Predicting to Protect
- Staying ahead of the Cyber-Criminals
Ian Cochrane
Market Development Manager, Trend Micro Middle East and Africa
Copyright 2009 Trend Micro Inc. 1
Threats Today
FACT #1:
>80% of Today’s Top Malware Arrives via Web1
FACT #2:
3.5 new threats every second2
FACT #3:
Statistics3:
• Kuwait BOT Growth 187% in 2010
• Kuwait Spam Growth 439% in 2010
1 – source TrendLabs data Apr – Sept 2010 Copyright 2009 Trend Micro Inc. 2
2 – source Trend Micro Smart Protection Network
3 – Source TrendLabs February 2011
Classification 6/8/2011
The Security Circle
Business Impact and
Decision Criteria
Security Challenges The Rapidly Changing
For the Organisation Technology Landscape
Today’s and Tomorrow’s
Security Threats
Copyright 2009 Trend Micro Inc.
Business Impact and
Decision Criteria
The Rapidly Changing
Security Challenges Landscape
TechnologyFor the Organisation
Today’s and Tomorrow’s
Security Threats
Copyright 2009 Trend Micro Inc.
Technology Landscape
Servers Virtual
Servers
NAS
Networks Cloud
Computing
In Particular:
• Increasing number of different Devices
• Increasing number of Applications
Routers • Increasing use of the Web
• Virtualisation; Appliances, Desktops & ServersSecurity Appliances
• Cloud Computing
Netbooks • Social Networking
Windows/OSX Hosted / Managed
Security
USB PSP/PS3
Smart Android
Phones
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 5
Business Impact and
Decision Criteria
Security Challenges The Rapidly Changing
For the Organisation Technology Landscape
Today’s and Tomorrow’s
Security Threats
Copyright 2009 Trend Micro Inc.
Prediction #1:
Targeted Attacks and Cyber-Espionage
• Mid-sized companies will be targeted in cyber-
espionage
• Easy-to-use underground toolkits
– Enable targeted attacks on particular types of organization
• Growth of targeted and localized attacks will continue
both against big name brands and/or critical
infrastructure
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 7
Prediction #2:
The Cybercrime Underground Evolution
• Further consolidation in the cybercrime
underground
– Groups merge and/or join forces as global, public
attention for cyber attacks grows
• Example: ZeuS / SpyEye
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 8
Prediction #3:
Clever Malware Campaigning
• It’s all about Social Engineering.
• Less infiltrated websites, more cleverly crafted
and localized HTML e-mails with URL’s
pointing to the infection source
– Malware campaigning will ensure fast and reliable
spreading of the downloader, the downloader then
downloads randomly generated binaries to avoid
detection
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 9
Prediction #4:
Focus on Vulnerabilities & Exploits
• Growth in exploits for alternative operating
systems, programs and web browsers
• Leveraging the tremendous growth in the use
of application vulnerabilities (Flash etc)
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 10
Prediction #5:
Old Malware Re-infections
• Some security vendors will run into trouble
with local signatures, not being able to store
all the threat information
– Pattern Files will become too big!
– They will increasingly retire old signatures which will
lead to infections with old/outdated malware
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 11
Prediction #6:
Cloud-related issues
• Security demands on Cloud Service Providers
will increase
– Proof of concept attacks against cloud infrastructure
and virtualized systems will emerge in 2011
• e.g. Sony
– Diversity of Operating Systems at the endpoints
forces the bad guys to focus more on critical cloud
services and server infrastructures
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 12
Prediction #7:
Mobile Risks
• More proof of concept, and some successful
attacks on mobile devices, but not yet
mainstream
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 13
Prediction #8
Vulnerable Legacy Systems
• Targeted attacks on “unpatchable” (but widely
used) legacy systems
– Windows 2000/Windows XP SP2, embedded
systems like Telecom switchboards etc.
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 14
Prediction #9
Security vendors brands are targeted
• Security vendors’ brands will increasingly be
targeted by criminals looking to cause confusion
and insecurity among users.
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 15
The Security Circle
Business Impact and
Decision Criteria
Security ChallengesThe Rapidly Changing
For the OrganisationTechnology Landscape
Today’s and Tomorrow’s
Security Threats
Copyright 2009 Trend Micro Inc.
Organisation’s Security Challenges
Top Challenges:
• Increasing Spam, Malware attacks, etc.
• Securing HyBrid data-centres (physical, virtual & cloud)
– Patching
• Increasing volume and complexity of network traffic
• Increasing volume and diversity of Mobile Devices
• Data Loss; internal and external loss
• Complexity of Security Solutions
– Shortage of IT Security Personnel
• Securing Web Applications
• Social Media
• Increasing Regulations and Compliance requirements
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 17
Business Impact and
Decision Criteria
Security Challenges The Rapidly Changing
For the Organisation Technology Landscape
Today’s and Tomorrow’s
Security Threats
Copyright 2009 Trend Micro Inc.
Data Centre Security
• Simplify and Challenge the Status Quo.
– Ensure same security solution and management runs on Physical,
Virtual and Cloud environments
– Conventional Server Security will not work effectively in Virtual and
Cloud environments
• Vulnerabilities and exploits are growing.
– Within virtualised enviroments Patching moves from a headache to
an imperative!
• In Cloud environments:
– Data is Key?
– Make sure you have the KEY!
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 19
End Point Security
• Ensure mobile device protection and plans for future
generations of technology
• Physical and Virtual Desktops are different
– Different technologies require different Security Solutions
• Patching of End Points is essential
– What is your patching policy?
– Are you running un-patchable PCs and Applications?
– Speed of Exploit
• Have a security policy, communicate and enforce
However……
• No training will fully protect from clever social techniques
– Multi-Layered Security is the only solution
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 20
Malware growth and Re-infections
• Traditional Technologies are starting to fail.
– Pattern Files becoming too big, some vendors are eliminating old
patterns without a management strategy.
– Customers are hurting!
– Costs are rising
• Multi-Layered Approach
– Reduce the Client Pattern Files
– Make provision for old Infections
• Protect against false Positives
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 21
Gateway Security
Reduce network bandwidth consumption and infections
before and at the gateway:
• Leverage the Cloud (Hybrid and Hosted Solutions)
– Remove emails before hitting and exiting your network
– Block and control URL access
• Leverage Correlated Reputation Services
(including patent pending ‘image’ techologies and machine ‘learning’)
• Encryption
• When in doubt, use a Threat Overwatch Solution
– Pin-points trouble spots
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 22
‘Cloud’ Security
Amazon Web Services™ Customer Agreement
7.2. Security. We strive to keep Your Content secure, but cannot guarantee that
we will be successful at doing so, given the nature of the Internet. Accordingly,
without limitation to Section 4.3 above and Section 11.5 below, you
acknowledge that you bear sole responsibility for adequate security,
protection and backup of Your Content and Applications.
http://aws.amazon.com/agreement/#7
The cloud customer has responsibility for
security and needs to plan for protection.
Copyright 2009 Trend Micro Inc. 23
‘Cloud’ Security
Organisations love Opex (vs Capex)
• Security in the Public Cloud (Applications and Data)
– Where is your Perimeter Protection now?
• Deploy every security tool you deploy on your physical servers in the
cloud as well because all the cloud providers will give you is a naked OS
without adequate security
– Who is (should be) responsible for the data?
• Make sure you are – Encrypt and own the Key
• Security from the Public Cloud
– Protecting devices from the cloud (and vice versa)
• Make sure all connected devices are secure.
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 24
Data Protection
Through to 2015, mitigating data breaches will cost >10
times more than installing data protection mechanisms
on mobile devices
• What do we mean by Data Protection?
– Not only; Encryption, Device Control, Data Leakage Protection
• We must protect Data while:
– In Motion (email, webmail, IM, FTP, etc)
– At Rest (Residing in Server/Storage/Cloud environments)
– In Use (Typically End Point)
• We need to think Holistically about protecting data and
what security solutions we employ
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 25
.........and Finally
Regulation and Compliancy
• For certain sectors in Kuwait, addressing Regulations and
Compliancy are becoming essential
• The right Security Solutions can help you get ‘Ahead-Of-
The-Game’
– End-Point
– Gateway
– Data Centre
– Cloud
Classification 6/8/2011 Copyright 2009 Trend Micro Inc. 26
Thank You
[email protected]
Copyright 2009 Trend Micro Inc. 27