Upload
opendns
View
461
Download
3
Embed Size (px)
DESCRIPTION
Your managed service includes anti-virus, an email filter and a firewall. So why do you still find yourself wasting resources on cleaning up and re-imaging infected customer endpoints? Learn how top MSPs are lowering costs, gaining efficiencies and fueling growth by leveraging cloud-delivered predictive security.
Citation preview
1 CONFIDENTIAL
Dima [email protected]. Product Manageropendns.com/msp
Standardizing and Strengthening Security
2 CONFIDENTIAL
GLOBAL SECURITY NETWORK208.67.220.220 208.67.222.2222% OF INTERNET WORLD-WIDE
23 DATA CENTER LOCATIONS
60B+ QUERIES PER DAY2,000+ ITSP PARTNERS
ASIA-PACIFIC
EUROPE, MIDDLE
EAST & AFRICA
AMERICAS
3 CONFIDENTIAL
Umbrella for MSPs:Cloud-delivered security service for MSPs
4 CONFIDENTIAL
DECREASED COSTS50-80%
reduction in malware cleanup
time
INCREASED
REVENUEGranular
Web Filter and cloud
service compliance
IMPROVED RETENTIO
NImproved customer
uptime and value
reports
Security ROI
5 CONFIDENTIAL
The Evolving Threatscape
6 CONFIDENTIAL
Changes in Technology
SaaSSubscribe to applications
instead of buying and deploying
IaaSRent servers and storage
instead of building
CaaSCyberCrime made easier
with SaaS and IaaS models
7 CONFIDENTIAL
Hacker Organization Centralized Build from scratch Own servers Expensive Large targets
Crime Ecosystem Distributed Buy or hosted Specialize in areas Cheap Smaller targets
OLD NEW
Evolution of CyberCrime
8 CONFIDENTIAL
Cybercrime Job Postings
Cybercrime Payment Systems
Cybercrime Marketplaces
9 CONFIDENTIAL
SMB in the CrosshairsDecreased Cost Makes SMBs Ideal Targets
TARGETED ATTACKS
AGAINST SMBS
41%36
%
18%
2012 20132011
41%
PROPORTION OF BREACHES BY ORG
SIZE
15x
1x ORGS WITH 11-100 EMPLOYEES
ORGS WITH <11
or >100 EMPLOYE
ES
10 CONFIDENTIAL
How SMBs Are Being Targeted: Infection Vectors
11 CONFIDENTIAL
Emails Are Targeting SMBs GOALTrick SMB into opening link or attachment
12 CONFIDENTIAL
Exploits Kit/Drive By Download Explosion GOALBreach browser to push and executable
13 CONFIDENTIAL
Exploit Kits Are Getting Better
14 CONFIDENTIAL
Exploits Kit/Drive By Download ExplosionExplosion in Kits Available
ANGLERRIGASTRUM
FIESTA
BLEEDING LIFE
BLACKHOLE
CRIMEPACK
DOTKACHEF
FLASHPACK
GONGDA
NITERIS
LIGHTSOUT
NUCLEAR
ARCHIE
SWEETORANGE
15 CONFIDENTIAL
Malvertising on the Rise
1. Set up a website with exploit kit
2. Run an ad on Yahoo, AOL or other ad network, with legitimate company creative
3. Ad server redirects users to exploit kit site
4. User gets infected
How do they work? Attn: NYTimes.com readers: Do not click pop-up box warning about a virus -- it’s an unauthorized ad we are working to eliminate.
The New York Times
Top websites deliver CryptoWall ransomware via malvertising…
Adam GreenbergSC Times
16 CONFIDENTIAL
Malvertising Targeting SMBs
17 CONFIDENTIAL
Intermediate step: Dropper Malware
18 CONFIDENTIAL
Increasingly Common Step: DropperIncreasingly Common Option for Ransomware
Bad actor gets a piece of malware on computer
1Malware sits quietly and just phones home; not the flashy/noisy malware
2Bad actor sells or
rents ability to infect computer Malware phones
home Installs main
payload: Ransomware, Keylogger, Spambot
3If contract ends or more capacity, install more malware
4
GOALMalware that installs other malware
19 CONFIDENTIAL
ANTIVIRUS
20 CONFIDENTIAL
Source: krebsonsecurity.com
21 CONFIDENTIAL
Malware payload
22 CONFIDENTIAL
Keyloggers and Spyware
23 CONFIDENTIAL
24 CONFIDENTIAL
25 CONFIDENTIAL
SMB Bank Account Breaches
Crystal Lake Elementary School District 47Amount Stolen: $350,000.00Media: McHenry County Blog
DKG EnterprisesAmount Stolen: $100,000.00Media: Krebs On Security
Downeast Energy & Building SupplyAmount Stolen: $150,000.00Media: Bank Info Security
Little & King LLCAmount Stolen: $164,000.00Media: Krebs On Security
Battle Ground CinemaAmount Stolen: $81,000.00Media: Krebs On Security
Delray Beach Public LibraryAmount Stolen: $160,000.00Media: Krebs On Security
Brookeland Fresh Water Supply DistrictAmount Stolen: $35,000.00Media: Krebs On Security
Spring Hill Independent School DistrictAmount Stolen: $30,687.00Media: News-Journal
26 CONFIDENTIAL
27 CONFIDENTIAL
Ransomware
28 CONFIDENTIAL
Ransomware
Evolution
Fake Anti-Virus
29 CONFIDENTIAL
“FBI” Ransomware
Evolution
Fake Anti-Virus
FBI Ransomware– Lock up screen+browser– Find pornography in history– If none found, pop-up porn– Ask for Ransom
GOALScare user into paying ransom
30 CONFIDENTIAL
31 CONFIDENTIAL
Your webcam Image here
32 CONFIDENTIAL
33 CONFIDENTIAL
34 CONFIDENTIAL
35 CONFIDENTIAL
Malware Payload: Ransomware GOALRansom encrypted dataEvolution
Fake Anti-Virus
FBI Ransomware
Cryptovirus– CryptoLocker– PrisonLocker– HowDecrypt– CryptorBit– CryptoDefense– CryptoWall
36 CONFIDENTIAL
CryptoVirus workflowInbound and outbound communication
Infect machine with early stage• Email• Exploit kit• Malvertisin
g• Dropper
1Phone home to Command and Control server to get encryption key
2Encrypt local and network share data• May take hours
to days to fully encrypt
• Makes finding a clean restore difficult
3Ransom user
• Establish deadline and threaten permanent data loss
4
GOALRansom user for encrypted data
37 CONFIDENTIAL
Signature-based security evasion
38 CONFIDENTIAL
Getting Around Signatures: Crypters
39 CONFIDENTIAL
Getting Around Signatures: Crypters
40 CONFIDENTIAL
Getting Around Signatures
41 CONFIDENTIAL
Test Against Signature Based Tools
Ensures a bad actor will be successful
Allows the bad actor to create their ownCyberCrime sales forecasts
42 CONFIDENTIAL
Getting Around Signatures: Crypters
43 CONFIDENTIAL
“Signature-based tools (antivirus, firewalls, and intrusion prevention) are only effective against 30–50% of current security threats.”IDCNovember 2011
44 CONFIDENTIAL
Strengthening security beyond signatures
45 CONFIDENTIAL
Security is About Layers
46 CONFIDENTIAL
Off-network/RoamingOn-network
Security Layers and Risk Management
EMAIL SECURITY
ENDPOINT AV
OPENDNS - NETWORK LAYER SIGNATURELESS SECURITY SERVICE
FIREWALL
47 CONFIDENTIAL
PREDICTIVE INTELLIGENCE
60B+DailyRequests
Block Threats
Contain
Infections
Automation
48 CONFIDENTIAL
PREVENT Malware Focus on full infection process
‒ Not just an executable or signature
Block sites with exploit kits at the network layer‒ Whether it’s a whole site or an embedded ad
Prevent connections to malvertising links‒ The connection after the ad is what matters
Protect users from phishing‒ To prevent breaches
Block malicious links in emails and apps‒ Because the browser is not the only path of infection
49 CONFIDENTIAL
CONTAIN: The New PreventionPrevent “Phoning home”
Block “droppers” from getting malware‒ Whether it’s ransomware, keyloggers, spam senders or DDoS bots
Stop spyware/keyloggers from uploading data
Prevent ransomware from getting key
ALERT WITH TICKET IN ConnectWise‒ Deep API level integration‒ Infection is contained before user notices‒ 10 minute clean-up vs 10 hour
50 CONFIDENTIAL
Standardizing Security
51 CONFIDENTIAL
“80% of attacks leverage known vulnerabilities and configuration management setting weakness”John Streufert Deputy CIO, US State Department
52 CONFIDENTIAL
Standardizing SecurityChallenges for MSPs
Anti-virus UTMs + Firewalls
System performance
Consistency in updates and scans
Platform support Application issues
Multiple Vendors Sizing-based Network
topologies Network
Performance
53 CONFIDENTIAL
UTM and Firewall PerformanceAdmins are disabling features for Performance
Has your organization turned off certain firewall functions because they were impacting network performance?
Has your organization declined to enable certain firewall functions to
avoid impacting network performance?
Series1
0% 20% 40% 60% 80% 100%
No Don't know Yes
Series1
0% 20% 40% 60% 80% 100%
No Don't know Yes
10%
58% 32%
11%
50% 39%
55 CONFIDENTIAL55 CONFIDENTIAL
208.67.222.222
We Deliver Worldwide Coverage in Minutes
56 CONFIDENTIAL
Lightweight Agent with Automation Policy to Deploy
Deploy in Minutes
CLIENT-A155.21.1.1/28
CLIENT-B214.41.3.1/
32
CLIENT-C23.4.2.4/
32
208.67.222.222
Protect all Devices Connecting to Customer
Networks
57 CONFIDENTIAL
Multi-tenantMultiple customer organizations under MSP
58 CONFIDENTIAL
New Feature: Centralized Management
59 CONFIDENTIAL
New Feature: Centralized Management
Types– Block page customization– Security settings– Content filtering
Truly linked to customer orgs– No config files to manage– Instant changes
Multiple settings – Apply to all or Apply to some– Vertical specific– Service Level Specific
60 CONFIDENTIAL
Centralized Management: Single Pane ViewQuickly view and modify settings
61 CONFIDENTIAL
ROI in actionMirus IT saves $100k per year with OpenDNS
62 CONFIDENTIAL
Cloud Service Visibility and Shadow IT
63 CONFIDENTIAL
Problems with Shadow IT
CUSTOMER
Business Risk Data leakage Compliance Inefficient processes Security issues Hidden costs
MSP
Service issues “Surprise” tickets Network issues Cloud isn’t backed
up Time wasted Missed Revenue
64 CONFIDENTIAL
Cloud Services Visibility
65 CONFIDENTIAL
Cloud Services Visibility
66 CONFIDENTIAL
Signatures and humans can’t stay ahead of
ADVANCED ATTACKS
Firewalls, UTMs and VPNs can’t secure
ERODING PERIMETERS
Employees are deploying Cloud
Services withSHADOW IT
67 CONFIDENTIAL
Easy to Do Business
Volume Pricing
Monthly Billing
Multi-tenant Dashboard
Manage Seats
On-demand
BUSINESS PRACTICES ALIGNED
WITH MONTHLY RECURRING
REVENUE MODELS