Countering Insider Threats Jeremy Ho

Transcription

1 Countering Insider Threats Jeremy Ho Strategic Sales Group (ASEAN) 1

2 CONFIDENTIAL Key Challenges Impacting Organization Today REGULATORY COMPLIANCE Rising Data Volumes Changing Requirements Prioritization Challenges Countering Insider Threats 2

3 The faces of Threats to Information Security It s about people Well-meaning Insiders Malicious Insiders Malicious Outsiders Countering Insider Threats 3

4 Symantec knows Data Loss Trends, News & What s at Stake 88% experienced data loss 59% of employees leave with data $7.2 million average cost of a breach Legal & compliance penalties A corporate black eye Symantec Data Loss Prevention 5

5 Accidental Insider Threats 1. Employees respond to phishing s and disclose confidential information. 2. Employees to get malware infections that disclose account credentials. 3. Employees to lose laptops, PDAs or other devices that contain confidential information. Protecting Your Crown Jewels - How SCSP Does It 6

6 Threat Landscape Social Networking + Social Engineering = Compromise More Info: Detailed review of Social Media threats available in The Risks of Social Networking Hackers have adopted social networking Use profile information to create targeted social engineering Impersonate friends to launch attacks Leverage news feeds to spread spam, scams and massive attacks The Evolving Threat Landscape: Web, Spam and Phishing Attacks 7

7 What Can We Do About It? Well-meaning Insiders Malicious Insiders Malicious Outsiders Countering Insider Threats 9

8 Symantec Approach People + Process + Technology PEOPLE PROCESS TECHNOLOGY Requires solutions training, incident response and appropriate defenses that address all three areas 10

9 The Core IT Security Develop and Enforce IT Policies Protect the Information Authenticate Identities Manage Systems Protect the Infrastructure Changing Threat Landscape August 2011

10 Symantec is Focused on Meeting These Challenges Develop and Enforce IT Policies Protect the Information Authenticate Identities Manage Systems Control Suite Data Loss Prevention Suite and Encryption VeriSign Identity and Authentication IT Suite Protect the Infrastructure Symantec Suites

11 Defense in Depth (DiD) A concept as old, or older, than moats and drawbridges Definition: The siting of mutually supporting defense positions designed to absorb and progressively weaken attack, prevent initial observations of the whole position by the enemy, and to allow the commander to maneuver his reserve Defense in Depth 14

12 Security Policy Security Client Messaging Server File Server Application Server Database Server

13 Information Policy Security Policy Information Archiving Security Client Messaging Server File Server Application Server Database Server

14 Information Policy Security Policy Information Archiving Security Endpoint FW, AV, HIPS/HIDS, Device and App Control Client Messaging Server File Server Application Server Database Server

15 Information Policy Security Policy Information Archiving Security User Authentication 2-Factorr MPKII Encryption Full Disk, Pre-Boot Auth Removal Storage Endpoint FW, AV, HIPS/HIDS, Device and App Control Client Messaging Server File Server Application Server Database Server

16 Help Desk Legal Dept Security Information Event Logging Log Consolidation Correlation! Information Policy Security Policy Information Archiving Security User Authentication 2-Factorr MPKII Encryption Full Disk, Pre-Boot Auth Removal Storage Brightmail Message Security Traffic Shaping Anti-Spam / Virus Data Loss Prevention Discovery Detection Workflow Webgateway Malware URL Filtering Endpoint FW, AV, HIPS/HIDS, Device and App Control Client Messaging Server File Server Application Server Database Server

17 Help Desk Legal Dept Security Information Event Logging Log Consolidation Correlation! Control Suite Policy View Infrastructure View Risk View Information Policy Security Policy Information Archiving Security User Authentication 2-Factorr MPKII Encryption Full Disk, Pre-Boot Auth Removal Storage Brightmail Message Security Traffic Shaping Anti-Spam / Virus Data Loss Prevention Discovery Detection Workflow Webgateway Malware URL Filtering Endpoint FW, AV, HIPS/HIDS, Device and App Control Client Messaging Server File Server Application Server Database Server

18 Symantec Services Security Assessments to Reveal Gaps in DATA LOSS RISK ASSESSMENT MALICIOUS ACTIVITY ASSESSMENT SECURITY AWARENESS PROGRAM ADVISORY SERVICES Penetration Testing Vulnerability Assessment Security Program Assessment Advanced Persistent Threats: Cutting Through the Hype 22

19 Intelligence sources Lots of information Internet Security Threat Report (ISTR) - Annual Interim ISTR Deep Dive Reports (1 2 per year) - Rogueware applications - Web Attack Toolkits & Malicious Websites Quarterly Intelligence Updates - Speeds and Feeds update Security Response Blog - Dozens of articles each month written by analysts Business Security Response Website - >25% of all symantec.com traffic is to a Response page 24

20 Thank you! Copyright 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 25