Presentation Identifier Goes Here 1
The Changing Security landscape
Anthony LeighTechnical Account Manager, Security
Evolution of Strategy RequirementsNow Structured and Unstructured
2
Jan, 2007 - 250,000 viruses
2011 – over 300 million
3Symantec Endpoint Protection 12.1
4
MoreSophisticated
AttacksComplex
HeterogeneousInfrastructure
Explosion ofInformation
IncreasedCost of
Incidents
Key IT Security Trends
5
The Current Approach Is Not Working
Stopping LessSpending More
IT Must Evolve to Meet New Demands
• Driver: Business automation, e.g., ERP, functional apps
• Data: Centralized, structured
• Infrastructure: Physical
• IT focus: Systems tasks
• Driver: Next level of productivity and agility with collaboration and knowledge sharing
• Data: Distributed, unstructured
• Infrastructure: Virtual, cloud, outsourced
Information-CentricInformation-Centric
System-CentricSystem-Centric
6
7
The Evolution of IT & Security...
Threat Landscape2011 Trends
8
Social Networking + social engineering = compromise
Attack Kits get a caffeine boost
Targeted Attacks continued to evolve
Hide and Seek (zero-day vulnerabilities and rootkits, cryptors)
Beyond the PCattackers branch out
IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive
Threat Landscape1. Targeted Attacks continue to evolve
IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive
• High profile attacks in 2010 raised awareness of impact of APTs
• Stuxnet was incredibly sophisticated– Two (2) Stolen digital signatures
– Two (2) different root kits
– Four (4) zero-day vulnerabilities
– Seven (7) different propagation mechanisms
– Fifteen (15) modules, ten thousand (10,000) lines of code
Detailed review in the:W32.Stuxnet Dossier& W32.Stuxnet
More Info:
9
Presentation Identifier Goes Here 10
Threat Landscape 2. Social Networking + Social Engineering = Compromise
IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive 11
… has given way to Social Networking – Use profile information to create targeted social engineering
– Impersonate friends to launch attacks
– Leverage news feeds to spread spam, scams and massive attacks
Dumpster diving…
Problem: Social EngineeringRecent example: W32:Yimfoca.B
Presentation Identifier Goes Here 12
Presentation Identifier Goes Here 13
Threat Landscape3. Hide and Seek
Trivial to use14IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive
Threat Landscape4. Attack Kits Get a Caffeine Boost
IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive 15
• Java exploits added to many existing kits• Kits exclusively exploiting Java vulnerabilities appeared
More Info:
Detailed information available in ISTR Mid-Term: Attack Toolkits and Malicious Websites
Threat Landscape 5. Beyond the PC
• Mobile activity on the rise– Complex OS environments– Increasing numbers of trojanized Android apps– Mobiles will be targeted more when used for financial
transactions
• Java based threats– Jnanabot is a truly cross-platform bot that
infects Windows, Linux, and MacOS
• Mac OS Threats– Starting to see Fake AV
IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive 16
42%
Symantec Endpoint Protection 12
17
• Up to 70% reduction in scan overhead
• Smarter Updates• Faster Management
• Powered by Insight • Real Time Behavior
Monitoring with SONAR
• Tested and optimized for virtual environments• Higher VM densities
Unrivaled Security
Built for Virtual Environments
Blazing Performance
Intelligence sourcesLots of information…
IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive 18
Internet Security Threat Report (ISTR)- AnnualInterim ISTR Deep Dive Reports (1 – 2 per year)- Rogueware applications- Web Attack Toolkits & Malicious WebsitesQuarterly Intelligence Updates- Speeds and Feeds update
Security Response Blog- Dozens of articles each month written by analystshttp://www.symantec.com/connect/symantec-blogs/sr
Business Security Response Website
- >25% of all symantec.com traffic is to a ‘Response’ page
http://www.symantec.com/