Security trend-with-sec point
-
Upload
secpoint-aps -
Category
Business
-
view
245 -
download
0
description
Transcript of Security trend-with-sec point
Security Evolution on the Edge
The State of Insecurity
State of Security
3
• Network Attacks are on the rise - Viruses, Worms, and Trojans
• “9 Of 10 Companies Hit By Computer Crime” - FBI
• Their presence is global
*CERT stats for 2004 and 2005 are based off comments on the CERT site that the number of incidents are too large to track anymore (figure here is a low estimate)
Source: Kaspersky Labs – May 2009
You’ve Seen It In The News
4
You’ve Seen It In The News
5
New York Police Department
under Chinese cyber-attacksUS Air Traffic Control Vulnerable to Cyber-attack
Staged cyber attack reveals Vulnerability in power grid
And more breaking news every day….
6
The IT Security Paradox
100% of these organizations
have purchased
“IT security” solutions
7
High
Low
1980 1985 1990 1995 2005
IntruderKnowledge
AttackSophistication
Cross site scripting
password guessing
self-replicating code
password cracking
exploiting known vulnerabilities
disabling audits
back doors
hijacking sessions
sweepers
sniffers
packet spoofing
GUIautomated probes/scans
denial of service
www attacks
Tools“stealth” / advanced
scanning techniques
burglaries
network mgmt. diagnostics
distributedattack tools
Staged
Auto Coordinated
Attack Sophistication vs.Intruder Technical Knowledge
Vulnerability Exploit Cycle
AdvancedIntrudersDiscover NewVulnerability
CrudeExploit Tools
Distributed
Novice IntrudersUse Crude
Exploit Tools
AutomatedScanning/ExploitTools Developed
Widespread Use of Automated Scanning/Exploit
Tools
Intruders Begin Using New Types of Exploits
Highest ExposureTime
# OfIncidents
Today’s Reality1. Organizations and people are dependant on
technology2. Attacks are now both obscured and actionable3. Time from vulnerability to exploit is shorter
9
Perpetuated by: Outdated technologyContinual security changesLimited controlHuman factors
The new attackers: Cybercrime Organizations Mafia OrganizationsProfessional HackersCompany insiders
Past and Present Solutions
Legacy Firewall Solutions
• Legacy firewall technology is limited & cannot effectively prevent today’s threats or network misuse
• For complete protection many have cobbled together security solutions from multiple vendors with little to no integration
11
Threats
Threats
However, the net result is higher overall cost of ownership and increased resource demand &
performance concerns
Internal Network Users
Typical Firewalls Only Inspect the “Luggage Tag”
Complete Protection MeansDEEP Inspection
Network Traffic
Fir
ew
all
Route
r
Anti
-Spy
Gate
way A
V
Clie
nt
AV
Wir
ele
ss S
ec.
Conte
nt
Filt
er
Anti
-Phis
hin
g
Intr
usi
on P
rev.
Fir
ew
all
Route
Anti
-Spy
Gate
way A
V
Clie
nt
AV
VPN
Conte
nt
Filt
er
Anti
-Phis
hin
g
Intr
usi
on P
rev.
Internal Network Users
However, the net result is higher overall cost of ownership and increased resource
demand & performance concerns
Advanced L-7 ClassificationFoundation of Visibility
12
Static Port 8080
Dynamic Port 8072280722
IP 192.168.1.1192.168.1.1
Link Layer 00D059B71F3E00D059B71F3E
TCP/UDP 06/1106/11
Applications
HTTP/SSL, SMTP/POP3,
FTP
HTTP/SSL, SMTP/POP3,
FTP
Oracle,SAP,
KaZaA
Oracle,SAP,
KaZaA
Oracle, SAP,KaZaA over
HTTP
Oracle, SAP,KaZaA over
HTTP
Typical Router, Probe, etc.
Stateful Inspection
CompleteApplication
Classification
Application sub-classifications, validation, behavioral characteristics, multi-packet flow analysis and profiling intelligence for encrypted, tunneled
and evasive applications.
Packeteer
Over 450 Application
Classifications
Threat Protection Differences
13
Static Port 80
Dynamic Port Multiple ports
IP 192.168.1.1
Link Layer 00D059B71F3E
TCP/UDP 06/11
ApplicationsLayer Threat
Limited Virus Protection, AppLayer Threats
Viruses WormsTrojans Spyware
IM/P2P apps
Unlimited File Sizes andUnlimited
Users
Routers/ Nat Filters
Stateful Inspection
Typical Deep
Packet
SecPoint Deep
Inspection
Complete Protection
14
Better Protection & PerformanceSolutions Are Not Created Equal
Current FirewallsPort blocking TCP/IP RulesIP RoutingLink Layer
Routers Firewalls Cisco/FortinetUTM
SecPointUTM
Intelligent UTM ProtectionScan Unlimited Sized Files & UsersBlock Applications such as MSNOutbound Spyware ControlContent Filtering/Control & PhishingStream-based file support
Att
ack
Sop
hist
icat
ion
Typical UTM Protection
Limited scanning for Viruses/Worms/TrojansInbound Spyware protectionSNTP, HTTP, IMAP supportContent Filtering
Network ThreatsSimple DoS Attack IP SpoofSmurf Attack
“Highest Risk” ThreatsHidden malware in large filesSpyware communication outboundViruses on to network drivesP2P/Instant Messenger threatsPhishing attacksRootkits
Typical Threats Downloaded or emailed VirusesEasy to acquire SpywareMisuse of network resources
Se
cPo
int
Un
ified T
hrea
t Ma
nag
em
en
t
15
Typical Firewall
Traffic Path
INSPECT
Version | Service | Total Length
ID | Flags | Fragment
TTL | Protocol | IP ChecksumSource IP Address
Destination IP AddressIP Options
SourceUDP Port
DestinationUDP Port
UDPLength
UDP Checksum
Source
212.56.32.49
Destination
65.26.42.17
Source Port
823747
Dest Port
80
Sequence
28474
Sequence
2821
Syn state
SYN
IP Option
none
StatefulPacket
Inspection
Legacy Firewalls
Stateful is limited inspection that can only block on ports
No Data Inspection!
Data goes through unchecked!
16
Firewall Traffic Path
INSPECT
Version | Service | Total Length
ID | Flags | Fragment
TTL | Protocol | IP ChecksumSource IP Address
Destination IP AddressIP Options
SourceUDP Port
DestinationUDP Port
UDPLength
UDP Checksum
SecPoint Signatures
ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT
INSPECT
StatefulPacket
Inspection
Unified Threat Management Platform
UTM Inspection inspects all traffic moving through a device – 98% more inspection
Security Prod.
SecPoint UTM
Dynamic
Management / Reporting
Reliable
The New Firewall Standard – UTMEnterprise security for the all business
FROM
AVAS
FW
URLIPS
VPN
« UTM security appliances will continue to be the more popular approach. This is because UTM appliances offer additional benefits
over single function standalone solutions ».
Source: IDC – Mars 2009
A Large, Fast Growing Market
2005-2012 : Western Europe Security Appliance Revenue ($M)
The New Firewall Standard – UTMEnterprise security for the all business
• Unified Threat Management– Integration of all modules
• Intrusion Prevention for blocking network threats
• Award winning Anti SPAM
• Anti-Virus for blocking file based threats
• Anti-Spyware for blocking Spyware & Malware
• Content Filtering for productive Internet usage
– Updates to the threat environment
19
SecPoint Solutions
SecPoint Solution Suite
21
P1600/P2100P700 P1100
Small Networks5-25 usersADSL Internet access
Media Networks50-250 usersDSL Internet access
Enterprise Networks500-2000 usersFiber/DSL Internet access
SecPoint UTM Appliance
Security Integration• Anti-Virus• Anti-Spyware• IDS/IPS
Productivity Control• Application Control• Web Content Filtering
Network Intelligence• Dynamic Routing• High Availability
Client Identity and Integrity• Network Access
23
Management and ReportingDynamically Updated Architecture
Security Integration
Productivity Control
Network Intelligence
Client Identity/Integrity
Management and Reporting
SecPoint Unified Threat Management Platform
Dynamically Updated Architecture
Security Integration
Productivity Control
Network Intelligence
Client Identity/Integrity
Proxy Solutions Are Limited
24
Version | Service | Total LengthID | Flags | Fragment
TTL | Protocol | IP ChecksumSource IP Address
Destination IP Address
Version | Service | Total LengthID | Flags | FragmentTTL | Protocol | IP Checksum
Source IP AddressDestination IP Address
Version | Service | Total LengthID | Flags | FragmentTTL | Protocol | IP Checksum
Source IP AddressDestination IP Address
Mem
ory
Memory Full - Scanning Stopped
Inspection StoppedInspecting
# of Users Traffic
max
min
max
min
Network Use
Competitive solutions have
memory imposed scalability limits
The more users and traffic added, the more threats come through without inspection
Inspection possible
Not inspected
25
Version | Service | Total Length
ID | Flags | Fragment
TTL | Protocol | IP ChecksumSource IP Address
Destination IP AddressIP Options
SourceUDP Port
DestinationUDP Port
UTM Platform ApproachReal Time Scanning Engine
Real-time Scanning
Inspecting
Protection for ALL Traffic and
ALL Users
SecPoint UTM – Unique Scalability
# of Users Traffic
max
min
max
min
Network Use
Inspection possible
Not inspected
Management and Reporting
Security Integration
Productivity Control
Network Resiliency
SecPoint Unified Threat Management
Dynamically Updated
Adaptable Architecture
26
Signature Database
ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS-SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT
AV Database
Ph/Spy/IPS Database
Spy Database
The UTM Platform is continually updated to prevent
emerging threats, 24x7
Future-proofed investment for security
The platform continually evolves to block emerging threats
Updates to the security posture are completely automated - no user intervention
SecPoint Response Team
Intrusion Prevention Service
• Uses real-time Packet Inspection and signatures to scan for know vulnerabilities and exploits.
• Scans data connections for prohibited applications
• Terminates connections that match signatures
• Signatures updated real-time in the cloud
27
28
Database of IPS ApplicationsInstant Messenger Apps
AOL Instant Messenger
Yahoo Instant Messenger
MSN Messenger
ICQ
IRC
Many more
Multimedia Apps
Windows Media Player
Real Player
iTunes
Musicmatch
Shoutcast
Audio galaxy
Many more
Peer-to-Peer Apps
Napster
GNUTella
Kazaa
Morpheus
BitTorrent
eDonkey
eMule
Filetopia
MP2P
iMesh
Grokster
Many more
Anti Spyware Protection
• Blocks spyware delivered through auto-installed ActiveX components, the most common vehicle for distributing malicious spyware & Malware programs
• Scans and logs spyware threats that are transmitted through the network and alerts administrators when new spyware is detected and/or blocked
• Stops existing spyware programs from communicating in the background with hackers and servers on the Internet, preventing the transfer of confidential information
• Provides granular control over networked applications by enabling administrators to selectively permit or deny the installation of individual spyware or malware programs
• Prevents e-mailed spyware threats by scanning and then blocking infected e-mails transmitted either through SMTP, IMAP or Web-based e-mail
29
30
Better Protection & PerformanceSolutions Are Not Created Equal
Current FirewallsPort blocking TCP/IP RulesIP RoutingLink Layer
Routers Firewalls Cisco/FortinetUTM
SecPointUTM
Intelligent UTM ProtectionScan Unlimited Sized Files & UsersBlock Applications such as SkypeOutbound Spyware ControlContent Filtering/Control & PhishingStream-based file support
Att
ack
Sop
hist
icat
ion
Typical UTM Protection
Limited scanning for Viruses/Worms/TrojansInbound Spyware protectionSMTP, HTTP, IMAP supportContent Filtering
Network ThreatsSimple DoS Attack IP SpoofSmurf Attack
“Highest Risk” ThreatsHidden malware in large filesSpyware communication outboundViruses on to network drivesSkype/Instant Messenger threatsPhishing attacksRootkits
Typical Threats Downloaded or emailed VirusesEasy to acquire SpywareMisuse of network resources
Se
cPo
int
Un
ified T
hrea
t Ma
nag
em
en
t
More Then External Security
– 30% to 40% of employee Internet use is not work related*
– 80 Million Americans or 27% of the US population use IM*
– 55% of online users have been infected with spyware*
– Instant messaging security threats double every 6 months*
32
*Intl Data Corp * Consumer Affairs *Bigfoot Interactive *Gartner
21%
4%
10%
14%
16%
29%
44%
47%
54%
0% 10% 20% 30% 40% 50% 60%
None
Hacking Tools
Illegal Software
DVDs
P2P File Sharing
MP3s
Streaming Media
Games
Personal IM
Non-work related activities
The “Enemy” Within: the Human Factor
The average employee is the unwitting accomplice:
Productivity Counts Too!• On average an employee spends 1 hour per day on the Internet for
non-work related activities. (Source: International Data Corp.)
• A typical 25 employee company can lose over $150K annually in lost productivity from Internet misuse.
Non Work related Internet use per week
0%
2%
5%
51%
42%
2%
3%
3%
51%
41%
0% 10% 20% 30% 40% 50% 60%
Not sure
Over 11 hours
6 to 10 hours
1 to 5 hours
0 hours
2005 2004
33
Source: Web@Work 2005, Harris Interactive
SecPoint All in One
34
The Protector is a dedicated appliances purpose built for the unique needs of application layer security
Content Security Appliance
A Dynamic Threat Management solution for customers with installed firewalls from Cisco, Checkpoint,
Juniper or other vendors
• Gateway Anti Spam• Gateway Anti-Virus• Gateway Anti-Spyware• Web Content Filtering• IM & P2P Filtering• Works Behind any Firewall
UTM for non SP Networks
35
SecPoint Content Security Management:
• Appliance = Simple and cost-effective
• Multi-threat ready = Total security
• Modular licensing = Scalable
• Any firewall = Large market
SMBs need a cost-effective means of upgrading their security without necessarily upgrading their firewall
Questions?