Businesses of all sizes face risks in the everyday acts of using digital technology and the Internet for legitimate purposes. This presentation outlines eight common threats that traditional antivirus alone won't stop, and explains how to protect your organization using endpoint security. For more, visit: http://bit.ly/8Threats_wp
2. Outline
Current threat landscape
8 threats AV won’t stop
Wrap up
2
3. Changing threat landscape
What’s causing you pain
Threats Data
changing, everywhere, r
still egulations
increasing growing
Users
everywhere,
using
everything
3
4. How data is lost
Source: DatalossDB.org
Devices Hacked
Web/Virus Documents
Fraud
4
5. Anatomy of an attack
A hijacked website or an
Entry point unwanted email with a
malicious link
Initial malware redirects
Malware based on what it’s working
Distribution with
(Windows/Mac, IE/Safari, e
tc.)
Exploit pack attempts to
Exploit leverage a number of
vulnerabilities vulnerabilities in apps &
plugins
Download of a malicous
payload to log keys, steal
Infection data, or convert the system
into a botnet
Malware calls home with
Execution sensitive data
6. Outline
Current threat landscape
8 threats AV won’t stop
Wrap up
6
7. Evolution of AV
Signature Signature Endpoint Complete
AV AV + HIPS Security Security
• Signature based • Signature based • Signature based • Endpoint Protection
anti-virus protection anti-virus protection anti-virus protection • Web Protection
• HIPS (Host • HIPS (Host • Email Protection
Intrusion Prevention Intrusion Prevention
System) System) • Network Protection
• Behavioral analysis • Data Protection
• Client firewall • Mobile Protection
• Application control
• Device control
8. 8 threats AV won’t stop
Human error:
1. Misdirected email
2. Infected USB device
Facts of life:
3. Working offsite
4. Working on the web
IT issues:
5. Unpatched PC’s
6. Uncontrolled apps
Malicious intent:
7. Stolen Laptops
8. Zero-day threat
8
9. 1. Misdirected email
If it hasn’t happened to you, it will
Data Control
Email
encryption
9
10. 2. The infected USB device
75% fail the lollipop test
Device Control
Data Control
Encryption
10
11. 3. Working offsite & 4. on the web
Today’s primary source of FakeAV
URL Filtering
Endpoint Web
Protection
11
12. 5. Unpatched & 6. Uncontrolled apps
Is your company data circulating on Bit-Torrent?
Application
Control
Patch
Management
12
13. 7. Stolen laptops
It’s only a matter of time
Full Disk
Encryption
Email
encryption
Encryption
for cloud
13
14. 8. The zero-day threat
Exploiting unknown vulnerabilities
Anti-malware with
behavioural analysis
Intrusion
prevention
Live Protection
14
15. Outline
Current threat landscape
8 threats AV won’t stop
Wrap up
15
16. Evolution of AV
Signature Signature Endpoint Complete
AV AV + HIPS Security Security
• Signature based • Signature based • Signature based • Endpoint Protection
anti-virus protection anti-virus protection anti-virus protection • Web Protection
• HIPS (Host • HIPS (Host • Email Protection
Intrusion Prevention Intrusion Prevention
System) System) • Network Protection
• Behavioral analysis • Data Protection
• Client firewall • Mobile Protection
• Application control
• Device control
17. Layered Protection Complete Security at Work
Reduce attack
Entry point
Protect everywhere
Anti-spam surface
URL
Filtering
Malware
Distribution Stop attacks
Live and breaches
Protection
Exploit Application
Intrusion
Control
vulnerabilities prevention
Keep people working
Patch
Manager Anti-malware
Infection
Live
Protection
Data Control
Firewall
Execution Encryption
18. 8 Questions to ask your vendor…
1. How do we stop sensitive data from falling into the wrong hands?
2. How can we ensure staff is not leaking data out of our organization?
3. How can we prevent users from infecting themselves with USB sticks?
4. How do you protect offsite users from malicious websites?
5. How can we control applications such as VoIP, IM, P2P or games?
6. How can you help ensure systems are patched and up to date?
7. How does your solution help protect us from new and unknown threats?
8. How often do you publish new threat intelligence and how do we get it?
18
19. Complete security
Better protection, better efficiency, and better value
Endpoint Web Email Data Mobile Network
Reduce attack surface Protect everywhere Stop attacks and breaches Keep people working
URL Filtering Web Application Endpoint Web Encryption Data Control Access control Automation WiFi security
Firewall Protection for cloud
Anti-spam Patch Manager Mobile Control Virtualization Anti-malware User education Visibility Local self-help
Application Mobile app Clean up Technical
Device Control Secure branch Intrusion Firewall
Control security support
offices prevention
Encryption Tamper Free Email Live Protection Small
protection Home use VPN Performance updates
encryption
21. Staying ahead of the curve
Staying ahead of the curve
US and Canada
facebook.com/securitybysophos 1-866-866-2802
NASales@sophos.com
Sophos on Google+
UK and Worldwide
linkedin.com/company/sophos
+ 44 1235 55 9933
Sales@sophos.com
twitter.com/Sophos_News
nakedsecurity.sophos.com
21
Editor's Notes
This presentation reviews the current threat landscape and what’s driving change in IT security. It also dives into 8 threats your traditional AV can’t stop, and wraps up with some questions you can ask your prospective vendor to make sure you’re getting the protection you need.
The threat landscape is continually evolving, but today there are really four sources of pain…1. Users are more mobile than ever and using a broader array of devices to do their work, from laptops, to tablets, to smart phones.2. The threats themselves are evolving rapidly in an ever escalating arms race to try and evade your security and victimize your users.3. There’s the problem of data being everywhere, increasing regulations and the fact that your sensitive data is what the bad guys are targeting.4. Security is taking too much of your time and its impacting not only your productivity but that of your users too.
Here is some data from datalossdb.org that tracks a variety of data loss incidents. The number one source of lost data is a stolen laptop, device or other form or removable media noted in the chart by blue.The next major type of data breach was due to hacks and improperly secured servers and databases. It’s a challenging vector to address, but there are a number of best practices you should be looking at implementing to safeguard yourself. Certainly web server protection being top on the list.Then comes Web, Email and Virus type attacks which account for 15% of data loss breaches.Good old fashioned printed documents either lost, stolen or improperly disposed of actually accounted for about 13% of data breaches.
Web and virus attacks account for a significant percentage of data breaches. A typical web or email attack can be broken down into a series of phases:Entry point - This is typically a hijacked website or perhaps an email with a malicious link in it. These hijacked sites change quickly and spread like wild-fire when new exploits in servers are discovered making it difficult for traditional URL filtering to provide a meaningful defense.If a threat slips past this first level of defense, the initial malware will do a quick assessment of the system to see what kind of operating system, browser, plugins and apps it’s dealing with and then redirect the malware accordingly to an appropriate malware hosting site. These malware traffic distribution systems utilize new servers all the time often using fast-flux DNS to stay ahead of the game.Once an attack manages to slip through to the next phase, it will usually involve a commercially available exploit pack that attempts to leverage any number of vulnerabilities in apps and plugins. This is usually easy picking for malware as there are often dozens of browser and applications running all ripe with exploits.Should an attack successfully exploit a vulnerability, it will then download a malicious payload to infect the system to log keys, steal data, or covert the system into a botnet or malware hosting site. This is pretty much your last line of defense and you’re now relying on detecting sophisticated virus and malware code.Should this malware be successful in taking hold, it will then start calling home with sensitive data or information about the infected system so it can be exploited further.
The Evolution of AV.Anti-virus started out many years ago as a signature based form of protection. Every virus was identified by a unique signature and as new variants appeared, new signatures were required. As these threats started to evolve more quickly to the level we have today, where tens of thousands of new variants can appear daily, it’s simply not scalable or reliable to depend on signature based detection. So most AV companies added a capability called HIPS to their security software that can detect malicious behavior and stop it before it can cause too much damage. More recently, the concept of Endpoint security has gotten more sophisticated with technologies that use better behavioral analysis to detect suspicious code and other technologies designed to reduce the surface area of attack… firewalls, application control, and device control all help in this regard by reducing vulnerabilities.Today we seem to be in the next-generation in the evolution of IT security… which goes far beyond essential AV… combining technologies that work better together across threat vectors to provide endpoint, web, email, network, data and mobile protection… or what we like to call complete security.
8 threats your AV won’t stop youcan be broken down into four types of issues:Human errorFacts of lifeIT issuesMalicious intent
Everyone has accidentally sent an email to the wrong person or “replied-all” on a note that was intended only for one person.No AV solution is going to help you here, but there’s little need for this kind of problem anymore with affordable, simple email encryption and data loss prevention that can either stop sensitive data from leaving the organization or ensure it’s encrypted and protected from falling into the wrong hands.
In a recent security audit at a credit union, it was found that 15 employees out of 20 that found a USB stick in the parking lot or elsewhere near their office, had plugged them into their computer. This is how many organizations are targeted today. In fact, this is rumored to be the way an Israli worm was propagated within Iran to thwart their Nuclear program. This problem is crying out for a solution, and you don’t really want to have to rely on old-school AV to solve this. Fortunately, it’s all very simple. A combination of device control, data control, encryption, and even a bit of user education can go a long ways towards eliminating this risk.
In today’s mobile world, you’ve got an increasing number of users working offsite who you are either trying to force to connect through the corporate infrastructure using VPN which can be expensive, complex and frustrating, or you’ve got road-warriors coming back to the office with infected laptops. Likely infected with some kind of FakeAV. The problem is nothing new, but there are new ways to solve it. With Web Protection in your Endpoint, your users can take their web protection with them everywhere they go, and be protected just like they are back in the office.
Unpatched and uncontrolled applications represent one of the biggest exposures you have. Every unpatched application represents a set of vulnerabilities that are ripe to be exploited, and the more uncontrolled browsers, media players, and other applications users are running on their systems, the greater this surface area of attack. It’s absolutely essential that you limit these kinds of applications to just those required for your organization, and keep them patched. That’s where a complete security solution that includes application control and patch management play a critical role in reducing your risk and exposure to attack while also reducing the number of ways that sensitive data can end up leaving your network.
Thousands of laptops are stolen every day. It’s only a matter of time before it happens to all of us. Fortunately, with affordable, simple encryption solutions for disks, emails, and files in the cloud or on removable media, there’s no reason anyone should have to worry about this kind of data loss anymore.
The term zero-day threat means that the attack is exploiting a vulnerability before it’s been published. Behavioral analysis and intrusion prevention in today’s Endpoint security is designed to detect malicious code and behavior before it becomes a problem. Technologies like Sophos Live Protection make real-time updates to the latest threat intelligence possible, closing the gap between regular threat updates… improving response time to emerging zero-day threats.
Howto make sure you’re getting the right solution or the most protection for your tight IT security budget.
As you’ve seen, you need more than just AV to stay protected… you need complete security. You need the technologies we talked about working across all vectors from Endpoint, to the network gateway including web and email, with data protection everywhere and mobile protection as well.
Proper complete security starts with reducing the surface area of an attack. Technologies like anti-spam and URL filtering play critical roles in blocking malicious entry points but you need solutions that update themselves in real-time… that’s where real-time updates like Sophos Live Protection can be a huge benefit. Application control and patch management play equally critical roles in eliminating vulnerabilities that can be exploited by controlling the number of applications and helping to keep them patched… significantly reducing the chance of infection. Last but not least, data control and encryption are an important last line of defense in protecting data should your system become infected and of course, to prevent data loss through accidents that are bound to happen.To prevent infection, you need a number of leading edge technologies working on your behalf to stop attacks and breaches at a variety of layers, detecting malicious code behavior and preventing it from taking hold or communicating with the source.And of course, these days, you need this kind of multi-layer protection everywhere users are, and in a way that keeps both them and the IT team productive and working without bogging them down.
Here some essential questions to ask prospective vendors that get at their ability to deliver complete security.
Of course, Sophos has the answers and can bring all of the essential technologies you need for better protection.
The best part is that Sophos has made it simple by tightly integrating our security solutions where it makes sense to provide better protection/better efficiency through reduced complexity and better value for you. You get the benefit of all these technologies that are working seamlessly for you and you can manage them easily with our simple administration tools that take the head-aches out of managing today’s IT security.