E-mail Crimeware: An Emerging, Acute Threat Dave Green.

Slides:

Advertisements

Similar presentations

1 Proofpoint, Inc. Proprietary and Confidential ©2010 Proofpoint Protection/Privacy Offering Proofpoint Privacy Accurately detect ePHI in s Integrated.

Advertisements

IAPP CONFIDENTIAL Insider Leakage Threatens Privacy.

By Hiranmayi Pai Neeraj Jain

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Nate Olson-Daniel Director of Strategic Development & Principal Engineer The Inevitable Attack.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

©2011 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Best.

1 Integrating ISA Server and Exchange Server. 2 How works.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Sophos anti-virus and anti-spam for business OARNET October 13, 2004.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Your technology solution partner.™ Security Enterprise Protection Gener C. Tongco Product Manager CT Link Systems Inc.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Beyond Anti-Virus by Dan Keller Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

Internet Security Threat Report Volume 9. 2 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI What the.

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

2002 Symantec Corporation, All Rights Reserved The dilemma European Security Policy and Privacy Ilias Chantzos Government Relations EMEA Terena Conference,

Hacker Zombie Computer Reflectors Target.

BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

Signature Based and Anomaly Based Network Intrusion Detection

Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.

 a crime committed on a computer network, esp. the Internet.

Hosted Security: Complete Protection With A Peace Of Mind Leonard Sim Client Services Manager – South Asia Symantec Hosted Services 1.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

Maintaining a Secure Messaging Environment Across , IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist.

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

Jeremy Kackley, James Jacobs, Paulus Wahjudi and Jean Gourd.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Cryptography and Network Security Sixth Edition by William Stallings.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

IS3220 Information Technology Infrastructure Security

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

CLOUD VIRTUALIZATION MLArchiver for vCloud Air Archiving | eDiscovery | Records Management | Analytics Stephen Catanzano August.

Kaspersky Small Office Security INTRODUCING New for 2014!

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.

Title Line Subtitle Line Top of Content Box Line Top of Footer Line Left Margin LineRight Margin Line Top of Footer Line Top of Content Box Line Subtitle.

Advanced Endpoint Security Data Connectors-Charlotte January 2016

Exchange Online Advanced Threat Protection

EN Lecture Notes Spring 2016

At a Glance Presented By: James Hall and James D. Saylor

Jon Peppler, Menlo Security Channels

Exchange Online Advanced Threat Protection

Chap 10 Malicious Software.

Chapter 9 E-Commerce Security and Fraud Protection

Intrusion Prevention Systems

Faculty of Science IT Department By Raz Dara MA.

Anatomy of a Large Scale Attack

Chap 10 Malicious Software.

The MobileIron® Threat Detection difference:

Introduction to Symantec Security Service

An overview over Botnets

Presentation transcript:

Crimeware: An Emerging, Acute Threat Dave Green

Security Concerns 2007 HIGHER RISKS Targeted Crimeware  How do emerging Trojans, keystroke loggers & malware steal data? First-instance Threats  How to protect from first-instance/ unknown threats? Regulatory compliance  What are the penalties for a data breach?

Targeted Crimeware Defined Custom-designed threats may never reach a pattern development lab  Target specific organizations/industries  Symantec Threat Report:  Threats focused on stealing specific access or data  Decline in noisy, widely replicated threats  Increase in quieter, stealthier, focused threats 1 1- Symantec Internet Security Report, Vol. 9, March 2006

Targeted Crimeware – On the rise Symantec Internet Security Report, Vol. 9, March 2006 Symantec reports of top 50 threats – 80% attack confidential information +26% increase from % of most threatening malicious code sent by SMTP e- mail

Recent Crimeware Examples

Attachment Blocking – Insufficient Protection Trojan Horse Remote Code Execution.doc.jpg.mp3.wmv.doc.xls.ppt.wmf.bmp.jpg.gif Data Mining Denial of Service/ System Crash.doc.xls.pdf.bmp.gif.pdf 1.Business-critical attachments can carry dangerous threats 2.Blocking these attachments halts business

Consequences of security failure Security breach has associated costs  HIPAA, Graham-Leach-Bliley Act, EU Privacy Act  Public disclosure of any security breach compromising personal info  Fines for non-compliance—Corporate and PERSONAL  California’s Senate Bill 1386  Similar laws pending or complete in other states (IL, MA, NY, NJ)

protection is not the same HEURISTICS An educated guess, not reliable for consistent protection. BEHAVIOR-BASED Desktop emulator solutions ANTICIPATE (not observe) behavior, prone to false positives, difficult to deploy TRAFFIC ORIGIN Targets known bad locations or traffic anomalies, may limit the effect of noisy mass mailers PATTERN-BASED Effective at stopping previously identified threats only, development and deployment of new patterns takes time BEYOND ‘DAY ZERO’--ACTUAL BEHAVIOR OBSERVATION Executes attached active content, and monitors for any unusual or malicious activity, detects FIRST INSTANCE of threat

Protection beyond ‘day-zero’ technology Allow active content messages to execute in a secure virtual machine desktop at the gateway Observe actual behavior Protect based on demonstrated actions Virtual machine protection stops threats based upon actual behavior in a virtual machine

In action – Virtual machine crimeware protection Enterprise SMTP deployment configuration  Excellent track record of accurately detecting malicious behavior  Firewall protection stops propagation outside of execution environment  Real environment entices execution of payload Virtual Machine Benefits

Comprehensive AV Security For previously identified threats, pattern-based protection is an effective layer of protection  Fast and efficient  First instance threats can’t be stopped by pattern- comparison The COMBINATION of pattern-scanning + actual behavior delivers the most comprehensive threat protection available.

Thank you for your time Avinti, iSolation Server and Attachments—Tested and Safe are trademarks of Avinti, Inc. All other company and product names may be trademarks or registered trademarks of their respective companies.