1 / 15

Information Security Management: Protecting IT Assets from Current and Future Threats

Information Security Management: Protecting IT Assets from Current and Future Threats. John McCumber Strategic Program Manager. Key Information Security Challenges:. Blurring lines: “securing” IT assets vs. “managing” them: who ultimately has the responsibility?

hasana
Télécharger la présentation

Information Security Management: Protecting IT Assets from Current and Future Threats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security Management: Protecting IT Assets from Current and Future Threats John McCumber Strategic Program Manager

  2. Key Information Security Challenges: • Blurring lines: “securing” IT assets vs. “managing” them: who ultimately has the responsibility? • Too much information: deluge of security news (i.e. viruses, new patches) must be custom formatted for my environment – takes time! • Shortage of trained and experienced personnel • Need to wrap protection around evolving architectures and business models (i.e. wireless LANs, remote access) • Investment in new security tools necessitates a new console to manage, alerts to correlate • “Undesired” ranks are expanding: blended threats, P2P, spam, “spyware,” insider threats – together require more than traditional server and desktop solutions

  3. 900M 150,000 800M 125,000 700M 600M 100,000 500M 75,000 400M 300M 50,000 200M 25,000 100M 1996 1997 1998 1999 2000 2001 2002 2003 World-Wide Attack Trends Blended Threats (CodeRed, Nimda, Slammer) Denial of Service (Yahoo!, eBay) Infection Attempts Malicious Code Infection Attempts* Network Intrusion Attempts Mass Mailer Viruses (Love Letter/Melissa) Zombies Network Intrusion Attempts** Polymorphic Viruses (Tequila) 0 0 *Analysis by Symantec Security Response using data from Symantec, IDC & ICSA; 2003 estimated **Source: CERT

  4. Software Vulnerabilities Average number of new vulnerabilities discovered every week Vulnerabilities Source: Bugtraq

  5. New vulnerabilities Month Vulnerability Trend Highlights • Newly discovered vulnerabilities are increasingly severe. Accordingly, the number of low severity vulnerabilities is decreasing. High-severity vulnerabilities give increased privileges and access to more prominent targets. Breakdown of Volume by Severity

  6. Percentage of vulnerabilities Month Vulnerability Trend Highlights • Symantec reports that 70% of the vulnerabilities found in 2003 could be easily exploited, due to the fact that an exploit was either not required or was readily available. This is a 10% increase over 2002, where only 60% were easily exploitable. Percentage of Easily Exploitable New Vulnerabilities

  7. Attack Trend Highlights • Almost one third of all attacking systems targeted the vulnerability exploited by Blaster and its successors. Other worms that surfaced in previous periods continue to survive and target Firewall and IDS systems globally. A sufficient number of unpatched systems remain to sustain them.

  8. How do we achieve proactive security management to mitigate current and future risks? Focus on four key elements: • Alert - gain early warning, take evasive action • Protect – deploy defense-in-depth • Respond – react in prioritized fashion • Manage – applies to a 360-degree view of security and managing the secure lifecycles of our individual assets

  9. Alert Protect ProactiveControl Manage Respond Security Fundamentals • Prevent unwanted attacks • Detect physical breaches • Security of information assets • Early awareness of threats • “Listening posts” • Environment • Policies and Vulnerabilities • Device/PatchConfiguration • User Access • Identity Management • Information • Events and incidents • Internal • Workflow • Auto-configuration • Disaster recovery • External • Hotline • Signature updates

  10. 7/16 - DeepSight Alerts & TMS initial alerts on the RPC DCOM attack 8/5 -DeepSight TMS Weekly Summary, warns of impending worm. 8/11 - Blaster worm breaks out. ThreatCon is raised to level 3 7/23 - DeepSight TMS warns of suspected exploit code in the wild. Advises to expedite patching. 8/7 TMS alerts stating activity is being seen in the wild. 7/25 - DeepSight TMS & Alerts update with a confirmation of exploit code in the wild. Clear text IDS signatures released. Alert Alert: Spotting the ‘Blaster’ worm early DeepSight Notification IP Addresses Infected With The Blaster Worm

  11. The Convergence Imperative • Assure security policy compliance • Receive early awareness of threats • Prevent & detect attacks & breaches • Protect privacy of information • Discover & track HW/SW assets • Provision, update & configure systems via automated policies • Instantly push security patches & signatures to all managed devices • Assure software license compliance & remove unauthorized applications • De-provision & repurpose systems securely • Rapidly & easily recover from loss of critical systems & information • Insure via policies that adequate storage available for applications & backup • Create secure archives for preserving information assets

  12. Solving the Convergence Challenge • Threat, vulnerability & event-driven patch & configuration management • Threat, vulnerability & event-driven backup • Recovery from attack • Policy-driven backup • Monitor storage resources & perform corrective action • System & data recovery

  13. Alert High Risk Depth & Frequency of backup Normal Normal Adjust Protection Granularity Protect Deploy Scan Test Remove Vulnerability Recover Management in Action:Integrated Security, Systems & Storage • Threat • Vulnerabilities • Attack SEA platform Alert Action Policies Rapid Recovery from Attack, Faulty Patch

  14. Summary • Risk is escalating: Threats are more complex, exploiting more vulnerabilities in less time – requires more comprehensive strategies leveraging integrated capabilities and strengths • In the public sector, there are additional strong catalysts driving the “A.P.R.M.” approach, such as compliance (i.e. FISMA) and safely enabling information-sharing. Take advantage of tools that serve multiple needs (i.e. asset inventory, policy compliance and patch management) • Given the nature of threats, we need to play to natural strengths gained through merging security, system and storage functions – on both a technology and personnel level • Knowing what we have, how it is configured, and how it can be restored – in the context of what is happening “in the wild” (exploits, vulnerabilities, patterns) is the best defense for what the future brings

  15. Thank You!

More Related