribe to applications

instead of buying and deploying

IaaSRent servers and storage

instead of building

CaaSCyberCrime made easier

with SaaS and IaaS models

7 CONFIDENTIAL

Hacker Organization Centralized Build from scratch Own servers Expensive Large targets

Crime Ecosystem Distributed Buy or hosted Specialize in areas Cheap Smaller targets

OLD NEW

Evolution of CyberCrime

8 CONFIDENTIAL

Cybercrime Job Postings

Cybercrime Payment Systems

Cybercrime Marketplaces

9 CONFIDENTIAL

SMB in the CrosshairsDecreased Cost Makes SMBs Ideal Targets

TARGETED ATTACKS

AGAINST SMBS

41%36

%

18%

2012 20132011

41%

PROPORTION OF BREACHES BY ORG

SIZE

15x

1x ORGS WITH 11-100 EMPLOYEES

ORGS WITH <11

or >100 EMPLOYE

ES

10 CONFIDENTIAL

How SMBs Are Being Targeted: Infection Vectors

11 CONFIDENTIAL

Emails Are Targeting SMBs GOALTrick SMB into opening link or attachment

12 CONFIDENTIAL

Exploits Kit/Drive By Download Explosion GOALBreach browser to push and executable

13 CONFIDENTIAL

Exploit Kits Are Getting Better

14 CONFIDENTIAL

Exploits Kit/Drive By Download ExplosionExplosion in Kits Available

ANGLERRIGASTRUM

FIESTA

BLEEDING LIFE

BLACKHOLE

CRIMEPACK

DOTKACHEF

FLASHPACK

GONGDA

NITERIS

LIGHTSOUT

NUCLEAR

ARCHIE

SWEETORANGE

15 CONFIDENTIAL

Malvertising on the Rise

1. Set up a website with exploit kit

2. Run an ad on Yahoo, AOL or other ad network, with legitimate company creative

3. Ad server redirects users to exploit kit site

4. User gets infected

How do they work? Attn: NYTimes.com readers: Do not click pop-up box warning about a virus -- it’s an unauthorized ad we are working to eliminate.

The New York Times

Top websites deliver CryptoWall ransomware via malvertising…

Adam GreenbergSC Times

16 CONFIDENTIAL

Malvertising Targeting SMBs

17 CONFIDENTIAL

Intermediate step: Dropper Malware

18 CONFIDENTIAL

Increasingly Common Step: DropperIncreasingly Common Option for Ransomware

Bad actor gets a piece of malware on computer

1Malware sits quietly and just phones home; not the flashy/noisy malware

2Bad actor sells or

rents ability to infect computer Malware phones

home Installs main

payload: Ransomware, Keylogger, Spambot

3If contract ends or more capacity, install more malware

4

GOALMalware that installs other malware

19 CONFIDENTIAL

ANTIVIRUS

20 CONFIDENTIAL

Source: krebsonsecurity.com

21 CONFIDENTIAL

Malware payload

22 CONFIDENTIAL

Keyloggers and Spyware

23 CONFIDENTIAL

24 CONFIDENTIAL

25 CONFIDENTIAL

SMB Bank Account Breaches

Crystal Lake Elementary School District 47Amount Stolen: $350,000.00Media: McHenry County Blog

DKG EnterprisesAmount Stolen: $100,000.00Media: Krebs On Security

Downeast Energy & Building SupplyAmount Stolen: $150,000.00Media: Bank Info Security

Little & King LLCAmount Stolen: $164,000.00Media: Krebs On Security

Battle Ground CinemaAmount Stolen: $81,000.00Media: Krebs On Security

Delray Beach Public LibraryAmount Stolen: $160,000.00Media: Krebs On Security

Brookeland Fresh Water Supply DistrictAmount Stolen: $35,000.00Media: Krebs On Security

Spring Hill Independent School DistrictAmount Stolen: $30,687.00Media: News-Journal

26 CONFIDENTIAL

27 CONFIDENTIAL

Ransomware

28 CONFIDENTIAL

Ransomware

Evolution

Fake Anti-Virus

29 CONFIDENTIAL

“FBI” Ransomware

Evolution

Fake Anti-Virus

FBI Ransomware– Lock up screen+browser– Find pornography in history– If none found, pop-up porn– Ask for Ransom

GOALScare user into paying ransom

30 CONFIDENTIAL

31 CONFIDENTIAL

Your webcam Image here

32 CONFIDENTIAL

33 CONFIDENTIAL

34 CONFIDENTIAL

35 CONFIDENTIAL

Malware Payload: Ransomware GOALRansom encrypted dataEvolution

Fake Anti-Virus

FBI Ransomware

Cryptovirus– CryptoLocker– PrisonLocker– HowDecrypt– CryptorBit– CryptoDefense– CryptoWall

36 CONFIDENTIAL

CryptoVirus workflowInbound and outbound communication

Infect machine with early stage• Email• Exploit kit• Malvertisin

g• Dropper

1Phone home to Command and Control server to get encryption key

2Encrypt local and network share data• May take hours

to days to fully encrypt

• Makes finding a clean restore difficult

3Ransom user

• Establish deadline and threaten permanent data loss

4

GOALRansom user for encrypted data

37 CONFIDENTIAL

Signature-based security evasion

38 CONFIDENTIAL

Getting Around Signatures: Crypters

39 CONFIDENTIAL

Getting Around Signatures: Crypters

40 CONFIDENTIAL

Getting Around Signatures

41 CONFIDENTIAL

Test Against Signature Based Tools

Ensures a bad actor will be successful

Allows the bad actor to create their ownCyberCrime sales forecasts

42 CONFIDENTIAL

Getting Around Signatures: Crypters

43 CONFIDENTIAL

“Signature-based tools (antivirus, firewalls, and intrusion prevention) are only effective against 30–50% of current security threats.”IDCNovember 2011

44 CONFIDENTIAL

Strengthening security beyond signatures

45 CONFIDENTIAL

Security is About Layers

46 CONFIDENTIAL

Off-network/RoamingOn-network

Security Layers and Risk Management

EMAIL SECURITY

ENDPOINT AV

OPENDNS - NETWORK LAYER SIGNATURELESS SECURITY SERVICE

FIREWALL

47 CONFIDENTIAL

PREDICTIVE INTELLIGENCE

60B+DailyRequests

Block Threats

Contain

Infections

Automation

48 CONFIDENTIAL

PREVENT Malware Focus on full infection process

‒ Not just an executable or signature

Block sites with exploit kits at the network layer‒ Whether it’s a whole site or an embedded ad

Prevent connections to malvertising links‒ The connection after the ad is what matters

Protect users from phishing‒ To prevent breaches

Block malicious links in emails and apps‒ Because the browser is not the only path of infection

49 CONFIDENTIAL

CONTAIN: The New PreventionPrevent “Phoning home”

Block “droppers” from getting malware‒ Whether it’s ransomware, keyloggers, spam senders or DDoS bots

Stop spyware/keyloggers from uploading data

Prevent ransomware from getting key

ALERT WITH TICKET IN ConnectWise‒ Deep API level integration‒ Infection is contained before user notices‒ 10 minute clean-up vs 10 hour

50 CONFIDENTIAL

Standardizing Security

51 CONFIDENTIAL

“80% of attacks leverage known vulnerabilities and configuration management setting weakness”John Streufert Deputy CIO, US State Department

52 CONFIDENTIAL

Standardizing SecurityChallenges for MSPs

Anti-virus UTMs + Firewalls

System performance

Consistency in updates and scans

Platform support Application issues

Multiple Vendors Sizing-based Network

topologies Network

Performance

53 CONFIDENTIAL

UTM and Firewall PerformanceAdmins are disabling features for Performance

Has your organization turned off certain firewall functions because they were impacting network performance?

Has your organization declined to enable certain firewall functions to

avoid impacting network performance?

Series1

0% 20% 40% 60% 80% 100%

No Don't know Yes

Series1

0% 20% 40% 60% 80% 100%

No Don't know Yes

10%

58% 32%

11%

50% 39%

55 CONFIDENTIAL55 CONFIDENTIAL

208.67.222.222

We Deliver Worldwide Coverage in Minutes

56 CONFIDENTIAL

Lightweight Agent with Automation Policy to Deploy

Deploy in Minutes

CLIENT-A155.21.1.1/28

CLIENT-B214.41.3.1/

32

CLIENT-C23.4.2.4/

32

208.67.222.222

Protect all Devices Connecting to Customer

Networks

57 CONFIDENTIAL

Multi-tenantMultiple customer organizations under MSP

58 CONFIDENTIAL

New Feature: Centralized Management

59 CONFIDENTIAL

New Feature: Centralized Management

Types– Block page customization– Security settings– Content filtering

Truly linked to customer orgs– No config files to manage– Instant changes

Multiple settings – Apply to all or Apply to some– Vertical specific– Service Level Specific

60 CONFIDENTIAL

Centralized Management: Single Pane ViewQuickly view and modify settings

61 CONFIDENTIAL

ROI in actionMirus IT saves $100k per year with OpenDNS

62 CONFIDENTIAL

Cloud Service Visibility and Shadow IT

63 CONFIDENTIAL

Problems with Shadow IT

CUSTOMER

Business Risk Data leakage Compliance Inefficient processes Security issues Hidden costs

MSP

Service issues “Surprise” tickets Network issues Cloud isn’t backed

up Time wasted Missed Revenue

64 CONFIDENTIAL

Cloud Services Visibility

65 CONFIDENTIAL

Cloud Services Visibility

66 CONFIDENTIAL

Signatures and humans can’t stay ahead of

ADVANCED ATTACKS

Firewalls, UTMs and VPNs can’t secure

ERODING PERIMETERS

Employees are deploying Cloud

Services withSHADOW IT

67 CONFIDENTIAL

Easy to Do Business

Volume Pricing

Monthly Billing

Multi-tenant Dashboard

Manage Seats

On-demand

BUSINESS PRACTICES ALIGNED

WITH MONTHLY RECURRING

REVENUE MODELS

68 CONFIDENTIAL

Dima Kumetsdima@opendns.com

Booth 214