1. June 30, 2016 Intelligent Security and Compliance Optimization Adrian Cunningham Sr. Sales Engineer

2. June 30, 2016 2 McAfee is Relentless About Keeping Our Customers Secure Market and Customer Leadership Over 80% of the worldwide Fortune 100 use McAfee More than 125 million users and shipped on 62 million mobile devices Single deployments in excess of 5 million desktops Global Presence Over 5,500 employees with the passion to keep families protected and businesses secure Presence in 120 countries providing anytime, anywhere, local language support Development & researchers in 26 countries Award Winning Portfolio Integrated Security and Compliance solutions spanning the endpoint and network 420 patents, many more pending Driving innovation through strategic alliances and integration

3. Global Landscape June 30, 2016 3 Web 2.0 Drives Malware Innovation Cyber Crime Altering Threat Landscape Social Networking SPAM & USB devices

4. Cybercrime Altering Threat Landscape Over 1,500,000 unique malware detections in 2008 ⁄1H09 up 150% from 1H08 Malware is heavily obfuscated with packers and compression technologies Password stealing Trojans are becoming more rampant 4

5. 5 Cybercrime Altering Threat Landscape Traditional malware tools being used to steal data 500% increase expected in 2009 90% of today’s malware is stealthware to steal data Value of Data on Black Market $980–$4,900 Trojan to Steal Account Information $490 Credit Card Number with Pin $147 Birth Certificate $78–$294 Billing Data $147 Driver’s License $98 Social Security Card $6–$24 Credit Card Number $6 PAyPal Account Logon and Password End User = DATA Cybercrime “Ecosystem” Spammers Identity Thieves BOT Herder Malware Developer Tool Developers Vulnerability Discovers

6. The cloud drives and encourages malware creation and hosting Malware today uses heavy evasion techniques Browser validation Platform validation Web 2.0 Drives Malware Innovation 6

7. Social Networking Sites Under Fire 7 Koobface worm still popular on Facebook Hacker claims to have gained access to a Twitter employee account Spam on Twitter

8. McColo Recovery – Spam is Back!! 8 90% of email is spam Observed almost 14M new zombies in Q2 2009

9. USB malware rocks it old school 9 Is the new 9

10. June 30, 2016 10 Malware: 2M+ samples in 2008 Cybercrime is a big business Underground: Credit cards sell for $30 Mail traffic: 80%+ is spam Phishing: 31,000+ new sites/month Data loss: $1 trillion+ in IP lost/year Identity theft: 10 million U.S. victims in 08 201020052006200720082009 $4.34B $5.79B $5.61B $7.41B $7.20B $8.99B $9.22B $11.00B $12.16B $12.91B $16.51B $14.92B SRM Market Growth Compliance: FISMA, PCI, HIPAA, SOX Compliance and Control Protection Cyber Crime Altering Threat Landscape

11. So, what do we do about all this? June 30, 2016 11 Measuring Your Security Program NIST : Defending 5 Ways In

12. June 30, 2016 5 Ways In 12 5 Ways In DATA Cost of breaches continues to increase – $202/record in 2008 EMAIL 80-90% of email is spam 70% of popular sites have malicious content or a hidden redirect NETWORK US Dept of Commerce estimates stolen IP costs companies a collective $250 billion each year ENDPOINT An infected system can cost Upwards of $125/system to clean STOP Data Email Web Network Endpoint Businesses are facing an increasing number of malware but with a smaller staff/shrinking budget. Facebook, MySpace, compromised Web sites and phishing schemes are all portals for new cyber attacks. Loss and leakage of vital information occurs through loss, theft, or unauthorized access. You’ve Got Mail ‘Survive the Recession: earn $500/week!” or ‘I found you a new job’. Targeted attacks can take down networks and halt business operations

13. June 30, 2016 Title of presentation13 Defending the 5 Ways In to your Organization So, you know there are a great number of threats in the world today, Cybercriminals are everywhere and more sophisticated than ever, What’s worse, Small and Medium businesses are quickly becoming the most sought after targets… So what should you do about it?

14. June 30, 201611`1 Title of presentation14 Today’s Discussion What does NIST have to say? NIST is the National Institute of Standards and Technology. The Computer Security Division is a division within NIST’s Information Technology Laboratory “The CSD mission is to provide standards and technology to protect information systems against threats to the confidentiality of information, integrity of information and processes, and availability of information and services in order to build trust and confidence in Information Technology (IT) systems.” Then, we’re going to give you some Best Security Practices (BSP) suggestions about how to leverage Technology to help you defend the “5 Ways In”

15. The National Institute of Standards and Technology suggests Comprehensive Security consists of 5 main areas Physical Security Personnel Security Contingency Planning/Disaster Recovery Operational Security Information Security While we are focused today on Information Security…our tool will help you with the rest.

16. Start with: Security Policy (Remember – Procedures Implement Policies) The security policy provides management direction and support for information security. Management should set a clear policy direction and demonstrate support for, and commitment to, information security through the creation, communication and maintenance of an information security policy across the organization. A Security Policy defines: What information you care about How you need to protect it 1st –Inventory and Prioritize your information NIST Best Practices - Procedures

17. Determine who will need procedures All employees who use computers in their work Help Desk/system administrators Managers/executives using specialized software System maintenance IT Out-Sourcing groups Software Applications Development teams Create, then follow your procedures! NIST Best Practices - Procedures

18. Enforcing safe: Internet Practices E-mail Practices Desktop Practices Personnel Security practices NIST Best Practices

19. Do not: Download files from unknown sources. Respond to popup windows requesting you to download drivers, etc. Allow any web site to install software on your computer! Do: Get the most recent OS (operating system) and Web browser. Get the latest updates for all systems. Protect passwords, credit card numbers, and private information in web browsers. NIST Safe Internet Practices

20. Be careful opening attachments Do not reply to unsolicited emails Do not click on links in an email Stop embedded e-mail content from launching Check the security settings on your email client Protect your identity by restricting the content of your emails-eliminate personal or sensitive information Update your email malware protections continually NIST Safe Email Practices - End User

21. Do: Use passwords (Don’t share yours!) Use separate computer accounts for each user Use screen locking Log on and off Power down your system at the end of the day Seriously consider encrypting sensitive data on your system! NIST Safe Desktop Practices - End User

22. Personnel security focuses on the reduction of risk due to human error, theft, fraud or misuse of facilities. Security responsibilities should be addressed at all stages of the employment life-cycle. Confirm identities of people and organizations Accompany all vendors, repair persons Give only enough information to answer questions Develop and use a process for evaluating access to systems-based upon personnel information. NIST Safe Personnel Practices - Corporate

23. NIST Website for the Computer Security Division http://csrc.nist.gov/ NIST Resources

24. McAfee @ ISSA June 30, 2016 24 THANK YOU! Adrian Cunningham