Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Alert: Latest Trends in Global Attacks, Sources and Impact Vince Steckler Vice President, Asia Pacific.

Published byMartin Henry Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Alert: Latest Trends in Global Attacks, Sources and Impact Vince Steckler Vice President, Asia Pacific."— Presentation transcript:

1 Security Alert: Latest Trends in Global Attacks, Sources and Impact Vince Steckler Vice President, Asia Pacific

2 2 © 2003 Symantec Corporation. New Technologies and Targets Broadband 120M subscribers worldwide by 2005 SCADA Used by oil and natural gas, controls electric power and water supplies Instant Messaging/P2P Over 500M users by 2005 Wireless 484M users worldwide by 2005 Grid Computing $4.1B market by 2005 Web Services Security $4.4B market by 2006

3 3 © 2003 Symantec Corporation. High Low 198019851990199520002005 Less Knowledge Required to Attack Intruder Knowledge Automated Tools & Attack Sophistication

4 4 © 2003 Symantec Corporation.  Flash threats?  Massive worm-driven DDoS?  Critical infrastructure attacks? Regional Scope Individual PCs Individual Orgs. Sector Global Impact 20002003  1 st gen. viruses  Individual DoS  Web defacement 1990s General Threat Evolution  email worms  DDoS  Credit hacking  Blended threats  Limited Warhol threats  Worm-driven DDoS  National credit hacking  Infrastructure hacking Time

5 5 © 2003 Symantec Corporation. Hours Time Weeks or months Days Minutes Seconds Class II Human response: difficult/impossible Automated response: possible Early 1990sMid 1990sLate 1990s20002003 Class III Human response: impossible Automated response: unlikely Proactive blocking: possible Threat Evolution: Malicious Code Contagion Timeframe File Viruses Macro Viruses e-mail Worms Blended Threats “Warhol” Threats “Flash” Threats Class I Human response: possible

6 6 © 2003 Symantec Corporation. Vulnerabilities on the Rise New vulnerabilities per week Source: Bugtraq

7 7 © 2003 Symantec Corporation. Vulnerability-Threat Window Vulnerability Identified Threat Released Time Threat Evolution: Day-zero Threats A day-zero threat exploits a previously unknown, and therefore unprotected vulnerability.

8 8 © 2003 Symantec Corporation. Vulnerability identified Threat released Time Day-zero exploit Threat released Threat Evolution: Day-zero Threats A day-zero threat exploits a previously unknown, and therefore unprotected vulnerability. Months Days Hours “Day 0” Novice Programmer Sophisticated Programmer Organized Crime/ Terrorist Organization Nation/State Threat As attacker demographics shift, we expect a reduction in the vulnerability-threat window. Time Until Exploitation

9 9 © 2003 Symantec Corporation. Wireless InfrastructureWeb Services Internet Backbone/ Broadband Flash and Day-Zero Threats Warhol and Day-Zero Threats Blended Threats DDoS Targeted Hacking Threats Targets Major disruption of B2B services sector-level impact Major disruption to multiple networks Short-term disruption of individual networks Account theft/ corruption, DoS Global Internet Disruption Short-term/ localized Internet disruption Data theft/ corruption, DoS Threat Impact on Emerging Targets

10 10 © 2003 Symantec Corporation. Instant Messaging & Peer to Peer Grid Computing Physical Infrastructure/ SCADA Flash and Day-Zero Threats Warhol and Day-Zero Threats Blended Threats DDoS Targeted Hacking Threats Targets Potential disruption of all participating grid nodes. Possible major compromise of hosts. Potential disruption of millions of IM/P2P agents. Possible major compromise of hosts. Content eavesdropping, password theft Impact to:  Power  Comm  Hydro  Chemical  Other infra. Disruption of inter- networked SCADA Disruption of targeted infrastructures Data theft and corruption to grid and host Threat Impact on Emerging Targets Short-term disruption to grid computations. Short-term service disruption

11 11 © 2003 Symantec Corporation. Threat ClassSensing Strategies Reactive Protection Strategies Proactive Protection Strategies Class III threats (Flash threats, Day-Zero) Class II threats (Blended threats, Warhol, Day-Zero) Class I threats (Blended threats, worms, viruses) Distributed Sensor Networks Protocol Anomaly Detection Rule and Statistical Correlation Malicious Code Protection Strategies Generic Exploit Blocking Network Intrusion Prevention Host Intrusion Prevention Only useful after initial wave Manual Fingerprints Auto Fingerprint Generation Auto Fingerprint Generation (for slower Class II threats) Adaptive Security

12 Information Security Governance

13 13 © 2003 Symantec Corporation. IT Governance Part of overall enterprise governance, to ensure that IT is aligned to enable business objectives and deliver value IT resources are responsibly used IT risks are mitigated and managed appropriately Governance IT Governance

14 14 © 2003 Symantec Corporation. Information Security Governance Governance IT Governance Information Security Governance

15 15 © 2003 Symantec Corporation. Information Security Governance Specific value drivers for –Integrity of information –Continuity of service –Protection of information assets Outcomes: –Strategic Alignment –Value Delivery –Risk Management –Performance Measurement Source: IT Governance Institute

16 16 © 2003 Symantec Corporation. Security Performance Metrics Examples Summary and Trends Incidents Awareness Risk and Compliance Financial

17 17 © 2003 Symantec Corporation. Metrics Are a Challenge with Typical Information Security Solutions Fragmented functionality Little to no integration Lack of a cohesive security management capability Doesn’t provide an overall view of security posture Authen-tication Antivirus Firewall IntrusionDetection VulnAssess VPN Content Updates & SecurityResponse 24x7GlobalCustomerSupport AttackRecoveryServices ThreatManagement & Early Warning Honey Pot & Decoy Technology VulnMgmt PolicyMgmt Event & IncidentMgmt AccessControl & Auth IdentityMgmt Config.Mgmt CommonConsole SecurityServices

18 18 © 2003 Symantec Corporation. Conclusion – Critical Success Factors Information security reports to senior management / CIOs Information security audit is integral part of audit program Clearly defined roles, responsibilities and accountability Security policy in place and compliance monitored Scorecards to ensure common alignment with overall objectives and to provide transparency IT Audit, Control, Security and Assurance professionals play pivotal role in successful governance

Download ppt "Security Alert: Latest Trends in Global Attacks, Sources and Impact Vince Steckler Vice President, Asia Pacific."

Similar presentations

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
ETrust End to End Security Management Bernd Dultinger Sales Manager South CEE & Turkey.

ETrust End to End Security Management Bernd Dultinger Sales Manager South CEE & Turkey.
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.

Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Simple and Complex Threats Shape the Future Linda McCarthy Executive Security Advisor November 22, 2003.

Simple and Complex Threats Shape the Future Linda McCarthy Executive Security Advisor November 22, 2003.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Computer Security: Principles and Practice

Computer Security: Principles and Practice
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

Similar presentations

Ads by Google