Social Threatworking - Informa Middle East
Download
Report
Transcript Social Threatworking - Informa Middle East
Security as a Business Enabler
Sid Thiru
Head of Service Provider Alliances
Trend Micro
Copyright 2009 Trend Micro Inc.
680 Million
3 Million
2004
Copyright 2009 Trend Micro Inc.
680
Million
???
1.7
Billion
Million
303 Million
???
2004
2010
Copyright 2009 Trend Micro Inc.
Booming underground economy
Copyright 2009 Trend Micro Inc.
Its all so easy…
Copyright 2009 Trend Micro Inc.
Social Engineering....
Copyright 2009 Trend Micro Inc.
Today’s malware is big business….
The Cybercrime Economy*
viruses
worms
spyware
botnets
• payout per adware install
• basic malware package
• exploit kit rental
$0.02 - $0.30
$1,000 - $2,000
$1 per hr
•
•
•
•
$80
$100 per day
$1,000
$8 & up
undetected info-stealing trojan
distributed denial of service attack
10,000 compromised PCs (zombies)
1 million freshly harvested e-mails
• stolen bank account credentials
• credit card + validation info
• personal ID & their pet’s name
* prices may vary – find your local cybervandal-turned-entrepreneur
Copyright 2009 Trend Micro Inc.
$50 & up
$1 to $2
$10
2011 Threat Predictions
• Prediction #1 – Clever Malware Campaigning – Fake AV etc
• Prediction #2 – Old Malware Re-infections
• Prediction #3 – Vulnerabilities will be exploited faster
– 74% of attacks emerge the same day than patches
• Prediction #4 – BYO Device Risks
Classification 7/16/2015
Copyright 2009 Trend Micro Inc.
8
2011 Threat Predictions
• Prediction #5 – The Cybercrime Underground
Evolution
• Prediction #6 – Cloud-related issues
• Prediction #7 – Targeted Attacks and CyberEspionage
• Prediction #8 – Vulnerable Legacy Systems
Classification 7/16/2015
Copyright 2009 Trend Micro Inc.
9
Threats mostly from the internet
Top threat infection vectors
(how threats arrive on PCs)
1. Visits to malicious websites
( 42% )
2. Downloaded by other malware
( 34% )
3. E-mail attachments & links
( 9% )
4. Transfers from removable disks
( 8% )
5. Other (mostly via Internet)
( 7% )
92%
TARGET
FILE
TRANSFERS
viruses
worms
spyware
8%
botnets
source: Computer Weekly
REMOVABLE MEDIA
INTERNET
Copyright 2009 Trend Micro Inc.
Traditional Security
anti-x at the the gateway/endpoint
“There is a desperate need for
new standards for today’s
anti-virus products. The
dominant paradigm,
scanning directories of files,
is focused on old and known
threats, and reveals little
about product efficacy in the
wild.”
AV
TARGET
FILE
TRANSFERS
Williamson & Gorelik (2011)
E-MAIL
WEBSITES
spam
LINKS &
ATTACHMENTS
REMOVABLE MEDIA
INTERNET
Copyright 2009 Trend Micro Inc.
IT Environment Changes
Challenge: Traditional Approaches Fail
Signature file updates take too long
• Delay protection across all clients and servers
• Leave a critical security gap
26,598
Signature files are becoming too big
• Increase impact on endpoint resources
• Unpredictable increase of client size
16,438
10,160
Patches cannot be deployed in time
6,279
• Systems remain exposed to exploits
• Average time to patch was 55 days in 2010
3,881
2,397
57
205 799
2007
1,484
2009
2011
2013
2015
Unique threat samples PER HOUR
Copyright 2009 Trend Micro Inc.
Single attacks – multiple vectors
Execution Layer
inspection based on file
Infection Layer
AV protection networks have
multiple layers of protection
behavior (rules)
inspection based on file
content (code, hash)
Vulnerability, Execution
& Infection Layer
Exposure
Layer
blocking the transfer &
Exposure
Layer
inspection based on
execution of malware on inspection based on
source (IP, url,
target computers
source (IP, URL, domain)
domain)
Exposure Layer
blocking access to/from
sources delivering
malware
TARGET
FILE
TRANSFERS
E-MAIL
WEBSITES
spam
LINKS &
ATTACHMENTS
REMOVABLE MEDIA
INTERNET
Vulnerability Layer
inspection based on
exploit (rules)
Copyright 2009 Trend Micro Inc.
Smart Protection Network
Block threats based on source,
content & behaviour
FILE
REPUTATION
In addition to examining files for
malicious content & behaviour:
WEB
REPUTATION
EMAIL
REPUTATION
• Web reputation services
identify and block bad web
sites & URLs
• E-mail reputation services
identify and block spam by
sender IP address
TARGET
FILE
TRANSFERS
• Correlation between layers
enhances threat identification
E-MAIL
WEBSITES
spam
LINKS &
ATTACHMENTS
REMOVABLE MEDIA
INTERNET
Copyright 2009 Trend Micro Inc.
The Journey to the Cloud…..
Lowering Costs, Increasing Flexibility
Public Cloud
Private Cloud
Virtual
Physical
Servers virtualized with
minimal changes to
datacenter processes
Servers virtualized in
scalable, shared,
automated & elastic
environment
Traditional
datacenter
Copyright 2009 Trend Micro Inc.
Select enterprise
applications in
public cloud
Questions?