Information & network security in the new threat landscape. Sarah Greenwood

Size: px

Start display at page:

Download "Information & network security in the new threat landscape. Sarah Greenwood"

Arthur Daniel
8 years ago
Views:

1 Information & network security in the new threat landscape Sarah Greenwood

2 Today s Discussion 6 The current threat landscape Security technology moving forward The role of policy makers 2

3 Symantec Global Intelligence Network 4 Symantec SOCs + 74 Symantec Monitored Countries 40,000+ Registered Sensors + in 180+ Countries + 8 Symantec Security Response Centers >6,200 Managed Security Devices ,000 Millions Hundreds malware Systems of security threat of Worldwide submissions MSS reports alerts customers + per 30% per month of month World s Traffic + Advanced Honeypot Network Tokyo, Japan Calgary, Canada San Francisco, CA Redwood City, CA Santa Monica, CA Dublin, Ireland Twyford, England Munich, Germany Taipei, Taiwan Alexandria, VA Pune, India Sydney, Australia 3

submissions MSS reports alerts customers + per 30% per month of month World s email Traffic + Advanced Honeypot Network Tokyo, Japan Calgary, Canada

4 Attack Trends Denial of Service - Top Targeted Sectors - 4

5 Attack Trends Top targeted sectors Home user are often targets of opportunity and provide cover for larger, more targeted attacks Targeted attacks against Government, Information Technology, Utilities and Energy are on the rise. 5

targeted attacks Targeted attacks against Government,

6 Vulnerability Trends Volume Between January 1 and June 30, 2006, the total number of vulnerabilities grew by 18% over the previous reporting period and 20% over the same period last year. Primarily due to the high percentage of Web application vulnerabilities. Once again, this is the highest total Symantec has ever recorded. 6

7 Malicious Code Trends Previously Unseen malicious code (proportion of all threats) - Detected by Symantec Honeypots - higher proportions indicate that attackers are more actively trying to evade signature based detection methods. Primarily due to variants utilizing metamorphic code, run-time packers and changes to code functionality. 7

actively trying to evade signature based detection methods.

8 Malicious Code Trends Propagation vectors SMTP continues to be the top propagation mechanism - 1 out of every 122 messages contained malicious code. Driven by Netsky, Beagle, Mytob and SoberX. All of the Top Ten malicious code samples reported to Symantec utilized SMTP as a propagation mechanism. 8

malicious code. Driven by Netsky, Beagle, Mytob and SoberX.

9 Malicious Code Trends Exposure of confidential information Threats that expose sensitive data such as system information, confidential files, documents, cached logon credentials, credit card details, etc. Potential use in criminal activities resulting in significant financial losses. 9

documents, cached logon credentials, credit card details, etc.

10 Phishing - Unique phishing messages Definitions: Phishing message - single, unique message sent to targets with the intent of gaining confidential or personal information. Each message has different content and different method of trying to obtain information. Phishing attempt - instance of a phishing message being sent to an individual user(s). 81% increase over the previous reporting period - Average of 865 unique phishing messages per day 10

Each message has different content and different method of trying to obtain information.

11 Spam - Top countries of origin, categories and volume Between January 1st and June 30th, 2006, the average percentage of that is Spam was 54%, an 4 percentage point increase from the last reporting period Health makes up 26% of all spam, followed by Adult with 22%. Heath and Adult traditionally have the highest click-through rates as they are more difficult to market through traditional means Canada and South Korea were the only countries with a drop in percentage - 2% each 11

12 The Need for Comprehensive Protection Internet 1.0 Era Identity Protection Fraud Protection IM Protection Protecting Interactions Client Server Era Firewall / IDS VPN Disk Based BU Protecting Information Data Leakage Data Archival Device Compliance Mainframe Era HA Clusters Volume Virtualization Credential Mgt Malware Protection Performance Mgt Security Compliance Protecting Infrastructure Utility Computing Policy Mgt Reg Compliance Time 12

IDS VPN Disk Based BU Protecting Information Data Leakage Data Archival Device Compliance Mainframe Era HA

13 Attack Trends Top Originating Countries The United States remains the top source country for attacks with 37% of the worldwide total. Germany, France, UK, Spain, Italy and the Netherlands are in the top ten as source country for attacks worldwide. 13

14 Attack Trends Denial of Service - Top Target Countries - During the current reporting period, Symantec saw an average of 6,110 Denial of Service attacks per day. The average grew from 4,000 per day in January to over 7,500 per day in June. One period in March saw a spike to over 8,000. The UK was the most targeted nation for DoS attacks in Europe followed by Germany, France, the Netherlands and Italy. 14

The average grew from 4,000 per day in January to over 7,500 per day in June.

15 Current and suggested security provisions and its application Obligation for ECSPs to take appropriate security measures Obligations to notify threat of a breach What is being proposed: - Liability of ECSP Need clarification on implementing provisions on requirements for ISP Need of enforceable rules Should be left to national legislators rather then have a EUwide liability clause Liability waiver similar to the e-commerce Directive? 15

clarification on implementing provisions on requirements for ISP Need of enforceable rules Should be left to

16 Powers for NRAs - Have a single security implementation ownership - Security recommendations and measures should guarantee technology neutrality and not entail a technology mandate. Performance based requirements Best practices Monitoring & auditing security levels applied by ISP - Coordinated approach amongst NRAs across EU on the development of performance based guidance. 16

Performance based requirements Best practices Monitoring & auditing security levels applied by

17 Data breach - ISPs required to notify security breaches to NRA and customers Name & Shame incentive Education leverage - Extend to ESCPs? - Definition of breach? - Liability waiver? 17

18 Conclusions We are on the right track The devil is in the details 18

19 Thank You!

ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS

ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS The Internet Threat Landscape Symantec TM Dean Turner Director Global Intelligence Network Symantec Security