Scribd Logo
Carica

Benvenuto in Scribd!

  • Top 5 Security Threats For 2012: Aarij M Khan Director of Product Marketing HP Enterprise Security

    Caricato da

    Hala Merai
    22 visualizzazioni25 pagine
    201 - The Year In Review 1 Number Of Breaches : 414 Records Compromised : over 22 Million Lack Of Knowledge About Breaches Cause Unspecified. Advanced Persistent Threat Advanced Persistent Threats Have a Pattern Acquire target, sneak in, hop around Get privileged access to critical assets (Early detection matters) mobile malware Android Breaches May - Allow data access Jun - Google removes 10 apps Dec - Record calls, send SMS Dec - access device location Popular and Open - Deadly Combination

    Descrizione originale:

    Titolo originale

    Aarij_Top_5_2012

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    201 - The Year In Review 1 Number Of Breaches : 414 Records Compromised : over 22 Million Lack Of Knowledge About Breaches Cause Unspecified. Advanced Persistent Threat Advanced Persistent Threats Have a Pattern Acquire target, sneak in, hop around Get privileged access to critical assets (Early detection matters) mobile malware Android Breaches May - Allow data access Jun - Google removes 10 apps Dec - Record calls, send SMS Dec - access device location Popular and Open - Deadly Combination

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    22 visualizzazioni25 pagine

    Top 5 Security Threats For 2012: Aarij M Khan Director of Product Marketing HP Enterprise Security

    Caricato da

    Hala Merai
    201 - The Year In Review 1 Number Of Breaches : 414 Records Compromised : over 22 Million Lack Of Knowledge About Breaches Cause Unspecified. Advanced Persistent Threat Advanced Persistent Threats Have a Pattern Acquire target, sneak in, hop around Get privileged access to critical assets (Early detection matters) mobile malware Android Breaches May - Allow data access Jun - Google removes 10 apps Dec - Record calls, send SMS Dec - access device location Popular and Open - Deadly Combination

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 25

    Top 5 Security Threats for 2012

    Aarij M Khan Director of Product Marketing HP Enterprise Security


    2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice 1

    AGENDA
    A Quick Recap of

    2011

    Major Security Trends

    Security Threats for 2012

    How To

    Stay Secure

    201 The Year In Review 1


    Number Of Breaches : 414 Records Compromised : Over 22 Million Lack Of Knowledge About Breaches
    Cause Unspecified : 5 out of 10 Exposed Records Unknown : 6 out of 10

    * Identity Theft Resource Center

    1. Advanced Persistent Threat

    Advanced Persistent Threats Have a Pattern


    Acquire target, sneak in, hop around Get privileged access to critical assets
    (Impact takes time)

    (Perimeter doesnt help)

    Conduct the espionage at length


    (Early detection matters)

    EMC/RSA SecurID

    Epsilon

    SK Communications

    What happened in the RSA breach?


    5:00 AM 8:30 AM 8:31 AM

    Finance person receives a junk email

    Opens to see 2012 Recruitment plan with .xls file

    Rat program installed utilizing Adobe Flash vulnerability

    NEXT DAY / 12:01AM

    8:32 AM

    NMAP scan of network to collect sensitive information

    Poison Ivy malware is initiated

    OVER THE NEXT 10 DAYS

    11TH DAY / 12:05 AM

    12TH DAY

    Collect data over a period of time

    Split file, encrypt, ftp to good.mincesur.com

    RSA is in the headlines

    2. BYOD Mobile Devices

    Mobile Computers A New Frontier


    March 201 - BlackBerry 1 Security Breach
    RIMM says Turn Off JavaScript

    New Mobile Malware

    Android Breaches
    May Allow data access Jun Google removes 10 apps Dec Record calls, send SMS Dec Access device location

    Popular and Open Deadly Combination

    3. Cloud Environments

    Cloud Services Adoption

    Cloud Services Attacked


    Amazon Cloud EC2 Breach
    50% users affected by breach Malware spreading across EC2 Financial Malware on EC2

    4. Cyber Warfare

    Politically Motivated Hacker Groups


    Anonymous
    WikiLeaks Hacks Irish Opposition Website Hacks Church Webcast Hacks NATO Website Hacks Texas Police Chiefs Association Servers Hacks Syrian Ministry Of Defense Website Hacks database of Military Supply Company Hacks bart.gov and steals thousands of passwords

    Previous CyberAttacks
    Aug 2011

    : Shady RAT attacks IOC, UN and several governments : International Monetary Fund attacked, data stolen : Google China Aurora breach, Data and IP stolen

    June 2011 Jan 2010

    March 2009 2008

    : GhostNet downloads classified documents from government and private servers in over 100 countries : Middle Eastern US Military Facility infiltrated, digital beachhead may have been established in classified Pentagon networks : South Ossetia War Russian, Georgian and Azerbaijan targeted : Estonia comes under cyber attack

    2008

    April 2007

    5. Corporate Espionage and Insider Threat

    Enabler Consumerization Of IT
    More Data Is Stored Digitally
    Paper Based Systems Out-of-Date Electronic Processes

    Insider Definition Changes


    Includes contractors, remotes

    Easier To Profit
    Organized Crime Growing Black Market
    * datalossdb.com

    Insider Information Theft At The Top


    Material Information = High Value
    Gaining unfair advantage Looking for personal gain

    Sources of Risk
    Intellectual property theft Financial and Identity data Medical and Personal Health records Point of Sale at retail locations Email addresses

    New Requirements Intelligent Monitoring and Integrated Security

    Cyber crime is increasing

    Threat and risks are expanding in frequency and intensity

    And traditional security solutions are falling short!


    Technology
    Application Scanning Firewall IPS SIEM Anti-X Web

    Information
    End Point Applications Network Scanners Compliance User IT Operations

    Traditional Solutions
    Bolted On Architecture-Specific Lacking Automation Limited Context

    Bolted On Architecture-Specific Lacking Automation Limited Context

    Multiple Technologies

    Lots of Information

    No Intelligence

    HP has the on ly s ecu r it y in t elligen ce plat for m that gives clients the insight to pr oact iv ely m an age their specific enterprise threats and r is k s .

    HP Security Intelligence Platform


    Security Intelligence Platform
    Information

    Establish complete Visibility across all applications and systems Analyze vulnerabilities in applications and operations to understand risk Respond adaptively to build defenses against the exploitation of vulnerabilities Measure security effectiveness and risk across people, process, and technology to improve over time

    Operations

    Applications

    Security Services

    HP ESP Security Solutions


    Universal Log Management Regulatory Compliance Proactive Network Security Insider Threat Intelligence

    Advanced Threat Intelligence

    Privacy Breach Intelligence

    Date Leakage Monitoring

    Application Security

    THANK YOU

    25

    Potrebbero piacerti anche