© Copyright Fortinet Inc. All rights reserved.

Your Money or Your Life. Be prepared in the Latest Cyber Threat Landscape in 2017 Nick Ng, Team Lead, Presales Consultant

Fortinet Hong Kong and Macau

2

Agenda

1. Security review 2016

2. Cyber Threat Predictions 2017

3. Get prepared for security challenge in 2017

• Security Framework fabrics

• APT Framework overview

3

APTs, Data Breaches Top of Mind

Priority of IT Security Initiatives in 2016 2016

Critical/

High

Priority

2015

Critical/

High

Priority

79% 77%

75% 67%

71% 75%

68% N/A

68% N/A

63% 71%

59% N/A

55% 58%

50% 60%

30%

24%

27%

24%

23%

22%

15%

20%

18%

49%

51%

44%

43%

45%

42%

43%

35%

32%

16%

18%

23%

25%

25%

27%

28%

35%

28%

4%

6%

5%

4%

5%

8%

9%

8%

14%

Pro tec t i on /de tec t ion f o r APTs (advanced pe rs i s ten t t h rea ts )

Enc ryp t i on o r DLP

Next -Gene ra t i on F i rewa l l

I n te rna l Ne two rk Segmen ta t i on secu r i t y (Ze ro Trus t , i n te rna l f i r ewa l l s )

So f twa re De f i ned Ne two rk Secu r i t y

P r i v i l eged use r access

BYOD and IoT management

Regu la t i ng on l i ne se rv i ces ( shadow IT)

Ou tsou rc i ng secu r i t y se rv i ces

Critical priority High priority Moderate priority Low priority Not a priority

Source: IDG Research, January 2016

4

Organisations breached in the last 12 Months

Has your organization experienced at least one security breach over the past 12 months?

Yes, 71%

No, 27% I don't know, 2%

HK

Yes, 59%

No, 38%

I don't know, 3%

APAC

International survey conducted in 13 territories in July-August 2016

1,399 qualified IT decision makers

5

News about Ransomware and Advanced Threat

【on.cc東網專訊】 黑客入侵大公司電腦的手法五花八門。有黑客向大公司人事部「埋手」，假扮應徵者呈交的履歷(CV檔案)，人事部不為意打開檔案即中招；有黑客更入侵CEO(公司行政總裁)的電腦，借CEO名義以電郵指示秘書或生意夥伴將款項存入另一銀行戶口。黑客近年亦愈來愈聰明，甚至可破解防毒軟件及防火牆，令人防不勝防。

星島日報 – 2016年9月27日星期二上午6:11

亦有黑客在網絡「暗網（Deep Web）」，黑市買賣像「罐頭」般即用的電腦勒索程式，「付款後直接download（下載）就用得，毋須像以往再打十萬個code（碼）。」

RAAS

6

News about Ransomware and Advanced Threat

【on.cc東網專訊】 「如果你24小時內唔交贖款，我會每個鐘頭delete(刪除)你一個file(檔案)！」「網上綁架」犯案手法層出不窮，綁匪最近更玩「心理戰」，掌握受害人弱點，利用最新勒索軟件JIGSAW犯案，當受害人親眼目擊檔案每小時被逐一刪除，心裏焦急萬分，自然會立即就範繳付贖款；另有綁匪「扮好心」解除受害人部分被鎖檔案，博取受害人信任，令受害人相信只要繳交贖款便可「贖回」餘下資料，結果上當。

警方數字顯示，今年首7個月共接獲674宗「非法進入電腦系統」案件，較去年同期的747宗下跌，但涉及金額則高達13億港元，較去年同期的7.7億港元大幅上升近七成，當中不少涉及「網上綁架」案件，單一宗最大損失的案件涉款更高達數億港元。

7

Monthly Top 3 Ransomware Activity Q3 2016

0

5000

10000

15000

20000

25000

30000

35000

40000

2016/07 2016/08 2016/09

Cerber CryptoWall Locky

How to protect yourself

Three simple rules...

9

Rule 1: Avoid Infection

Be Aware and Smart to the danger

» Do not attempt to open email attachments without being sure

» Beware of links to websites in emails or social media

Keep software & signature updated

» Exploit kits use vulnerabilities in software for which updates are usually available

Use a reputable security solution

» Host antivirus

» Multiple Defense layer required

Antivirus / Botnet protection

Intrusion Prevention

IP Reputation

URL Filtering

» Sandboxing to detect zero-day malware

10

Rule 2: Back up your files

Backup are important

» Not just for ransomware!

Ensure to keep several restore point

» Please… do not backup ransomware encrypted file then overrided your old backup…

» Provide security safe to your backup

DO NOT back up on same harddisk

» Most ransomware will delete local restore point and backup

DO NOT back up on network file shares

» Ransomware will ensure network connected drive as well..

DO NOT back up to a connected external hard drive and then leave it connected

11

Rule 3: Respond to the infection

If you are infected

» Disconnect all "Wired" and "Wireless" network connections

» Report to your IT Support immediately

» They will not help you clean up … but may prevent more ppl infecting…

» Seek help from security consultant and/or product vendors, such as Fortinet

If you paid the ransom

» God bless you can get back your files…

» Remember perform a full Antivirus check after decryption

» Re-install everything… cyber criminal may come back for more later

If you have a backup

» Best is to completely reinstall the device software

» Re-install the OS, then restore the data

Cyber Threat Predictions 2017

13

Cyber Threat Prediction #1

AUTOMATED AND

HUMAN-LIKE ATTACKS

WILL DEMAND MORE

INTELLIGENT DEFENCE

Threats getting smarter and

increasingly able to operate

autonomously

AI or “human-like” malware designed

with adaptive, success-based

learning to improve the success and

efficacy of attacks

Growth of cross-platform

autonomous malware designed to

operate on and between a variety of

mobile devices

FROM SMART TO SMARTER:

IMPACT: Autonomous malware that are designed to proactively spread between platforms

can have a devastating effect on our increasing reliance on connected devices

to automate and perform everyday tasks.

14

Cyber Threat Prediction #2

IoT manufacturers will be held accountable

for security breaches

IoT is a cornerstone of the digital revolution, however IoT

manufacturers have flooded the market with highly insecure

devices

More IOT devices are headless, which means users can’t

add a security client or even effectively update their software

or firmware

Demand for creation and enforcement of security standards,

from consumers, vendors and other interest groups

IMPACT: If IoT manufacturers fail to secure their devices, consumers may begin to hesitate to buy.

IoT manufacturers need to take immediate and direct action, or suffer economic loss

and become targets of legislation

15

Cyber Threat Prediction #3

The weakest link in cloud security is the millions of

remote devices accessing cloud resources

Increasing attacks targeting IoT devices with over 20

billion IoT devices online by 2020, versus one billion

PCs

Expect to see attacks designed to compromise this

trust model by exploiting endpoint devices, resulting in

client side attacks that can breach cloud providers

20 billion IoT and endpoint devices are

the weakest link for attacking the cloud

IMPACT: Cloud –based storage has expanded the potential attack service. Cloud providers need to

design networks with Layer 2 and 3 security technologies to segment the cloud between users,

control access, and protect the cloud providers’ internal network from their public offering

16

Cyber Threat Prediction #4

Hackers will target the growing number of building

automation and management systems

Like with the IoT DDoS attacks, these exploits will

likely be blunt instrument attacks at first, such as

shutting down a building’s systems

Attacks will grow more sophisticated – potential for

holding a building for ransom by locking the doors,

shutting off elevators, rerouting traffic, or

turning on the alarm system

Attackers will begin to turn up the heat

in smart cities

IMPACT: Potential for massive civil disruption if integrated systems are compromised.

Trends point towards more interconnected critical infrastructure, such as

emergency services, traffic control, and IoT devices (such as self-driving cars)

17

Cyber Threat Prediction #5

Automated attacks introduce an economy of

scale to ransomware

Hackers can cost-effectively extort small

amounts of money from multiple victims

simultaneously, especially by targeting

online IoT devices.

Expect focused attacks against high-profile

targets, such as celebrities, political figures, and

large organizations

Healthcare organizations are also a key target.

Patient records and human data cannot be so

easily replaced as credit cards

Ransomware was just the

gateway malware

IMPACT: Ransomware affects everyone. Consumers will be reluctant to adopt new connected devices if

safety is not assured. Organizations must secure networks and

need to be held accountable for protecting sensitive information and human data.

18

Cyber Threat Prediction #6

The current shortage of skilled

cybersecurity professionals means that

many organizations looking to

participate in the digital economy will do

so at great risk

Predict that savvy organizations will

turn to security consulting services that

can guide them through the labyrinth of

security

Or to managed security services

providers, like MSSPs, who can provide

a turnkey security solution

Technology will have to

close the gap on the

critical cyber skills

shortage

IMPACT: In today’s digital economy, businesses need to connect online or die. But many organizations

internally lack specialised staff with professional skills to protect their systems.

Security vendors need to rethink their traditional, siloed approach to developing security tools.

Get prepared for security in 2017~

20

First, categorize your security needs

Gateway Security

Security

Operations

FortiAnalyzer FortiManager FortiSIEM

FortiGate

ISFW

VDOM

Secure Access

FortiSwitch

FortiAP

FortiClient

FortiAuthenticator

APT Protection

FortiSandbox

FortiMail

FortiWeb

FortiGate

FortiClient

Application Security

FortiMail

FortiWeb

FortiADC

Security Framework Fabrics

22

Next Security Framework FABRIC

The Security Fabric is the vision that delivers on the promise of Security without

Compromise: Intelligent, Powerful and Seamless

Advanced Threat

Intelligence

Access

Client Cloud

Partner API

NOC/SOC

Network

Application

23

Intelligent security is AWARE The Security Fabric provides complete visibility, enabling network segmentation

VISIBILITY SEGMENTATION AUTOMATED

OPERATION

Single pane of glass for

full Fabric-wide policy

control

Create network

segments by trust

level

All infrastructure

including endpoints,

network, data center,

cloud and data

AWARE

24

Powerful security is SCALABLE The Security Fabric scales from IoT to the cloud

ENDPOINT CLOUD ACCESS BRANCH CAMPUS

& DATA

CENTER

Embedded

Security Endpoint Security

Private

Hybrid

Public

Multi-SPU

Powered SPU

Powered

SCALABLE

SoC

NP CP

25

Seamless security is ACTIONABLE The Security Fabric provides cooperative security alerts, recommendations and audit reports

5

Critical 5

Medium 4

Advisory 3

Rank Severity Recommendation

Zero-Day Vulnerability

Not Connected to Fabric

Logging Disabled Regulatory Template,

i.e. PCI

FABRIC ELEMENT

ALERT

AUDIT REPORT

ACTIONABLE

26

FortiView - Security Fabric

Consolidated views across Security Fabric

Present consolidated data from itself and its downstream FortiGates

Available on all views

Consolidated data across connected FortiGates

ISFW

VDOM

FortiGate FortiGate

27

Compliance – Security Fabric Audits

Audit Reporting and

Remediation

Simplified best practice

and security fabric

implementations

28

Compliance – Endpoint Vulnerability Scan

FortiView Scan

Status

Present information

regarding detected

vulnerabilities on

FortiClients

29

NSS Labs Next Generation Firewall (Apr 2016)

“A Recommend rating from NSS Labs indicates

that a product has performed well and deserves

strong consideration.”

Recommended

FortiGate-3200D

APT Framework overview

31

The comprehensive APT solution from

Edge to EndPoint

FortiGuard Lab

FortiGuard Services

FortiGate

FortiMail

FortiWeb

FortiClient

FortiSandbox

Turn the unknown into the known for prevention

Complete your APT Framework

Sandbox

NGFW

EndPoint

Cloud WAF

Email Security

32

NSS Labs Breach Detection System (Aug 2016)

Recommended

FortiSandbox 3000D

“A Recommend rating from NSS Labs indicates

that a product has performed well and deserves

strong consideration.”

33

FortiSandbox

FortiMail

FortiManager

FortiAnalyzer

HK Data Center

FortiWeb

Fortigate

Fortigate

Fortigate

Fortigate

Fortigate

Fortigate

HK

Real Time Security Patching across Distance

34

FortiSIEM Centralize NOC SOC log consolidation Visual Security & Operational Intelligence

35

“ We take care of security so you can take

care of business.

“ Ken Xie

CEO & Chairman of the Board