Targeted Attacks on Intellectual Property

Targeted Attacks on Intellectual Property

Targeted Attacks on Intellectual Property

April 13, 2010

1

Agenda

Targeted Attacks on Intellectual Property 2

Symantec’s Unique Vantage Point1

Targeted Attacks on Intellectual Property2

New Security Suites from Symantec3

Building a “Community of Defense” with Businesses


Wh

o > Customers from businesses around the world> Symantec Security Leadership and Experts on

Threat Research

Wh

at> Ongoing discussions about the types of IT risks

businesses face today> Share information about security incidents, impact

assessment, and best practices to prevent

Key

Fin

din

gs > Today’s targeted attacks characterized by organization, covert nature and patience

> Strong consensus these attacks represent a significant risk to intellectual property

Anatomy of a Breach


> Incursion

> Discovery

> Capture

> Exfiltration

Dissecting Hydraq


OrganizedCriminal

OrganizedCriminal

Attacker breaks into the

network by delivering targeted

malware to vulnerable systems

and employees

Incursion

Hi, I met you at the Malware Conference last month. Wanted to let you know I got this great shot of you doing your presentation. I posted it here:

Dissecting Hydraq


OrganizedCriminal

OrganizedCriminal

Hacker maps organization’s

defenses from the inside and

creates battle plan

Discovery

Dissecting Hydraq


OrganizedCriminal

OrganizedCriminal

Attacker accesses data on

unprotected systems and

installs malware to secretly

acquire crucial data

Capture

Dissecting Hydraq


OrganizedCriminal

OrganizedCriminal

Confidential data sent back to

enemy’s “home base” for

exploitation and fraud

Exfiltration

Victim

Hydraq

72.3.224.71:443Attacker

Mass Attack vs. Targeted Attack


Phase Mass Attack Targeted Attack

Generic social engineeringBy-chance infection

Handcrafted and personalized methods of delivery

Typically no discovery, assumes content is in a predefined and predictable location

Examination of infected resource, monitoring of user to determine other accessible resources,and network enumeration

Predefined specific data or data which matches a predefined pattern such as a credit card number

Manual analysis and inspection of the data

Information sent to dump site often with little protection and dump site serves as long term storage

Information sent directly back to attacker and not stored in known location for extended period

The Challenges


Develop and Enforce IT Policies

Protect The Information

Manage Systems

Protect The Infrastructure

Comprehensive Security Strategy is Required


Risk Based and Policy Driven

Information - Centric

Operationalized

IT Governance, Risk and Compliance

Information Risk Management

Infrastructure Management

Well Managed InfrastructureInfrastructure Protection

New Security Suites Meet These Challenges


> Control Compliance Suite 10.0

> Data Loss Prevention Suite 10.5

> IT Management Suite 7.0

> Symantec Protection Center &> Symantec Protection Suite

Enterprise Edition Family

Develop and Enforce IT Policies

Protect the Information

Manage Systems

Protect the Infrastructure

• Define risk and develop IT policies

• Assess infrastructure and processes

• Report, monitor and demonstrate due care

• Remediate problems


• Centralized evidence collection and management

• Dynamic web-based dashboards

• Integration with Symantec Data Loss Prevention

• New CCS Vulnerability Manager

Key Benefits New in Version 10.0

> Control Compliance Suite 10.0Develop and

Enforce IT Policies

> Data Loss Prevention Suite 10.5Protect the Information


• Discover where sensitive information resides

• Monitor how data is being used

• Protect sensitive information from loss

• Better visibility and control of unstructured data

• Enhanced protection for social media sites

– Twitter, LinkedIn, YouTube, …

• New protection for private clouds (Citrix)

• New endpoint option for less complex environments


• Implement secure operating environments

• Distribute and enforce patch levels

• Automate processes to streamline efficiency

• Monitor and report on system status


• New comprehensive suite that brings together all Altiris components

• Automated end to end Windows 7 migration process

• Intelligent software management providing complete visibility

• Process automation of complex, time-consuming IT tasks


> IT Management Suite 7.0Manage Systems

> Symantec Protection Center & Symantec Protection Suite Enterprise Edition Family


• Improved Visibility into Security & Operations

• Stronger Protection

• Accelerated Remediation

• Containment of Security Expenses

• Symantec Protection Center:

– Next generation security management solution

– Simplifies management & improves security posture

• Symantec Protection Suites:

– Three new suites designed to meet the needs of enterprise IT personnel in endpoint, gateway and server functions

Key Benefits What’s New

Protect the Infrastructure

Thank you!

Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

17Targeted Attacks on Intellectual Property

Targeted Attacks on Intellectual Property

Technology

Transcript of Targeted Attacks on Intellectual Property