Presentation Identifier Goes Here 1

The Changing Security landscape

Anthony LeighTechnical Account Manager, Security

Evolution of Strategy RequirementsNow Structured and Unstructured

2

Jan, 2007 - 250,000 viruses

2011 – over 300 million

3Symantec Endpoint Protection 12.1

4

MoreSophisticated

AttacksComplex

HeterogeneousInfrastructure

Explosion ofInformation

IncreasedCost of

Incidents

Key IT Security Trends

5

The Current Approach Is Not Working

Stopping LessSpending More

IT Must Evolve to Meet New Demands

• Driver: Business automation, e.g., ERP, functional apps

• Data: Centralized, structured

• Infrastructure: Physical

• IT focus: Systems tasks

• Driver: Next level of productivity and agility with collaboration and knowledge sharing

• Data: Distributed, unstructured

• Infrastructure: Virtual, cloud, outsourced

Information-CentricInformation-Centric

System-CentricSystem-Centric

6

7

The Evolution of IT & Security...

Threat Landscape2011 Trends

8

Social Networking + social engineering = compromise

Attack Kits get a caffeine boost

Targeted Attacks continued to evolve

Hide and Seek (zero-day vulnerabilities and rootkits, cryptors)

Beyond the PCattackers branch out

IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive

Threat Landscape1. Targeted Attacks continue to evolve

IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive

• High profile attacks in 2010 raised awareness of impact of APTs

• Stuxnet was incredibly sophisticated– Two (2) Stolen digital signatures

– Two (2) different root kits

– Four (4) zero-day vulnerabilities

– Seven (7) different propagation mechanisms

– Fifteen (15) modules, ten thousand (10,000) lines of code

Detailed review in the:W32.Stuxnet Dossier& W32.Stuxnet

More Info:

9

Presentation Identifier Goes Here 10

Threat Landscape 2. Social Networking + Social Engineering = Compromise

IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive 11

… has given way to Social Networking – Use profile information to create targeted social engineering

– Impersonate friends to launch attacks

– Leverage news feeds to spread spam, scams and massive attacks

Dumpster diving…

Problem: Social EngineeringRecent example: W32:Yimfoca.B

Presentation Identifier Goes Here 12

Presentation Identifier Goes Here 13

Threat Landscape3. Hide and Seek

Trivial to use14IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive

Threat Landscape4. Attack Kits Get a Caffeine Boost

IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive 15

• Java exploits added to many existing kits• Kits exclusively exploiting Java vulnerabilities appeared

More Info:

Detailed information available in ISTR Mid-Term: Attack Toolkits and Malicious Websites

Threat Landscape 5. Beyond the PC

• Mobile activity on the rise– Complex OS environments– Increasing numbers of trojanized Android apps– Mobiles will be targeted more when used for financial

transactions

• Java based threats– Jnanabot is a truly cross-platform bot that

infects Windows, Linux, and MacOS

• Mac OS Threats– Starting to see Fake AV

IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive 16

42%

Symantec Endpoint Protection 12

17

• Up to 70% reduction in scan overhead

• Smarter Updates• Faster Management

• Powered by Insight • Real Time Behavior

Monitoring with SONAR

• Tested and optimized for virtual environments• Higher VM densities

Unrivaled Security

Built for Virtual Environments

Blazing Performance

Intelligence sourcesLots of information…

IS B09 – SEP 12.1 – Protection Technologies – A Deep Dive 18

Internet Security Threat Report (ISTR)- AnnualInterim ISTR Deep Dive Reports (1 – 2 per year)- Rogueware applications- Web Attack Toolkits & Malicious WebsitesQuarterly Intelligence Updates- Speeds and Feeds update

Security Response Blog- Dozens of articles each month written by analystshttp://www.symantec.com/connect/symantec-blogs/sr

Business Security Response Website

- >25% of all symantec.com traffic is to a ‘Response’ page

http://www.symantec.com/