Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Managing A Global Corporate Protection Infrastructure Jeannette Jarvis Association of Anti Virus Asia Researchers November 26, 2004.

Published byElmer Montgomery Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Managing A Global Corporate Protection Infrastructure Jeannette Jarvis Association of Anti Virus Asia Researchers November 26, 2004."— Presentation transcript:

1 1 Managing A Global Corporate Protection Infrastructure Jeannette Jarvis Association of Anti Virus Asia Researchers November 26, 2004

2 2 Agenda  Setting the scene  Objective  Threats  Challenges  Protection Strategy  Products  Processes  Critical reference links

3 3 Company Objectives  Virus/worm/intrusion free environment  Immediate alerting notification  Security incidents  Suspicious activity  Well-defined processes  Normal operations  Events  Enterprise compliance  Security tools & update process

4 4 Malware Threats  Denial of service  Execution of arbitrary code  Remote execution  Viewing sensitive company information  Manipulating data  Propagating data  Keylogging exploits  Phishing Schemes  Spyware / Adware  Spoofing

5 Software Vulnerabilities As reported by SEI CERT/CC: www.cert.org/stats/cert_stats.html

6

7 7 Progression of Malware Transports Viruses on floppy disks Virus by e-mail Viruses in Macros Melissa Loveletter Worms Concept Laroux Wazzu Brain Friday the 13 th Michelangelo Nimda Code Red SQL Slammer Sasser > 2004 1987 1995 1999 2001

8 Software Vulnerability Lifecycle

9 9 Challenges  Security versus  Functionality  Usability  Scalability  Manageability  Vulnerabilities to exploit time is short

10 10 Company Challenges  Limited resources  Outdated/mis-configured machines  Rogue servers  Acquisitions – conforming to your existing security policies and processes  Home users – lack of configuration control  Mobile employees – low bandwidth for security updates

11 11 Risk Versus Cost Critical Infrastructure Budget Constraints

12 12 Protection Management Components Products  Multi-tiered approach  Address all entry and exit points Processes  Consistent enterprise solutions  Continuous process improvement Policy  Consistent compliance across enterprise  Published security policy People Education / Awareness / Communication Engagement

13 13 Products – Defense in Depth  Port blocking  Firewall – desktop and network  Intrusion detection/prevention tools  Web Proxy filtering  Content Filtering – perimeter and internal  Anti-virus – multi-vendor approach  Spyware / Adware  Pop-up blocker  Event correlation tool

14 14 Policy & Process Tools  Push tools – patches and configuration updates  Compliance tools – conform to company policies or disbarred from entry  Centralized management tools  One site for enterprise visibility of activity and product disposition  Centrally manage product updates and signature detections & policy creation  Metrics and reporting  Encryption Policy  Enterprise Backup Solution

15 15 Visibility  Event correlation tool  Gather events of interest throughout the enterprise from ALL security tools  Into a well-structured database to enable efficient complex incident detection and response  Provide effective query for investigators  Reports based on trend analysis  Effective metrics to target detection strategy

16 16 Consistent Enterprise Processes  Have established plans for prevention, detection and reaction  Know who does what, when  Backup personal identified  Normal operations  Monitoring for malware activity  Who initiates mitigation for new threats  Communication Process  When is information communicated  How?  By whom?

17 17 Process during an event  Security event  Defined processes for how your company reacts to a security incident / outbreak  Notification  Those involved with the event  General employee population  Action  Who is empowered to take action  Locking down machines  Isolating network  Product Updates

18 18 Vulnerability Monitoring  Security monitoring and response Team  Monitors new vulnerabilities  Triage Security Alerts  Accesses impact on infrastructure  Report status  Critically  Recommendation  Links to updates  Ensure that responsible party is providing solution in appropriate timeframe  Prioritizes the threats  Continuous audits of enterprise

19 19 Education  Yearly security awareness training is required  Interactive web based training is mandated  Annual security video required to be reviewed by all  Internal web site for virus information  Company wide information  Company web site when threat/issue warrants complete visibility  Email to all employees when their involvement is critical to containment of a threat

20 20 Post Mortem  Tool to communicate lessons learned and improve your infrastructure  Immediately following closure of incident  All key organizations have representation  Attendance is mandatory  Establish root cause  Address perceptions and reality Continuous Process Improvement

21 21 Home Users  Hardware Firewall Preferred  Software Firewall at minimum  Policy Compliance  Disable ability to login to corporate network unless up-to-date  Patches  Anti-virus signature files  Personal firewall installed

22 22 IT Department Responsibility  Empowerment to make immediate high impact decisions  Vulnerability assessments  “What if” scenarios  Isolated network / Isolated lab environment  Fail-over architecture

23 23 Event Disaster Plan  Critical contact phone lists available off-line  Processes to get needed security products updates when normal resources are unavailable  Teleconferences for management and technical staff to get needed information during crises  Business continuity plans established  Communication process when normal channels are eliminated

24 24 Virus Industry Presence Associations  AVAR – Association of Anti-virus Asia Researchers http://www.aavar.org http://www.aavar.org  AVIEN – Anti-virus Information Exchange Network http://www.avien.org/ http://www.avien.org/  AVIEWS – Anti-virus Information Early Warning System http://www.aviews.org  EICAR – European Institute for Computer Antivirus Research http://www.eicar.org/ http://www.eicar.org/  The Wildlist Organization – International forum on the wild viruses http://www.wildlist.org/ http://www.wildlist.org/

25 25 Critical Information Links  CERT – Computer Emergency Response Team http://www.cert.org/ http://www.cert.org/  Internet Storm Center http://isc.sans.org//index.php http://isc.sans.org//index.php  Virus Bulletin http://www.virusbulletin.com/  AntiPhishing Working Group http://www.antiphishing.org/

26 26 Closing  Managing your environment requires  Due diligence  Defensive tools  Monitoring & Awareness  Notification and response  On-going user education  Consistent enterprise processes

27 27 ??? Questions ???

Download ppt "1 Managing A Global Corporate Protection Infrastructure Jeannette Jarvis Association of Anti Virus Asia Researchers November 26, 2004."

Similar presentations

Incident Response Managing Security at Microsoft Published: April 2004.

Incident Response Managing Security at Microsoft Published: April 2004.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Bucharest, July 31, 2012 | Bitdefender 2012 Cloud Security for Endpoints Customer Presentation.

Bucharest, July 31, 2012 | Bitdefender 2012 Cloud Security for Endpoints Customer Presentation.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Security Controls – What Works

Security Controls – What Works
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 12 Network Security.

Chapter 12 Network Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
1 Secure Your Business PATCH MANAGEMENT STRATEGY.

1 Secure Your Business PATCH MANAGEMENT STRATEGY.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.

Similar presentations

Ads by Google