OUR MISSION IS TO PROTECT EVERYONE FROM CYBERCRIME We believe that everyone from home computer users and small companies, to large corporations and governments has the right to be free from cybersecurity fears. We have therefore made it our mission to provide the world s most effective, responsive and efficient protection against cyber-threats: those from malware, spam, hackers, DDoS attacks, sophisticated cyber-espionage tools, and cyberweapons that target countries critical infrastructure with potentially catastrophic consequences. We re here to protect our users from them all. Eugene Kaspersky Chief Executive Officer and Chairman Kaspersky Lab 1
A MULTI-LAYERED SECURITY APPROACH USING KASPERSKY LAB AT THE ENTERPRISE Julian Garcia Kaspersky Lab Channel SE (Mid-West, West Coast, Canada and Alaska) Direct: 1-971-227-3083
DATA NEVER SLEEPS BUT YOU MUST http://www.domo.com/learn/data-never-sleeps-2
KASPERSKY LAB does not sleep CYBERTHREAT REAL-TIME Map Detection Types https://cybermap.kaspersky.com/
KASPERSKY SECURITY NETWORK (KSN) Cloud-based reputation database Billions of records Urgent detection with fast response Minimizes false positives PAGE 5
Q2 2014 BY THE NUMBERS FROM THE LAB According to KSN data, Kaspersky Lab products detected and neutralized a total of 995,534,410 threats in the second quarter of 2014. Kaspersky Lab solutions repelled 354,453,992 attacks launched from online resources located all over the world. Kaspersky Lab's web antivirus detected 57,133,492 unique malicious objects: scripts, web pages, exploits, executable files, etc. 145,386,473 unique URLs were recognized as malicious by Kaspersky Lab Web-AV. 39% of web attacks and neutralized by Kaspersky Lab products were carried out using malicious web resources located in the US and Germany. Kaspersky Lab's antivirus solutions detected 528,799,591 virus attacks on users' computers. A total of 114,984,065 unique malicious and potentially unwanted objects were identified in these incidents. In Q2 2014, 927,568 computers were attacked by banking malware.
http://media.kaspersky.com/en/it_security_risks_survey_2014_global_report.pdf?_ga=1.57626858.1152823312.14043 11525 2014 CORPORATE THREATS SURVEY 94% of business s suffered one cyber attack in the last 12 months Nearly 27% of companies lost confidential data as the result of an internal security incident Average cost for Accidental Data Leaks $39K for SMB s $884K for Enterprise
HOW BAD IS IT OUT THERE? Malware Kaspersky 2006 19942011 Lab One One new One is new currently virus new virus virus every every every minute hour second processing 325,000 unique malware Or 70,000 samples/day samples EVERY DAY
2014 MOBILE MALWARE STATISTICS PAGE 9
KASPERSKY LAB ANALYSIS REPORT In 2012-2013, 37.3 million users around the world were subjected to phishing attacks, up 87% from 2011-2012 The number of distinct sources of attacks in 2012 and 2013 increased 3.3 times (+330%) 102,100 Internet users around the world were subjected to phishing attacks daily! SOURCE: THE EVOLUTION OF PHISHING ATTCKS 2011-2013, KASPERSKY LAB ANALYSIS REPORT
WHAT ABOUT VIRTUALIZATION By the numbers why are organizations at risk 70% Organizations Virtual TODAY 4 out of 5 Malware Samples will run on VMs 325,000 Unique Malware Samples DAILY Golden Image Not Kept Up-to-Date Target the HOST, why just the VM (a lot to gain) 11
COMMON VARIABLES TO THE PROBLEM Malware Response: Anti-malware Firewall Vulnerabilities in Applications Response: Software inventory Systems / patch management Data is easy to Move Mobile / BYOD Response: Data encryption Device control Response: Mobile Security Mobile device management (MDM) YOUR DATA Browsing and Installing Response: Application control Web control
MULTI-LAYERED ENDPOINT PROTECTION Keep in mind a layer security approach there is NO SILVER BULLET Multiple levels of protection (Defense-in-Depth) Controls & Security must be across a wide range of tools Preventive and Detection measures Focus on reducing, eliminating or even transferring risks Example of Defense-In-Depth Policies, Procedures, User Awareness SYSTEMS MGMT (KAPSERSKY LAB Systems Management) FIREWALL, PROXIES, UTM (KAPSERSKY LAB FW) IDS/IDP (KAPSERSKY LAB System Watcher, Network Attack Blocker, HIPS) ENDPOINT AV (KAPSERSKY LAB File AV, Web AV, IM AV) DEVICE, WEB, APPLICATION CONTROL (KAPSERSKY LAB Controls) FOLDER, FILE PROTECTION (KAPSERSKY LAB Data Encryption) STORAGE, SSD, VIRTUALIZATION (KAPSERSKY LAB Storage and KSV) 13
KASPERSKY LAB SECURITY FOR THE ENTERPRISE Total Advanced Select Collaboration License Mgmt Network Access SW Installation Systems Management Patch (SMS) Image Mgmt Vulnerability Mgmt Scan Application Control Mail Data Protection (Encryption) Mobile Endpoint Security File Server Security Device Control Anti Malware + Firewall Web Mobile Device Management (MDM) Web Control Kaspersky Security Center Kaspersky Security Network (KSN) Endpoint Management
KASPERSKY LAB SECURITY FOR THE ENTERPRISE (MSP MODEL) Total Advanced Select MSP Collaboration License Mgmt Network Access SW Installation Systems Management Patch (SMS) Vulnerability Image Mgmt Mgmt Scan Application Control Mail Data Protection (Encryption) Mobile Endpoint Security File Server Security Device Control Anti Malware + Firewall Web Mobile Device Management (MDM) Web Control Kaspersky Security Center Kaspersky Security Network (KSN) Endpoint Management
BEYOND THE ENDPOINT Storage (EMC/NetApp) E-mail (Exchange/Linux) Collaboration (SharePoint) Internet Gateway
UP CLOSE WITH KASPERSKY ENDPOINT SECURITY FOR BUSINESS Supported Operating Systems
Anti-Malware Encryption Web Control Device Control Vulnerability Monitor Application Control MDM Patch Management
Anti-Malware Encryption Web Control Device Control Vulnerability Monitor Application Control MDM Patch Management
Anti-Malware Encryption Web Control Device Control Vulnerability Monitor Application Control MDM Patch Management Virtualization
WHAT ABOUT SECURING THE VIRTUAL ENVIRONMENT
SECURITY FOR VIRTUALIZATION Traditional Agent-Based Works on any hypervisor Where VM density is not critical Windows, Linux or Mac guest VMs Agentless Security VMware only Allows high VM density Windows guest VMs only vshield Endpoint ESX Module Small IT resources to manage security File AV Component (SVM)* Network Attack Blocker Component (SVM)* Typical installation would be a VM with no or very limited Internet access Light Agent Security VMware, Citrix or Hyper-V Allows high VM density Windows guest VMs Advanced security requirements: Files AV Component (SVM)* IM AV, Web AV and Mail AV Application, Web and Device controls Network Attack Blocker Automatic Exploit Protection (FW /HIPS) Typical usage would be VDI and servers with the need for additional security controls Server controls (File AV, Firewall and Network Attack Blocker) * Each component must be their own SVM * Each component must be their own SVM
Anti-Malware Encryption Web Control Device Control Vulnerability Monitor Application Control MDM Patch Management Virtualization
KASPERSKY SECURITY FOR VIRTUALIZATION- AGENTLESS * FILE PROTECTION VMware ESXi Host SVM Protection Server File Anti-Virus Component VM VM VM VM Tools with vshield API VM Tools with vshield API vshield Endpoint ESX Module VM Tools with vshield API VM VM VM VM Tools with vshield API VM Tools with vshield API VM Tools with vshield API Kaspersky Security Center vcenter Server vshield Manager
KASPERSKY SECURITY FOR VIRTUALIZATION- AGENTLESS * NETWORK ATTACK BLOCKER Network VMware Virtual Distributed Switch VM VM VM VM Tools with vshield API VM Tools with vshield API VMware Environment Virtual Filter VM Tools with vshield API VM VM VM VM Tools with vshield API SVM Protection Server Network Attack Blocker Component VM Tools with vshield API VM Tools with vshield API Kaspersky Security Center vcenter Server vshield Manager
WHAT IF I DON T USE VMWARE?
KASPERSKY SECURITY FOR VIRTUALIZATION- LIGHT AGENT VMware, Microsoft Hyper-V or Citrix VM VM VM SVM Protection Server File Anti-Virus Component VM VM VM Kaspersky Security Center Kaspersky Light Agent Kaspersky Light Agent Kaspersky Light Agent Kaspersky Light Agent Kaspersky Light Agent Kaspersky Light Agent Application Application Web Control Device Control Startup Control Privilege Control Network Attack Vulnerability Firewall / HIPS Blocker Monitoring
FLEXIBLE LICENSING CHOOSE BETWEEN PER-MACHINE OR PER-CORE PER MACHINE License pricing based on the number of virtual machines under protection PER CORE License price is based upon the protected Host MULTI-PLATFORM A license covers Hyper-V, Xen and VMware platforms
MULTI-LAYER SECURITY APPROACH Vulnerability Assessment & Patch Management KSN 1%-2% Reactive Technologies 80% 18% Heuristic scanning algorithms & Proactive Behavior Technologies analyzers File Download File Start File Execution
Score of TOP 3 Places 2013 PRODUCT REVIEWS: B2B 100% 80% 1 st place 41 times 61 of the tests in Top 3 (almost 80%) Kaspersky Security 10 for Mobile v10: 5/5 stars 60% 40% KSOS: 8.68/10 rating 20% 0% Number of independent tests/reviews KESB: 5/5 stars 0 20 40 60 80
Ability to Execute 2015 GARTNER MAGIC QUADRANT Endpoint Protection Platforms 2007 through 2015 progressive growth. Challengers Leaders A leader in endpoint protection. And a trusted brand with strong technical recognition amongst security professionals Sophos Symantec Trend Micro McAfee Kaspersky Lab 2015 Our Magic Quadrant rise continues. Microsoft 2009, 10, 11 2012 2013 2014 What they said: global market share is growing rapidly along with its brand recognition benefits from very good malware detection a good candidate as a solution for any organization Eset Panda Security F-Secure 06, 2007, 2008 IBM LANDesk Check Point Software Technologies Niche Players Visionaries Completeness of Vision January 2015 32
TAKE AWAY SLEEP WITH A MULTI-LAYERED ENDPOINT PROTECTION There is NO SILVER BULLET Build Multiple levels of protection Focus on reducing, eliminating or even transferring risks Think in levels (Defense-in-Depth) a multi-layer security approach Consider the available Controls & Security Components (Not just AV) Controls and Security Components are: Vulnerability Monitoring / Patch Management / Image Management Network Attack Blocker Firewall/HIPS Device Control Application Startup Control Application Privilege Control Web Control File AV, IM AV, Web AV 33
THANK YOU! Q&A Kaspersky Lab Julian Garcia, Channel Systems Engineer Julian.Garcia@Kaspersky.com