beyond the wall - security in a post perimeter world
TRANSCRIPT
-
8/7/2019 Beyond the Wall - Security in a Post Perimeter World
1/10
Beyond the Wall:Security in a Post-Perimeter World
Oo
Walls have served muliple purposes hroughou hisory. Te Grea Wall o China
deended agains invaders, while he Berlin Wall kep ciizens rom reely raveling
beyond he conrol o heir rulers.
Nework securiy relies on similar premises. For years nework securiy proessionals
oued perimeer securiy as he primary soluion o keep he bad guys ou and
he good guys in. However, jus as guns and air atacks overcame proecive wal ls,
changes in malware atacks have rendered nework rewalls and perimeer-cenric
securiy an inefecive deense. Simulaneously, he increasingly mobile workorce
makes an on-premise approach even more uile. Walls can no longer keep he bad
guys ou, nor can hey keep he good guys in.
Welcome o he pos-perimeer world.
-
8/7/2019 Beyond the Wall - Security in a Post Perimeter World
2/10
Beyond the Wall: Security in a PoSt-Perimeter World
2010 c csg, llc2
The Bad Guys Are Getting InPo o o v k o o o w. Mw o
k wo o . T o w . A vo o o o
xo, o o.
Ao o NSS L, o , o k xo- k vv - o oo W . T v W ow, - - o.
O xo w, o v . T O S Foo
D Lo o 586 o o o o o
o oo.
Mercenaries for HireT oo o o o v o o oo. Pwo- o
o xo . A o, v w w o . Now,
v k . I , o o, w o o oz o
. I oo o o o w oo ow o vo oo. T
v o o k k o ID o . S o v o v o x v o o, v o v o
k o ID/wo o v o o . T o oo vo
o o o o oo o k .
A , vo o o o wok o o oo. T
o w o -ov- w k o o o . T v-
xoo o o o v o o - v o. A
NSS L o o v o xo 7 o 75 o
o -o.
As the volume o these
malicious programs
explodes, the perimeter
cannot hold.
Tere are now vast
sums o money made
in the black market
o IDs and credit
card numbers and
login credentials.
MED
(15%)
EDU
(15%)GOV
(18%)
BIZ
(52%)
EMA (1%)
FIN (5%)
ACC (6%)
MED (7%)
MISC (7%)CCN (7%)
DOB (9%)
SSN (25%)
NAA (33%)
FIGURE 1
CCN Credit Card Number
DOB Date of Birth
SSN Social Security Number
NAA Names and/or Addresses
EMA Email Addresses
ACC Account Information
FIN Financial Information
MED Medical Information
MISC Other personally identifying
information,such as other logins and
passwords to various sites and applications
Source: Open Security Foundation
Breakdown of 2009Recorded Data Breaches bySector and Data Type
FIGURE 2
0
500,000
1,000,000
1,500,000
2,000,000
2,500,000
3,000,000
2002 20 03 2004 2005 2006 2007 2008 20 09
20,2
54
19,1
59
74,9
81
113,0
81
167,0
69
708,7
42
1,691,3
23
2,895,8
02
Source: Internet Security Threat Report,
Symantec April 2010
Numbers of New Signatures
-
8/7/2019 Beyond the Wall - Security in a Post Perimeter World
3/10
Beyond the Wall: Security in a PoSt-Perimeter World
2010 c csg, llc3
O k oo o o k v o. T
-o- v w o . W w oo
, k o o v oo, o o z
W o o o o .
W ko w o o o o w o w o oo wok,
o oo o Co Ro M (CRM) H Ro (HR) o. T o o k o v o o o o v
k o o oo. A , k o o wo o o ow.
ITEM RANGE OF PRICES
Credit card inormation $0.85 $30
Bank account credentials $15 $850
Email accounts $1 $20
Email addresses $1.70/MB $15/MB
Shell scripts $2 $5
Full identities $0.70 $20Credit card dumps $4 $150
Mailers $4 $10
Cash-out services $0 $600 plus 50% 60%
Website administration credentials $2 $30
Bad Guys Posing as Good GuysT B o v o o
oo oo. Aw B, L T R A o Woo, o o
J o o Nwok S Nw.
I o k , W o o W
o wo wok o W . T o ko. I , k o o
w oo o w W o o o o o o o, FP o
w o o k k.
A , oo w o o o o
o o , w x o w o o v
o o ko oo o o o wo v W .
Source: Internet Security Threat Report,
Symantec April 2010
Beefmaster
Webmaster
Removing
malware
Keylogger Adding
malware
Malware infects users
who visit the site
FIGURE 4
Source: Webroot
FIGURE 3
-
8/7/2019 Beyond the Wall - Security in a Post Perimeter World
4/10
Beyond the Wall: Security in a PoSt-Perimeter World
2010 c csg, llc4
A oo W o z w o o , ov . Howv, o
w oo, o o o o oo - w o
o W . Mo ,6 w o. T FP oo o 6 , q
IP , k v o o k ow oo o o wo o.
W o o o w o o k o, o o v
ow. I ooWk A S S Sv o o o ov x x . A o o w w , o, 84
o o w o k w . A o o k W o
o xo w . Ro o v o k o w
, wok o o ow, o v oo.
T qo w o o o o ?
FIGURE 5
0 20 40 60 80 100
DENIAL OFSERVICE
WEB ORSOFTWARE
APPLICATIONSEXPLOITED
OPERATINGSYSTEM
VULNERABILITIESATTACKED
PHISHING
MALWARE(VIRUSES,
WORMS,BOTNETS)
N/A
84%
56%
41%
52%
48%
25%
44%
29%
N/A 20092010
Source: Strategic Security Survey,
InformationWeek Analytics, May 2010
FIGURE 6
0 10 20 30 40 50 60
FRAUD
VIOLATED REGS RE: DATA SECURITY
LEGAL LIABILITY
IDENTITY THEFT
OTHER INTERNAL RECORDS LOST
CUSTOMER RECORDS COMPROMISED
MINOR FINANCIAL LOSSES
IP THEFT OR CONFIDENTIALITY COMPROMISED
NETWORK OR BUSINESS APPLICATIONS UNAVAILABLE 57%
54%
39%
39%
39%
34%
34%
30%
29%
Which Types of SecurityBreaches or EspionageAre Most Likely to Occurin Your Company Withinthe Next Year?
What Will be the Impactsof These Breaches?
Source: Strategic Security Survey,
InformationWeek Analytics, May 2010
-
8/7/2019 Beyond the Wall - Security in a Post Perimeter World
5/10
Beyond the Wall: Security in a PoSt-Perimeter World
2010 c csg, llc5
The Good Guys Are Getting OutT v-ow o v w x o o o o o.
A v o oo wo o o o.
T o w o o . M o ov
o o v w . T o o v ow. Lkw, ow o . F o wok o w, o wv v w o wok .
T o o o o o o I o.
Ao o Io D Co (IDC), o o o o-PC o v w I
. I-k w , IDC o o o o v
. I oo z ow o o o wo o
.
R o o w o wok, o o o wok o
o . R oo U o IDC o 75 o
oo wok w o o o o I oo o o o w
w. T ozo o I o w q o o
oo I .
IDC o wok o o wok x o o oox 4 o o 8 3. I o o o o v
o wok, v W o v oo wok oo.
FIGURE 7
020 40 60 80 100
GOOGLE APPS
ACCESSING BLOGS
PROFESSIONALSOCIAL NETWORKS
TEXT OR IM
GPS
SMART PHONE
MOBILE PHONE
LAPTOP 61%
52%
55%
38%
47%
36%
35%
51%
BUSINESS BOTH PERSONAL
COMPANIES WITH 500+ EMPLOYEES N=2,820 Source:A Consumer Revolution in the
Enterprise by IDC, sponsored by Unisys,
June 2010
Te days o only
company issued assets
connecting to the I
inastructure are gone.
Percent of RespondentsUsing for...
-
8/7/2019 Beyond the Wall - Security in a Post Perimeter World
6/10
Beyond the Wall: Security in a PoSt-Perimeter World
2010 c csg, llc6
T xoo o W o ow ---v (SS) o I
o v w wo v o w o. T ow
w--vw o w o ow o k o. IDC x
, 5 o w ow w v k o (CD). o , IDC
o ow SS k. I DC S S k $3. o v
, w ow o $4.5 o 4 oo ow (CAGR) o ov 5 .
T o- wo. No o w o o v,
W , o wok, o oo. B o w :
providing solid secur ity at the point that users connect to business applications ensuring va luable data is protected
constantly updating device-level protection.
Citizens Still Must be ProtectedT xoo o o o o o o o o -
. Co o o w o o v . Gov o wo o
o o.
I o, ov x o o o ,
o v o o z. T w o v q o
o o .
FIGURE 8
0 20 40 60 80 100
TWITTER
YOUTUBE
VIDEOSTREAMING
BLOGS/WIKIS
PROFESSIONALNETWORKING
INTERNETPHONE
GOOGLEAPPS
INTERNETVIDEO
TEXTMESSAGING
IM
WEB ORAUDIO
SHAREDDOCS
WEBBROWSING
EMAIL
COMPANIES WITH 500+ EMPLOYEES N=2,820
Source:A Consumer Revolution in the
Enterprise by IDC, sponsored by Unisys,
June 2010
Laws and regulations
require companies
to implement specifc
measures aimed
at protecting data.
Percent Respondents Usingfor Both Business and Personal
-
8/7/2019 Beyond the Wall - Security in a Post Perimeter World
7/10
Beyond the Wall: Security in a PoSt-Perimeter World
2010 c csg, llc7
FIGURE 9
GLBAw h a t i t i s w h at i t d o e s w h o i t i m p a c t s m o s t
Gramm-Leach
Bliley Act
Requires that sensitive inormation sent across
the Internet is encrypted
Finance industry
DPAw h a t i t i s w h at i t d o e s w h o i t i m p a c t s m o s t
Data Protection
Act o 1998
Protects peoples personal inormation
by imposing legal obligations on anyone
processing personal data
European companies that
handle personal data
SOXw h a t i t i s w h at i t d o e s w h o i t i m p a c t s m o s t
Sarbanes-
Oxley Act
Protects shareholders and the general public
rom accounting errors and scandals by
requiring all public companies to retain their
email and business records or at least 7 years
Finance industry, public
companies that register
shares or sale on a US
Stock Exchange
FRCPw h a t i t i s w h at i t d o e s w h o i t i m p a c t s m o s t
Federal Rules o
Civil Procedure
Enorces data retention standards by requiring
companies to produce records within a set
amount o time
Any business that may
become involved in a
court case
FOIAw h a t i t i s w h at i t d o e s w h o i t i m p a c t s m o s t
Freedom o
Inormation Acts
Gives citizens the right to have copies o any
inormation that government or commercial
bodies are holding on them
UK and US government
organizations
HIPAAw h a t i t i s w h at i t d o e s w h o i t i m p a c t s m o s t
Health InsurancePortability and
Accountability Act
Ensures the privacy and confdentiality opatients healthcare inormation Healthcare industry
PCI-DSSw h a t i t i s w h at i t d o e s w h o i t i m p a c t s m o s t
Payment Card
Inormation Data
Security Standard
Enorces global standards to protect credit
card data against thet and raud
Anyone that handles
payment card transactions
CIPAw h a t i t i s w h at i t d o e s w h o i t i m p a c t s m o s t
Childrens Internet
Protection Act
Prevents access to o ensive Internet content
on school and library computers
Education industry
T w-o o o o o o o o
o o oo . S o w k o woko o o
v o o o o v I . Fo
- -z , o o.
Source: Webroot
-
8/7/2019 Beyond the Wall - Security in a Post Perimeter World
8/10
Beyond the Wall: Security in a PoSt-Perimeter World
2010 c csg, llc8
Beyond the Perimeter Is the CloudNow o wok o w o o kow o,
k o ov o. T oo w. Co o o
o .
T k vo, vo W- o o w vw k q. T o o w o- o o oo .
T o ov o o o v. I o , oo Woo, W
S oo A , U Ko, U S , v,
ok o o o o o o SS .
T Fo R-Wo I o SS I o S z x o
wo v o SS o. T ov SS o :
Speed to deploy
Responsive serv ice from vendor
Lower costs
Faster deployment of latest innovations Easy-to-use interfaces
Security
I owo o o , v o o o o o
o SS . Howv, o wo v SS f o o
oo. T Fo o :
Te majority o the customers we interv iewed revealed that their SaaS vendors were doing more to secure their data than their
own I departments coul d do. One reerence said, Our greatest ear became our biggest con dence.
TWITTER
CRM
CONSUMER IT
INFRASTRUCTURE
ERP
COMPANY COMPUTERS
POST-PERIMETERPERIMETER
EXTERNAL
STORAGE DEVICES
HOME OFFICE MOBILE DEVICES
WEB SURFING
CONSUMER IM
FACEBOOK
WEB 2.0
WEBMAIL
HOSTED EMAIL
SKYPE
CRM
ERP
TWITTER
WEB SURFING
CONSUMER IM
FACEBOOK
WEB 2.0
WEBMAIL
HOSTED EMAIL
SKYPE
FIGURE 10
Perimeter vs. Post-Perimeter Security
Source: Webroot
Te time has come or
a new post-perimeter
approach to
inormation security.
SaaS vendors are
doing more to secure
data than in-house I
departments could do.
-
8/7/2019 Beyond the Wall - Security in a Post Perimeter World
9/10
Beyond the Wall: Security in a PoSt-Perimeter World
2010 c csg, llc9
T o o - -z k o v
o o v I -o.
Farewell to the Company Data Center
I o o w. M o o w o w ow o o w. A o o o v o o wok o
o ov v o ow , o o .
G , o w ow o I . Ao o G, Sv -
v ov ow I w , v z o, o-
v, o o ko oook o oo wok. T w
o k V Pv Nwok (VPN) oo.
T -v oo o o w o o w o. No o
w o v w-v . S- o o SS oo
instead of shopping for servers. Established small- a nd medium-sized businesses should retire application soware
o w v o o o SS oo.
Fo o, v ooo o o ow ov. SS oo f w o.
Whats Next?I o , x o v v o I o o o. IDC Wow
S SS Fo Mk ow vo x
v .
T o o w o- wo k oo o o o v o oo, v oo.
I o o k v o o o k SS vo ov oow:
. Co- oo o o oo o o wok. T o
w ov o oo.
FIGURE 11
0
$1000M
$2000M
$3000M
$4000M
$5000M
$4500M
$3500M
$2500M
$1500M
$500M
OTHER
SECURITY ANDVULNERABILITYMANAGEMENT
IDENTITY AND ACCESSMANAGEMENT
NETWORK SECURITY
ENDPOINT SECURITY
WEB SECURITY
MESSAGING SECURITY
2008 2009 2010 2011 2012 2013
Source: IDC March 2010
Start-up companies
should be selecting SaaS
solutions instead o
shopping or servers.
Worldwide Security SaaSForecast by Market
Companies need to
quickly adapt to the new
post-perimeter world.
-
8/7/2019 Beyond the Wall - Security in a Post Perimeter World
10/10