Cyber and Mobile Landscape, Challenges, & Best Practices

Cyber and Mobile Landscape, Challenges, & Best Practices while increasing efficiencies through automation Cheri McGuire VP, Global Govt. Affairs & Cybersecurity Policy Cyber and Mobility Challenges and Best Practices 1

Key Trends and Security Drivers Cyber and Mobility Challenges and Best Practices 2

Sophisticated Attacks Complex & Changing Infrastructure Information Explosion Consumerization of IT Key IT Trends Cyber and Mobility Challenges and Best Practices 3

Trends Changing the Threat Landscape Signature Model Desktop Server Real Trojan.x 11010101010101 Trojan.y 00011101010101 Trojan.z 11010101010101 Trojan.v 00011101010101 Reputation Mobile Cloud Virtual Symantec Internet Security Threat Report 4

ICT Evolution New Paradigm: System-Centric to information-centric System- Centric Information- Centric Transactional Apps Structured Data Centralized information On-premise infrastructure Perimeter-based security Collaborative Apps and Social Media Unstructured data Distributed information Virtual Infrastructure and Cloud People are the new perimeter Cyber and Mobility Challenges and Best Practices 5

Global Intelligence Network Identifies more threats, takes action faster & prevents impact Calgary, Alberta Dublin, Ireland San Francisco, CA Mountain View, CA Culver City, CA Austin, TX Pune, India Chengdu, China Chennai, India Taipei, Taiwan Tokyo, Japan Worldwide Coverage Global Scope and Scale Rapid Detection 24x7 Event Logging Attack Activity 240,000 sensors 200+ countries Malware Intelligence 133M client, server, gateways monitored Global coverage Vulnerabilities 40,000+ vulnerabilities 14,000 vendors 105,000 technologies Spam/Phishing 5M decoy accounts 8B+ email messages/day 1B+ web requests/day Preemptive Security Alerts Information Protection Threat Triggered Actions Symantec Internet Security Threat Report 6

Threat Activity Trends AV Signatures in Perspective 3.1B 10M 10M Signatures 286M Malware Variants Malware Attacks Symantec Internet Security Threat Report 7

Threat Landscape Major Trends Targeted Attacks continued to evolve Social Networking + social engineering = compromise Hide and Seek (zero-day vulnerabilities and rootkits) Mobile Threats increase Attack Kits get a caffeine boost Symantec Internet Security Threat Report (ISTR), Volume 16 8

Threat Landscape Targeted attacks continue to evolve Less sophisticated attacks also cause significant damage Average Number of Identities Exposed per Data Breach by Cause The average cost to resolve a data breach in 2010 was $7.2 million USD. Symantec Internet Security Threat Report 9

Threat Landscape Social networking engineering = compromise More Info: Detailed review of Social Media threats available in The Risks of Social Networking Hackers have adopted social networking Use profile information to create targeted social engineering Impersonate friends to launch attacks Leverage news feeds to spread SPAM, scams and massive attacks Symantec Internet Security Threat Report 10

Threat Landscape Attack kits get a caffeine boost boost Attack kits continue to see widespread use 61% of web based attacks are due to toolkits. Java exploits added to many existing kits Kits exclusively exploiting Java vulnerabilities appeared More Info: Detailed information available in ISTR Mid- Term: Attack Toolkits and Malicious Websites Symantec Internet Security Threat Report 11

Threat Landscape Mobile threats Currently most malicious code for mobile devices consists of Trojans that pose as legitimate applications More Info: 115 vulnerabilities 2009 163 vulnerabilities 2010 Security Issues for Mobile Devices and a review of Apple ios and Google Android Will be increasingly targeted as they are used for financial transactions Symantec Internet Security Threat Report 12

Threat Landscape Attacks on Critical Infrastructure Trans-Siberian Pipeline Explosion (1982): Trojan inserted into SCADA software that caused explosion Sewage Dump (2000): Insider attack on sewage systems in Australia; Dumps 1 million gallons of raw sewage Slammer (2003): Knocks nuclear monitoring system offline; Cripples airlines and 911 California Canal System (2007): Insider hacks SCADA systems 1982... 1994 1999 2000 2003 2006 2007 2008 2009 2010 STUXNET Roosevelt Dam (1994): Hacker breaks into floodgate SCADA systems GAZPROM (2000): Hackers gain control of Russian natural gas pipeline Stuxnet Ring Runs First SCADA operations (2009): Early proof-of-concept attacks launched and detected by Symantec Cyber and Mobility Challenges and Best Practices 13

Governments and Industry Increasingly Targeted Cyber and Mobility Challenges and Best Practices 14

Canada Cyber Attacks Becoming More Visible The Canadian Press, Oct 30, 2011 Ottawa warned about hackers weeks before crippling cyber attack: CSIS report The perpetrators of such attacks use... correspondence directed against individuals within Canadian government departments, adds the report, noting they rely on crafted emails with malware in their attachments or links to externally hosted malicious files Reuters, Nov 15, 2011 Hackers target Canada, insider data theft spikes in public sector Hackers attacking Canadian organizations are determined to make money in targeted campaigns while government insiders stole more data than ever before, a security study released on Tuesday showed. The number of breaches in Canada and the cost of dealing with them have spiked since the 2008 financial crisis, according to a joint study from telecom company Telus and the University of Toronto's Rotman School of Management Cyber and Mobility Challenges and Best Practices 15

Defenses Against Targeted Attacks Advanced Reputation Security Detect and block new and unknown threats based on reputation and ranking Host Intrusion Prevention Implement host lock-down as a means of hardening against malware infiltration Removable Media Device Control Restrict removable devices and functions to prevent malware infection Email & Web Gateway Filtering Scan and monitor inbound/outbound email and web traffic and block accordingly Data Loss Prevention Discover data spills of confidential information that are targeted by attackers Encryption Create and enforce security policy so all confidential information is encrypted Network Threat and Vulnerability Monitoring Monitor for network intrusions, propagation attempts and other suspicious traffic patterns Cyber and Mobility Challenges and Best Practices 16

Achieving Situational Awareness Collection and Asset Discovery Vulnerability Assessment Risk Scoring Patch Management Remediate and Verify Continuous Monitoring Correlation & Incident Response Correlation of events to create incidents Host based & policy based events (SEP, CSP, Firewalls, IPS, IDS, DLP Situational Awareness Machine to Machine Business Process Automation Dashboard views per specific roles Automation & Reporting Security Intelligence & Analysis Global Intelligence Human Analytics Static and Dynamic Analysis Workflow Engines Cyber and Mobility Challenges and Best Practices 17

Mobile Security Cyber and Mobility Challenges and Best Practices 18

Key Stats In Mobile Growth: Mobility Enablement Hits an Inflection Point with ipad, iphone and Android Tablets Take Hold 2010 32 44 18 6 2013 20 42 17 21 Tablets become 21% of mobile devices in 2013* Smartphone Growth Unmanaged Phones Mobile Workers Smartphone Access 2010 14 1.5 1 1 2 2013 30 0.5 2010 2013 3 Global smartphone use to double by 2013* 25% of employees use an unmanaged smartphone in 2010* Mobile worker population growing to 1/3 rd of the world s workforce in 2013* 30% of Information workers to access corp resources via smartphones in 2013** Cyber and Mobility Challenges and Best Practices 19 * Forrester **IDC

Economic Pressures Trends Driving The Need For MDM Today Consumerization PC Smart phone Tablets Clear Buying Drivers Smart Device Consolidation of Management + Security Forces Catalyzing a Demand for MDM AV, FW, SMS Antispam Asset/ Inventory Mgmt Risks Are Reality Cyber and Mobility Challenges and Best Practices 20

Defenses Against Mobile Threats Device Management Remotely wipe devices in case of theft or loss Update devices with applications as needed without physical access Get visibility and control of devices, users and applications Device Security Guard mobile device against malware and spam Prevent the device from becoming a vulnerability Content Security Identify confidential data on mobile devices Encrypt mobile devices to prevent lost devices from turning into lost confidential data Identity and Access Strong authentication and authorization for access to enterprise applications and resources Allow access to right resources from right devices with right postures Cyber and Mobility Challenges and Best Practices 22

Plans and Policies Cyber and Mobility Challenges and Best Practices 23

Use Plans and Policies to gain Governance, Protection and Visibility across IT Landscape Governance Policies and Plans in the Enterprise Front line of protection is good IT hygiene Set and enforce security policies from the top Implement an effective back up and recovery plan Build security requirements into contracts Buy from trusted sources Protection Preparedness and Practices Employee education and training - first line of defense Develop and test organizational incident response plans Cloud security practices (cloudsecurityalliance.org) Identity management and authentication (onlinetrustalliance.org) Software development practices that incorporate security from the start (SAFECode.org) Visibility Collaboration through PPPs Exercising for real world response Information sharing as a tool, not end goal Law Enforcement coordination Public Private Partnership models Cyber and Mobility Challenges and Best Practices 24

Key Take-Aways Multi-vector threats require innovative, multi-pronged approaches Modernize and strengthen your defenses against targeted attacks Manage mobile devices through end-to-end protection Develop and operationalize plans, policies and national strategies to improve public and private preparedness Cyber and Mobility Challenges and Best Practices 25

Thank you! Cheri McGuire Cheri_McGuire@symantec.com Copyright 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Cyber and Mobility Challenges and Best Practices 26