Transcript Slide 1
Cybercrime & Effective Gateway Anti-Malware Protection Juniper & Kaspersky Lab Mohammed Hussain & Matthew Robinson June 10th, 2009 Event details (title, place) Sophistication.. 17/07/2015 June 10th, 2009 2 Event details (title, place) Scareware Demo.. 17/07/2015 June 10th, 2009 3 Event details (title, place) Demo illustrates how Malware is becoming more sophisticated.. - Two aspects: technical and social engineering Technical: for example.. User visits legitimate website Malicious code secreted to redirect; GUI runs in browser ‘Drive by download’; use of exploits, silent install of malware Social engineering: for example.. - New techniques - Better craftsmanship and execution 17/07/2015 June 10th, 2009 4 Event details (title, place) 17/07/2015 June 10th, 2009 5 Event details (title, place) 17/07/2015 June 10th, 2009 6 Event details (title, place) 17/07/2015 June 10th, 2009 7 Event details (title, place) Is end point protection effective? 17/07/2015 June 10th, 2009 The human element Guest & legacy systems Vendor technical problems Poor performance Questionable protection 8 Event details (title, place) Multi-layered approach reduces exposure Intercept all routed traffic and check it for malware Gateway protection layer Mail systems protection layer protection layer Gateway E-mail Servers Internet 17/07/2015 June 10th, 2009 Network Services and Workstations Workstations Network Servers 9 Event details (title, place) Juniper Branch Products SSG, SRX, and J Series Products SRX Unified Threat Management SSG Family – Full IDP FW, VPN, NAT, UAC J Series FW, VPN, NAT, UAC IPv6 Security – Kaspersky Antivirus Routing, Switching, QOS, MPLS Wireless (WLAN) – Web filtering WX—ISM 200 Application Acceleration Unified Threat Management VoIP VoIP – Intrusion Prevention: DI – Juniper OpenCommunications – Power over Ethernet – Kaspersky Antivirus – Web filtering FW, VPN, NAT, UAC Unified Threat Management – Full IDP – Kaspersky Antivirus – Web filtering SSG20 Wireless SRX 100 J2320 SSG5 Wireless SSG320M SSG140 SSG520 SSG520M SRX 210 J2350 SRX 240 J4350 SSG350M SSG550 SSG550M June 10th, 2009 SRX 650 J6350 Event details (title, place) Kaspersky AV for Juniper Networks Available on SSG, SRX, and J-Series Stand-alone Kaspersky AV UTM (anti-virus, anti-spam, Web filtering, IPS) On Juniper Networks price list Full AV or Express AV options on SRX Full AV (better coverage) Express AV (faster processing) June 10th, 2009 Event details (title, place) Kaspersky AV for Juniper Networks (cont.) Protect against viruses in email (SMTP, POP, IMAP protocols), webmail (HTTP) and FTP traffic Integrated AV engines and virus signature databases – updated periodically, available via AV subscription license • Full AV • Kaspersky engine and database • File-based scanning • High detection – comprehensive database contains signatures of current/ recent/ widespread/ critical viruses • Express AV • Juniper engine, Kaspersky database • Packet-based scanning with hardware acceleration – Content Security Accelerator (CSA) • High performance, lightweight – smaller database than file-based AV’s June 10th, 2009 Event details (title, place) I agree, gateway anti-malware makes perfect sense. It means.. Harder for malware to penetrate my network and cause damage The risks of having desktop-only protection are mitigated I may see better network performance .. [ ] 17/07/2015 June 10th, 2009 13 Event details (title, place) I agree, gateway anti-malware makes perfect sense. But.. .. why Kaspersky & SSG/SRX? .. I’m concerned about network performance .. I already have a gateway AV solution in place .. [ ] 17/07/2015 June 10th, 2009 14 Event details (title, place) Why Kaspersky..? AV is not a commodity. In today’s climate of fast increasing levels of sophisticated malware and targeted threats, you need the best possible protection. Why compromise? Kaspersky Lab offers the world’s most immediate protection - highest frequency of updates (hourly) - fastest response time to new threats - consistently the best detection rates - unmatched unpacking technology 17/07/2015 June 10th, 2009 15 Event details (title, place) Small updates for the Best Possible Protection and User Experience Average number of updates per day Sophos 48 Panda 15 McAfee 8 Kaspersky 54 0 10 20 30 40 50 60 Fast spreading viruses and worms achieve 100% penetration in less than a few hours. Responding quickly and accurately with new signatures is critical to minimize the window of vulnerability and provide proactive protection. 17/07/2015 June 10th, 2009 16 Event details (title, place) Fast Response Ensures the Shortest ‘Window of Opportunity’ 17/07/2015 June 10th, 2009 17 Event details (title, place) Consistently High Detection Detection of a representative set of malware discovered in the last 2-3 months (AV-Test reference set) Industry Standard KIS 2012 98.50% 99.40% 50.00% 55.00% 60.00% 65.00% 70.00% 75.00% 80.00% 85.00% 90.00% 95.00%100.00% 17/07/2015 2009 PAGE June1810| th, Source: AV-Test.org – May 2011 Results 18 Event details (title, place) AV-Test KIS 2012 – Zero Day Attacks Protection against 0-day malware attacks from the Internet, including web and e-mail threats Industry Standard KIS 2012 80.50% 94.60% 50.00% 55.00% 60.00% 65.00% 70.00% 75.00% 80.00% 85.00% 90.00% 95.00% 100.00% Source: AV-Test.org – May 2011 Results 17/07/2015 2009 PAGE June1910| th, 19 Event details (title, place) Support for 4000+ Archiving and Compression Formats 17/07/2015 June 10th, 2009 20 Event details (title, place) International awards The largest number of industry awards from IT publications and malware testing organizations globally 17/07/2015 June 10th, 2009 21 Event details (title, place) Comparative Analysis Here’s how Kaspersky solutions perform vs. their competitors in the industry: Criteria AV-Comparatives: Approved 2010 Corporate Product AV-Comparatives: Feb’ 11 On-Demand Comparative Test AV-Comparatives: Dec’ 09 Performance Test Score AV-Comparatives: May’11 Retrospective / Proactive Test Kaspersky Lab Symantec McAfee Trend Micro Sophos Panda AVG Yes No Yes Yes Yes No No Advanced+ Advanced Advanced+ Standard Advanced Advanced Standard 193 188 174 Not incl. 193 Not incl. 164 Advanced+ Not Included Not Included Not incl. Not Included Few false alarms Proactive DR: 55% Standard Advanced Few false alarms Proactive DR: 23% Many false alarms Proactive DR: 52% AV-Comparatives: 2010 Overall Whole Product Dynamic Test Advanced+ Advanced+ Not incl. Advanced Not incl. Advanced Advanced AV-Comparatives: Oct’ 09 Removal Test Advanced+ Advanced+ Advanced Not incl. Advanced Not incl. Advanced 94.56% 88.58% 84.71% Not incl. 89.14% Not incl. 92.55% 64 56 48 16 57 1 37 5.5 / 5.5 / 5.0 5.0 / 5.0 / 3.5 3.0 / 3.0 / 3.5 Failed! 4.5 / 3.5 / 4.5 4.0 / 4.5 / 5.0 5.5 / 5.0 / 5.0 5.5 / 4.5 / 3.0 42.0% -4.8% 1.8% 6.7% 25.9% -6.2% 31.0% VB100: Apr’11 Reactive and Proactive Protection (RAP) Score VB100: Successful Results In Total AV-test.org Q2-2011, Protection/Repair/Usability score Worldwide System Infrastructure Software Revenue, 2009 Growth 17/07/2015 June 10th, 2009 22 Event details (title, place) And.. Full & Express AV options help alleviate latency concerns Manage device/s from a single vendor, not multiple Hardened operating system is more secure Potentially more cost effective to consolidate: easier to deal with a single vendor rather than deal with multiple vendors, support channels, commercial agreements, etc. Straightforward to switch on AV – no messy installs or configuration Thirty day AV trial license .. [ ] 17/07/2015 June 10th, 2009 23 Event details (title, place) Final point.. There is a BIG opportunity! Kaspersky Attach [SSG/SRX] 8% KAV Non-KAV 92% 17/07/2015 June 10th, 2009 24 Event details (title, place) Final point.. There is a BIG opportunity! ‘Money on the table’; great potential to realise more revenue Simply quoting up front increases the attach rate UTM/AV subscription is ‘sticky’ Fantastic opportunity to maximise return on existing customer base .. [ ] 17/07/2015 June 10th, 2009 25 Event details (title, place) Questions? 17/07/2015 June 10th, 2009 26 Event details (title, place)