Product Launch Template

Download Report

Transcript Product Launch Template 

Insider Threats, Anomalies
and wrong behavior in
Networks
eTrust™ Solutions and Techniques to cope with
CyberCrime and IT/Communication Fraud
Presented to you by Andreas Wagner
Principal Consultant (Chief Security Advisor) - MEA
Agenda
 Introduction Andreas Wagner
 CSI/FBI 2005 Cyber Crime & Security Study
 Nightmares for CSO’s, CEO’s and Shareholders
 Live presentation of CyberCrime Analysis
 eTrust Security Solutions to ease Nightmares
 The different point of view (Summary)
 Questions & Answers
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Introduction Andreas Wagner
 Andreas Wagner
- Security Expert & Consultant,
Author, Chief Security Advisor
- 46 yrs., married, 2 Kids
- 26 yrs. in IT
- 11 yrs. in Security
- IBM/370, PC, Networks, Internet,
Security, Computer & Network
Forensics, Lawful Interception,
CyberCrime
- [email protected]
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Introduction Andreas Wagner
 Customers requested either / or
-
Presentations
Consulting
Reorganization / Reconstruction
GAP Analysis
Trainings
Executive Coaching
Investigations
Man Hunt
Search for Evidence
Anomaly & Behavior Analysis
Securing of Evidences
IT-Forensic (Network and Computer)
Network Interception
Context Analysis
Security Motivation
Penetration test (Logical / Physical)
Human Hacking (Social Engineering)
Assessments
Finance:
1. Bank Austria
Bank Austria
Post Austria
Swiss Life
Swiss Re
HUK Coburg Insurances
Polish National Bank
Greek National Bank
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Government:
CSI/FBI 2005 CyberCrime & Security
Study
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
CSI/FBI 2005 Cyber Crime & Security
Study
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
The Reason for Nightmares
The “Big / Bad”
Internet
IP-Based
Dangerous
Criminals
Worldwide
Medium fast
Connect only
with restrictions
No ownership
Workspace of Hackers etc.
Your Network
(Micro Internet)
IP-Based
Trusted
Employees
Local to Worldwide
Fast
No restrictions
Your ownership
Perfect Workspace
for Hackers, Insider etc.
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Nightmares for Companies and
Shareholders



















Insider Threats (Info Leakage, Eco Spy‘s, Social Engineering)
BotNet Attacks to eCommerce and eBanking
Viruses, Worms, Trojans, Spyware, Spytools
Illegal installed WLAN‘s
Lost / Stolen / Misused Laptops
Unknown Communication Behaviour
Unacceptable use of the Internet
N*N-1 Communication between Windows-Machines
Too many vulnerabilities
eCommerce Apps. quite easy to hack !
Infrastructure helps Attackers/Insiders to hide
No internal Security Perimeters / Firewalls
No Desktop / Server Firewalls
Too many Logfiles to analyze
Weak capability of correlation „in the brain“
Not well trained Security Personnel
Too many „false positives“
No Security Awareness Training for Employees
Ignorance
Proprietary information theft resulted
in the greatest financial loss
($70,195,900 was lost among 530
surveyed companies, with the
average reported loss being
approximately $2.7 million), which
are mostly coming from internal
unauthorized access. (CSI/FBI
2003)
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
What “Bad Guys” use !!
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Memory Stick’s, Gadgets & Co.
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
For the Cracks
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
For the lazy “Cracks”
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Enough with Theory, lets become live !
 Analysis Technologies by Visualizing data
 Context Analysis on eMail
 Profiling of Network Objects for Man Hunt
 Outperforming CyberCrime by thinking like your
Enemy
 Precautions in Networks to prevent CyberCrime
 Tips, Tricks and Cases already happened !!
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Consequence = Lesson learnt !
 You need endpoint Security to get Triggers
 Triggers have to be correlated into an
Information System, to recognize alarms
 Become ahead of CyberCrime by thinking like
your Enemy
 Logical penetration tests are usefull as they
involve human factors
 There is no such thing as ROI on Security, or is
there a ROI of an unused Fire Extinguisher ?
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
eTrust™ Security Solutions
 eTrust™ Security
 Who has access to what?
- What is happening in your
environment?
- Who / What causes it?
- How can you address it?
 Perfect overall protection !
 In depth investigation of cases !
 Enabled by a world-class research
team !
 Tailored to your needs with a world
class consultant team !
 Integration with network and systems
management tools !
 On-demand security management !
 Real Time Protection !!
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Complexity/Management
Evolution of Security
4th Generation
Proactive
3rd Generation
Enablement
2nd Generation
Reactive
1st Generation
Gates, Guns, Guards
Time
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
The Vulnerability Problem is Growing
Incidents and Vulnerabilities Reported to CERT/CC
Total Vulnerabilities
4000
3500
3000
2500
2000
1500
160,000
“Through 2008, 90 percent
of successful hacker
attacks
will exploit well-known
software vulnerabilities.”
- Gartner*
140,000
120,000
100,000
80,000
60,000
1000
40,000
500
20,000
0
Total Security Incidents
4500
0
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
Vulnerabilities
Security Incidents
* Gartner “CIO Alert: Follow Gartner’s Guidelines for Updating Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003
** As of 2004, CERT/CC no longer tracks Security Incident statistics.
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Managing Your Asset’s Vulnerabilities
Technology
Cisco PIX 6.2
VPN
Hacker
Internet
Technology
Cisco Router
IOS 12
Router
PC
On average, it will take 43
staff hours to manually
address 170 vulnerabilities
for 4 technologies.*
Switch
Firewall
Vulnerabilities
14
Switch
Firewall
Hub
Database
Server
Load Balancer
IDS
Vulnerabilities * Source:
Based on a study conducted by aServer
third-party
consultant.
Switch
56
Technology
Win2K Server sp4
IIS 5.1
Server
Web Server
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Vulnerabilities
83
17
Security is a Process: IAM
HR
System
HR
Data
Passed
to
Admin
Access &
Accounts
Created
Admin
Maps
Job to
Roles
eTrust
Admin
Legacy eTrust™
CA-ACF2® Security
Audit
Oracle
Access Control
Marge Greene
Director, Human Resources
SAP
WORK FLOW PROCESS
NT
MS Exchange
Procurement
Sun Solaris
eTrust™ Web
Access Control
Facilities
New Hire
Department
Manager
Gives - OK
Robert Stone
EVP, Sales
New Division
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Enterprise Critical
Reliability Unlimited
Scalability and more
eTrust Security Management
Customers
Partners
Contractors
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Hackers
Malware
Spam
Security Data…
 Challenges
- Too much security data
- Unable to prioritize
events
- Costly to control
incidents
- Unable to meet auditing
and compliance
requirements
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Security Information Management
 Solutions
- Turning data into
information that can be
used to take action
 Help ensure incidents
don’t impact business
- Providing security views
that enable compliance
 Comply with Basel II,
HIPAA, Sarbanes-Oxley,
internal standards or
others
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Security Event Management
Alerts
eTrust™
Security
Command
Center of
Security
Events
1.
eTrust™ Security
Command Center
eTrust™
Intrusion
Detection
Unicenter®
ServicePlus
Service Desk
2.
4.
Check
Point
Firewall
Internet
Security
Systems
(ISS) Scan
Deploys
Technician
Lists
Assets
Vulnerable to
Exploit
Requests Assets
Affected by
Exploit
Vulnerability
3.
eTrust™
Vulnerability
Manager
Deploys Patch or
Configuration via
Embedded or
External
Unicenter®
Software
Delivery for
Implementation
on Assets
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Unicenter®
Software
Delivery
5.
eTrust Security Solutions to ease
Nightmares

















Insider Threats (Info Leakage, Eco Spy‘s,)
Viruses, Worms, Trojans, Spyware, Spytools
Illegal installed WLAN‘s
Misused Laptops
Unknown Communication Behaviour
Unacceptable use of the Internet
N*N-1 Communication between WindowsMachines
Too many vulnerabilities
eCommerce Apps. quite easy to hack
Infrastructure helps Attackers/Insiders to hide
No internal Security Perimeters / Firewalls
No Desktop & Server Firewalls
Too many Logfiles to analyze
Weak capability of correlation „in the brain“
Not enough well trained Security Personnel
Too many „false positives“
No Security Awareness at “C” Level







Network Forensic, Tiny Firewall Suite, IAM
Anti Virus, Pest Patrol, Secure Content Mgr.
Wireless Site Manager (Unicenter)
Tiny Firewall Suite
Tiny Firewall Suite, Network Forensic, SIM
Secure Content Mgr., Network Forensic, IAM
Tiny Firewall Suite










Vulnerability Manager, Tiny Firewall Suite
Tiny Firewall Suite, Site- & Transaction Minder
Tiny Firewall Suite
Tiny Firewall Suite
Tiny Firewall Suite
Audit, SCC
Audit, SCC, Network Forensic
eTrust Security Products
eTrust Security Products
Better reporting from all products through SIM
All Events have to be centralized by SCC or Audit
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
The different point of View (Summary)
 Security is a strategy & process, perfectly supported by the eTrust™ product suite !
 Think like your enemy ! Reduce the possibility of Security breaches by the most
comprehensive Suite: eTrust™ Products
 Reduce the Workload through eTrust™ SIM
 Expect the unexpected, strong Content, Border and Endpoint Security by Threat
Management protects you from surprises !
 I don’t know what I don’t know ! With Network Forensic you will !!
 Security is the ART to open systems in a way, that they are perfectly close ! IAM and
the Tiny Firewall Suite are the Solution
 Security without enough sensors and SIM is like:
Finding a needle in a haystack, without knowing which color the
needle has and in which barn the haystack is !
 Identify before you let someone Access anything!! Siteminder and IAM are the solution
!
 Do not secure or detect in the middle of your network, secure the endpoints with Tiny
Firewall Suite and IAM
© 2004 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
CyberCrime already hit your
company, but you were not
able to detect it !
The complete solution with eTrust™ Products to prevent being a
Victim !
Presented to you by Andreas Wagner
Principal Consultant (Chief Security Advisor) – MEA
[email protected]
+966 500 107 693 KSA mobile
Or +8821 6777 09769 Worldwide mobile