a holistic view on security

Information SecurityA holistic view on security

10.11.2011 Michael Weiland

Copyright 2011 FUJITSU

What is information security?

ISO 27001 Compliance Data Loss Hacking Attacks

Virus Malware Encryption Signature ITIL

Emergency Plan Disaster Recovery Availability

Cloud Computing Password Sniffer Authorization Spam

Trust SOX Mobility Common Criteria EAL4 Firewall Smartcard DMZ Risk management Manipulation

Access Key Certification Basel 2/3 BSI Standards Authentication

1

yOrange Book

What is information security?Some Facts:

Information Security is not a product and can be solvedby a product!is ho to handle ith data!is how to handle with data!protects your company and your job!

is driven through• More mobility access• Cloud computing• Stronger public sensibility

The topic “information security scandal” results 6.780.000 hits on Google

2

g

Impact of information securityInsert in new laws or added in existing laws in countries since 1998 for e.g.

US: Patriot act SOXUS: Patriot act, SOXEU : Euro SOX, Stock corporation, Basel II / IIIRegional e.g. Germany : KonTraG, BDSGg g y

Impact for companiesImpact of business revenue and margin• Business know how and advantage• Quality proof point • ISO certification required• ISO certification required• Trusted partnerDanger of company existence and business lost*Lost of image and customer intimacyEmployees and managers absolutely liable!

* German Damage of $ 28 to 71 Billions and lost of 30 000 to 70 000 jobs

3

* Germany: Damage of $ 28 to 71 Billions and lost of 30.000 to 70.000 jobs per year. (Source: Bundesamt für Verfassungsschutz (BfV))

Situations – Do you have an answer ?When PCs from your company are attacking other companies or sending spam mails?

A bot net virus infected PCs the company is demanding compensationA bot-net virus infected PCs , the company is demanding compensation for business damageAll mail addresses with your company name can be on a black list

When your employees are surfing on illegal and criminal pages b?on web?

The judiciary will indict youAll data (including your company data) can be confiscated for a long timeAll data (including your company data) can be confiscated for a long time

The fiscal authority assumes that you have not paid enough e sca au o y assu es a you a e o pa d e ougtax in recent years and wants to check – but your backup cannot be read due to a failure!

4

Can you verify what you have to pay?

The definition of information security:There are 3 existing golden rules

ConfidenceConfidential information m st be protected against na thori ed access• Confidential information must be protected against unauthorized access

Availability• Services and information are available for the user when requiredqIntegrity• Content and data are complete and not modified in any unauthorized manner

5

Experience of each sector

Rule one Rule two Rule three

ConfidenceConfidential information

AvailabilityServices and information

IntegrityContent and data are

fmust be protected against unauthorized access

are available for the user when required

complete and not modified in any unauthorized manner

6









Security Landscapetoday

Michael Hoos

Senior Director TechnicalSenior Director Technical Sales

7

Situation

J 2007 250 000 iJanuary 2007: 250,000 virusesDecember 2010: 286 millionDecember 2010: 286 million

8

Malware authors have switched tactics

75% of malware infect less than 50 machines

From:A mass distribution – one

To:A micro distribution model

than 50 machines

A mass distribution one worm hits millions of PCs

Storm made its way onto illi f hi

A micro distribution model. Hacked web site builds a trojan for each visitor

millions of machines across the globe

Signature-based file scanning becomes less and less effective

9

Prices in the underground economy

10

Who is being attacked?

Enterprises Small Businesses End‐Users Governments

•Targeted attacks•Data breaches

•Bank accounts•Business disruption

• ID theft• Scammed for dollars

•Cyber sabotage•Cyber espionage•Data breaches

•End‐user disruption•DDOS attacks

•Business disruption • Scammed for dollars

•Removal costs

•

•Cyber espionage•Hactivism•

11

Why are we being attacked?

Mostly because of:

Steal Resources Steal Information Extortion Money Destroy

‐ Send spam

P t f DDOS

‐ Steal sensitive infoe g banking

‐Old fashion ‘con’

Sit b k d it f

‐ Hacktivism

C b b t‐ Part of a DDOS attack

e.g. banking credentials

‐ Sit back and wait for the $s to roll in

‐ Cyber sabotage

Examples:

Rustock Zeus Rogue AV Stuxnet

12

Global Intelligence NetworkIdentifies more threats + takes action faster + prevents impactIdentifies more threats + takes action faster + prevents impact

Dublin, IrelandCalgary, AlbertaReading, England

Austin, TXMountain View, CACulver City, CA

San Francisco, CA

Taipei, Taiwan

Tokyo, JapanChengdu, China

Chennai, IndiaPune, India

Alexandria, VA

In the time it takes to give this presentation, we will block more than 365,000 attacks!

Sydney, AU

Global Scope and ScaleWorldwide Coverage 24x7 Event Logging

Rapid Detection

y y,

Threat Activity• 240,000+ sensors• 200+ countries

Malcode Intelligence• 133M clients, servers,

gateways• Global coverage

Vulnerabilities• 35,000+ vulnerabilities• 11,000 vendors• 80,000+ technologies

Spam/Phishing• 5M decoy accounts• 8B+ email messages/daily• 1B+ web requests/daily

13

Information ProtectionPreemptive Security Alerts Threat Triggered Actions

Symantec SecurityIdentifies more threats, takes action faster & prevents impact

Relevant

Identifies more threats, takes action faster & prevents impact

Global ExpertiseMore researchersComprehensive data sources

Relevant

More virus samples analyzedExtensive customer support

AccurateResponseIn-depth Analysis

Signatures: AV,AS,IPS,GEB, SPAM, White listsDeepSight DatabaseIT P li i d C t l

ResponseCenters

IT Policies and Controls Rigorous False Positive Testing

Protected

Automated UpdatesFast & AccurateVariety of Distribution MethodsRelevant Information

Users

14 14

Relevant Information

14Symantec Corporate Overview

Thank you !

15









16









Earth break Japan How to protect

Harry S. KinoshitaGeneral ManagerGlobal Portfolio Planning Office

17

1. The Great East Japan EarthquakeThe Largest Earthquake to Hit JapanThe magnitude 9.0 quake struck Japan at14:46 on March 11 2011

Quake-stricken areas

14:46 on March 11, 2011

The TsunamiA i h i ht f 38 t d d ×A maximum wave height of 38 meters was recordedon the Pacific coastAn area of 400 km2 was flooded

★

Epicenter

Tokyo

Fukushima Daiichi Nuclear Power Plant Cooling function lost

Blackout areas(Soon after the quake)

A nuclear power emergency was declared at 19:03

Tokyo ×EpicenterTokyo

A maximum intensity of 5 was measuredPublic transportation was stoppedApproximately 120,000 individuals struggled to get home

★

Epicenter

Tokyo

18

pp y , gg g Tokyo

2.1 Disaster-Affected Area (Near the epicenter)

Collapsed buildings-> Significant data loss

Flooded Computer Room

Flooded OfficeOverturned Computers

Damaged computer rooms-> Local backup data was moved

Evacuation areas

pby the water ×

××

×Nuclear power plants

Epicenterof the quake

Exclusion zone around the l l t ★

×Nuclear power plants●Evacuation area● Need to stay indoors

19

nuclear power plant-> Data could not be removed

★

Tokyo

Ab l h t d ith t UPS i t ll ti2.2 Disaster-Affected Areas (Tokyo)

Abnormal shut down without UPS installation-> Disks were damaged, data was lost

Execution of reboot-> Recovery processes had been prepared beforehand, but did not work

as planned/describedas planned/described-> Lengthy recovery period

Air conditioning stoppedAir-conditioning stopped-> The temperature in computer

rooms rose> Permitted temperature for servers-> Permitted temperature for servers

exceeded

Affects on commuting-> Trains and subways were forced

to stop operatingQ f th 1 000 l

20

-> People had to work from home Queue of more than 1,000 people at a station in Tokyo

3.1 Fujitsu’s Data Center

Suitable Location for a Data Center

70 km from Tokyo-> Not affected by a Tokyo inland earthquake-> There is no active fault line in the area

5 km from the Tone neighborhood river (no serious flooding in the past)Data Center g ( g p )-> 1st floor (ground floor) is 3.7 m high and built based on the Prefecture’s hazard maps

Q k P fQuake-absorbing structure, earthquake resistant double flooring

> No problems with providing services even during the Great East JapanQuake-Proof Infrastructure

-> No problems with providing services - even during the Great East Japan Earthquake (maximum intensity of 5 in Tatebayashi city)-> Designed to withstand a magnitude 7 earthquake.

Guaranteed heavy oil supplyPrivate Electric

Generator

Guaranteed heavy oil supply-> The data center can operate for 72 hours using a private electric

generator.Priority contract with three oil companies around Tatebayashi city

> This will enable the center to keep operating during blackouts

Location of Tatebayashi Datacenter

-> This will enable the center to keep operating during blackouts

★ ★ Tatebayashi

×Epicenter

21

★★

★ Tokyo★ Tatebayashi

Buildup rubber shoe

Resilience skidding shoe

3.2 Fujitsu’s Disaster Recovery

PrimaryPrimaryPrimaryPrimaryThe First Fujitsu-Dedicated IDC (Toyama)

(1) Design, Development Work(1) Design, Development Work

System design

SecondarySecondaryIDC (Toyama)

NASNAS Data BackupSystem design

◆A d i T k i l d th k

System design site A

Data LibraryData Library 96 TB

System design site B

◆Assumed scenario: Tokyo inland earthquake◆RTO: 3 days◆Business data: Difference backup transfer during the night◆Offices: Secured alternatives

The Second Fujitsu-Dedicated IDC (Tochigi)Backup business data

◆Offices: Secured alternatives for employees from affected areas◆Network: duplicated

(2) HR, General Business, CRM, Booking/Ordering(2) HR, General Business, CRM, Booking/OrderingInternal

Employeesnetwork ◆Fujitsu group’s internal systems, CRM, order booking

and ordering systems◆Mission-critical servers (approx.1,000) installed in the Fujitsu-dedicated IDC with all data backed up at the

22

j psecondary Fujitsu-dedicated IDC◆Disaster-ready through network monitoring and 24x7 backup

4.1 Customer SitesA: Financial Services CustomerFujitsu helped to remove cash from Fujitsu ATMs which had drifted as a result of the tsunami. > Securing the customer’s assets-> Securing the customer s assets.

B: Telecom CustomerFujitsu helped to restore cellular phoneFujitsu helped to restore cellular phonebase stations in the disaster affected area.-> Securing a communication network foremergency use by citizens.

C: Other CustomersFujitsu helped to disassemble, rinse out and recover the HDDs of PCs and

Damaged ATM

servers.-> Recovery and security of confidential customer data.

D: Pharmaceutical CustomerD: Pharmaceutical CustomerFujitsu helped to develop a backup system by installing new servers. This was installed in western Japan and connected with servers in the disaster-affected area. (In western Japan, electricity is provided by a utility in that

23

a ected a ea ( este Japa , e ect c ty s p o ded by a ut ty t atarea.)-> To introduce a more robust backup system by securing electricity supply.

Cl d B d Di t Vi ti A t S t4.3 Fujitsu’s Social Contribution - Cloud Services

Cloud-Based Disaster Victim Assessment SystemDistributed to 70 organizations by Collaborating with NGOs

Problem: Relief supplies are not sent to the right locations. Solution: An IT system is needed to coordinate deliveries.

Needs-Collection methods- Info. ManagementPrediction of changes

Marching- Info. Sharing- Collection of contact points

Delivery- Results

- Delivery methods

Mechanism, System

Collection of information in evacuation centers

- Prediction of changes contact points- Availability of goods

Benefits of a Cloud-based system

Organizational activities

Benefits of a Cloud based systemQuick launch: the system was launched two weeks after the quakeLarge volume of data: the system handled large volumes of data which could not be managed using spreadsheets etc

24

which could not be managed using spreadsheets, etc.Response to the changing situation: new functions were added as required, based on the changing situation.Matching support needs with

available resources

5. Lessons LearntDisaster Recovery Centers in Two Different Locations- It is most important to prepare steady recovery discipline to cope with overwhelming disaster like this timeoverwhelming disaster like this time.Business Continuity Plan (BCP)- Many customers in Japan are reviewing their BCP following the disaster.- ICT/ facilities: data backup, restore and contingency measures for power outages are significant factors.- People: disaster drills are needed to ensure that plans work correctly.

C i ti bilit i f t t h ld b t f th l- Communication: mobility infrastructure should be part of the plan.Data Backup in Remote Areas- Data back up in cloud helped accelerate quick system recoveryData back up in cloud helped accelerate quick system recovery Confirmation of Employee Safety- Confirmation of employee safety is a priority for many companies.

25

Thank you !

26









27









ETERNUSData Safe

Hermann BrummerSeniorSenior Product Marketing

28

ETERNUS DX

Comprehensive family of disk storage systemsComprehensive family of disk storage systemsRanging from affordable entry-level up to large data center machines

Mature in developmentMature in development 40 years history in the Japanese market No. 2 in the Japanese marketNo. 1 in quality (Nikkei Magazine survey)

29

ETERNUS DX – the alternative in leading disk systems

ETERNUS DX – key strengths

Datasecurity

Performancearchitecture

Seamlessproductfamily securityfamily

Mainframeclassquality

Long-termproductstrategy

Flexiblearchitecture

30

quality strategy

ETERNUS DX prevents data corruption

ReadWriteThe challenge: data corruptionThe bigger the amount of data, the greater the

b bilit f d t ti Add D l tprobability of data corruptionMore failures in write or read operations can happen

CCAddCheck Code

CCDeleteCheck Code

How ETERNUS DX prevents data corruption

Storage Controller

Cache ECC Protected

A check code is added before data is written to caches or disksThe system can thus constantly verify that data CC

VerifyCheck Code

CCVerifyCheck Code

remains unchanged (Data Block Guard)The check code is removed before data leaves the system in read operations Disk Drive

Code Code

y p Disk Drive

Stored Data

31

CCA0 A1 A2CC CC

Thank you !

32

Summaryf SInformation Security helps to protect companies againstConflicts with law, damages as well as lost business, know-how, image and moneyand money

There are 3 existing golden rulesConfidence• Confidential information must be protected against unauthorized access Availability

S i d i f ti il bl f th h i d• Services and information are available for the user when requiredIntegrity• Content and data are complete and not modified in any unauthorized mannerp y

Fujitsu Delivers IT infrastructure with integrated securityHelps to identify and implement safeguardsH l t h t d d d tifi ti

33

Helps to reach standards and certifications

a holistic view on security

Technology

information content

company data

unauthorized access

youall data

sector rule onerule

margin business

unauthorized manner5

mobility access cloud