190 likes | 206 Vues
Security in a Changing Threat Landscape. Graeme Pinkney , Symantec EMEA gpinkney@symantec.com. 40,000+ Registered Sensors in 180+ countries. +. +. 74 Symantec monitored countries. +. 8 Symantec Security Response Centers. 4 Symantec SOCs. >6,200 Managed Security Devices.
E N D
Security in a Changing Threat Landscape Graeme Pinkney, Symantec EMEA gpinkney@symantec.com
40,000+Registered Sensorsin 180+ countries + + 74Symantec monitoredcountries + 8Symantec Security Response Centers 4 Symantec SOCs >6,200 Managed Security Devices + 120 million systems worldwide + 30% of world’s email traffic + Advanced Honeypot Network Dublin, Ireland Calgary, Canada Tokyo, Japan San Francisco, CA Redwood City, CA Twyford, England Santa Monica, CA Munich, Germany Alexandria, VA Pune, India Taipei, Taiwan Sydney, Australia Symantec™Global Intelligence Network 200,000 malware submissions per month Millions of security alerts per month Millions of threat reports per month Hundreds of MSS customers Internet Security Threat Report XI
The Threat : Key Messages • The current threat environment is characterized by an increase in data theft, data leakage, and the creation of malicious code that targets specific organizations. • Attackers are refining their methods and consolidating assets to create global networks that support coordinated criminal activity • Year of the zero-day, targeted malicious code • Increase in targeting Individual organisations • And of course making more MONEY Internet Security Threat Report XI
Today’s World:Business Exposed to Growing IT Risks • Market risk • Credit risk • Interest rate risk • Currency risk • Business process • People and talent • Environment • Physical infrastructure • Computer crimes • Internal breaches • Cyber terrorism • Configuration changes • Lack of redundancy in architectures • Human errors • Distributed architectures • Peak Demand • Heterogeneityin the IT landscape • Business growth • Provisioning bottlenecks • Silo-ed architectures • Hardware and/or software failures • External threats such as security • Natural disasters • Government regulations • Corporate governance guidelines • Internal policy Internet Security Threat Report XI
Active Bot-infected Computers Per Day Internet Security Threat Report XI
Malicious Activity by Country Internet Security Threat Report XI
Threats to Confidential Information Internet Security Threat Report XI
Propagation Mechanisms Internet Security Threat Report XI
Top Countries Hosting Phishing Web sites Internet Security Threat Report XI
Attack Trends: Data Breaches • Information on data breaches that could lead to identity theft. Data collected is not Symantec data. • The government sector accounted for the majority of data breaches with 25%, followed by Education (20%) and Healthcare (14%) - the majority of breaches (54%) were due to theft or loss with hacking only accounting for 13%. Internet Security Threat Report XI
Underground Economy Servers • Trading in credit cards, identities, online payment services, bank accounts, bots, fraud tools, etc. • Ranked according to geographic location of the server and the location of banks. • 86% of banks whose credit cards were stolen were located in the United States followed by the United Kingdom (7%) and Canada (1%). Internet Security Threat Report XI
Phishing : Daily and Seasonal Variations • Phishing activity tends to mirror an average business week as attackers attempt to mimic legitimate companies email practices. This pattern may also be due to the fact that phishing campaigns are generally short lived and are most effective when people receive and read the phishing emails soon after they were sent. • Holidays such as Christmas and New Year and large events like the FIFA World Cup increase the amount of phishing activity. During the Christmas season, blocked phishing messages climbed to a high of 29% above the average and during the FIFA World Cup, blocked phishing attempts were 40% higher than the average. Internet Security Threat Report XI
What are the Risks? • 93% of all attacks target the end user… • From A Recent Survey (193.000 endpoints) • 13% had unauthorised USB devices attached to PC’s/Laptops • 4% of Corporate PC’s had P2P software installed • 1% had remote control software installed such as “GotoMyPC” • That means nearly 8000 corporate PC’s had access to P2P networks, and nearly 2000 could remotely access their corporate PC..!! • In another survey, 20% say that nearly 50% of their data sits on the endpoints.!! Internet Security Threat Report XI
Creates new challenges for IT: Complete understanding of security risk requires correlation of: What is happeninginsidethe network With global threat activity outside the network Prioritization How do threats impact my environment? What requires immediate attention? What needs to be addressed over time? Shift from incident response to proactive security protection The Threat is Complex Internet Security Threat Report XI
“If you are fighting a war, the worst thing is to keep your strategy the same” Sir Richard Dearlove, MI6 Tactics Have to Change Internet Security Threat Report XI
The threat landscape has changed dramatically constantly changing Stealth techniques are increasinglybeing used Hackers and criminals are planningthe next steps external agenda You need to have the ability to focus attention on the area’s that will likelybe a new attack vector If the attackers are planning the nextsteps, “What are you doing”? Forecasting the Threat to Your Business Internet Security Threat Report XI
New technologies are increasingly being adopted without the focus on what attack vectors will be availablein 12 – 24 months. We are constantly in a reactive state We need to get smarter and proactive Focus attentions on intelligence and include this with your response efforts. Strategic Intelligence helps you make smarter decisions What are the Benefits? Internet Security Threat Report XI
Thank You gpinkney@symantec.com