1 / 60

The Check Point Security Report 2013

The Check Point Security Report 2013. About the research. Key findings. Security strategy. Summary. Constantly changing environment. “. Just as water retains no constant shape, so in warfare there are no constant conditions. ”. - Sun Tzu, The Art of War. There is a lot going on in 2012.

marinel
Télécharger la présentation

The Check Point Security Report 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Check Point Security Report 2013 About the research Key findings Security strategy Summary

  2. Constantly changing environment “ Just as water retainsno constant shape, so in warfare there areno constant conditions ” - Sun Tzu, The Art of War

  3. There is a lot going on in 2012

  4. Looking back and forward 2012 2013 and beyond Main security threats & risks Security architecture Recommendations

  5. Multiple sources of data • Threat Cloud • 3D Reports • SensorNet

  6. A comprehensive survey

  7. A comprehensive survey % of companies By geography By sector APAC Other Industrial EMEA Consulting Telco Government Americas Finance

  8. The Check Point Security Report 2013 About the research Key findings Security strategy Summary

  9. What you don’t know can hurt you! “There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know.” Donald Rumsfeld [Restricted] ONLY for designated groups and individuals

  10. We will talk about 3 issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network

  11. Another day, another major hack HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED HACKED

  12. And then there’s Anonymous

  13. 2012: the year of hacktivism Arab SpringPolitical freedom FoxconWorking conditions Justice DepartmentAnti-corruption VaticanUnhealthy transmitters UN ITU Internet deep packet inspection

  14. This does not affect me, right?

  15. The majority of companies are infected 100% = 888 companies of the organizations in the research were infected with bots 63%

  16. Once in … always on Communicating with command & control every21minutes

  17. Top 2012 Bots

  18. Exploit kits are easy to buy Available online Rental costs • One day – 50$ • Up to 1 month – 500$ • 3 month – 700$

  19. But there is more than Bots, right? How does malware get to my network? MalwareINSIDE

  20. Going to the wrong places… Every 23 minutes,a hostaccessesamalicious site

  21. Downloading malware all the time 53%of organizations saw malware downloads

  22. Most attacks originate in the US Top malware locations, % Germany2% UK2% Canada8% France2% Israel3% China3% Slovakia2% Turkey3% US71% Czech Rep2%

  23. Anatomy of an attack Recon 1 Exploit 2 Backdoor 3 Damage 4 BOT Toolkit RAT Virus

  24. Two major trends Profit driven A BOT Damage 4 RAT Virus B Ideological driven

  25. Case example Italian University Massive SQL injection attack

  26. Case StudyHacker injected the following string… In normal language: “Please give me the usernames and passwords from the database”

  27. From around the world… Case study - the success Blocked by Check Point IPS Software Blades

  28. We will talk about 3 issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network

  29. No longer a game

  30. What are risky applications? P2P file sharing Bypassing security or hiding identity Anonymizers File sharing / storage Do harm without the user knowing it Social networks

  31. Anonymizers Risky applications

  32. What is an anonymizer? FirewallOK User Proxy Site

  33. History of Anonymizers Began as “The Onion Router” Officially sponsored by the US Navy 80% of 2012 budget from US Government Used widely during Arab Spring

  34. The risk of anonymizers Bypasses security infrastructure Used by botnets to communicate Hide criminal, illegal activity

  35. Anonymizers inside the corporation 100% = 888 companies of organizations had users of Anonymizers (80% were not aware that their employees use Anonymizers) 47%

  36. P2P file sharing Risky applications

  37. The Risk of P2P Applications Downloading the latest“24” episoderight now  “Back door” network access Pirated content liability Malware downloads

  38. P2P inside the corporation 100% = 888 companies of organizations had a P2P file sharing app in use 61%

  39. Case example: P2P Fines for information disclosers 3,800personal details shared on P2P 95,000personal details shared on P2P

  40. Main takeaways… 61% of organizations had a P2P file sharing app in use 47% of organizations had users of anonymizers

  41. We will talk about 3 issues Threatsto the organization Risky enterpriseapplications Data loss incidents in the network

  42. How common is it? of organizations experienced data loss 54%

  43. Many types of data leaked 24% Source Code 14% Password protected file 7% Email marked as confidential 29% Credit card information 21% Other 13% Salary compensation information 7% Bank accounts numbers 6% Business data record

  44. PCI compliance can be improved 36% Of financial organizations sent credit card data outside the organization

  45. Case examples: oops, wrong address 11 emails for a lawyer to the wrong address Oct 2012 Worker fired for sending sensitive information to the wrong people Oct 2012 GPAs of all students leaked to hundreds of unintended recipients Apr 2012 Accidentally leaked 4,000 student social security numbers Apr 2012

  46. We have all had this problem Error 552: sorry, that message exceeds my maximum message size limit Dropbox? YouSendIt? Windows Live?

  47. Storing and Sharing applications 100% = 888 companies of organizations use file storage and sharing applications 80%

  48. Top sharing and storage apps % of organizations But sharing is not always caring…

  49. The Check Point Security Report 2013 About the research Key findings Security strategy Summary

More Related