beyond the wall - security in a post perimeter world

8/7/2019 Beyond the Wall - Security in a Post Perimeter World

1/10

Beyond the Wall:Security in a Post-Perimeter World

Oo

Walls have served muliple purposes hroughou hisory. Te Grea Wall o China

deended agains invaders, while he Berlin Wall kep ciizens rom reely raveling

beyond he conrol o heir rulers.

Nework securiy relies on similar premises. For years nework securiy proessionals

oued perimeer securiy as he primary soluion o keep he bad guys ou and

he good guys in. However, jus as guns and air atacks overcame proecive wal ls,

changes in malware atacks have rendered nework rewalls and perimeer-cenric

securiy an inefecive deense. Simulaneously, he increasingly mobile workorce

makes an on-premise approach even more uile. Walls can no longer keep he bad

guys ou, nor can hey keep he good guys in.

Welcome o he pos-perimeer world.


2/10

Beyond the Wall: Security in a PoSt-Perimeter World

2010 c csg, llc2

The Bad Guys Are Getting InPo o o v k o o o w. Mw o

k wo o . T o w . A vo o o o

xo, o o.

Ao o NSS L, o , o k xo- k vv - o oo W . T v W ow, - - o.

O xo w, o v . T O S Foo

D Lo o 586 o o o o o

o oo.

Mercenaries for HireT oo o o o v o o oo. Pwo- o

o xo . A o, v w w o . Now,

v k . I , o o, w o o oz o

. I oo o o o w oo ow o vo oo. T

v o o k k o ID o . S o v o v o x v o o, v o v o

k o ID/wo o v o o . T o oo vo

o o o o oo o k .

A , vo o o o wok o o oo. T

o w o -ov- w k o o o . T v-

xoo o o o v o o - v o. A

NSS L o o v o xo 7 o 75 o

o -o.

As the volume o these

malicious programs

explodes, the perimeter

cannot hold.

Tere are now vast

sums o money made

in the black market

o IDs and credit

card numbers and

login credentials.

MED

(15%)

EDU

(15%)GOV

(18%)

BIZ

(52%)

EMA (1%)

FIN (5%)

ACC (6%)

MED (7%)

MISC (7%)CCN (7%)

DOB (9%)

SSN (25%)

NAA (33%)

FIGURE 1

CCN Credit Card Number

DOB Date of Birth

SSN Social Security Number

NAA Names and/or Addresses

EMA Email Addresses

ACC Account Information

FIN Financial Information

MED Medical Information

MISC Other personally identifying

information,such as other logins and

passwords to various sites and applications

Source: Open Security Foundation

Breakdown of 2009Recorded Data Breaches bySector and Data Type

FIGURE 2

0

500,000

1,000,000

1,500,000

2,000,000

2,500,000

3,000,000

2002 20 03 2004 2005 2006 2007 2008 20 09

20,2

54

19,1

59

74,9

81

113,0

81

167,0

69

708,7

42

1,691,3

23

2,895,8

02

Source: Internet Security Threat Report,

Symantec April 2010

Numbers of New Signatures


3/10


2010 c csg, llc3

O k oo o o k v o. T

-o- v w o . W w oo

, k o o v oo, o o z

W o o o o .

W ko w o o o o w o w o oo wok,

o oo o Co Ro M (CRM) H Ro (HR) o. T o o k o v o o o o v

k o o oo. A , k o o wo o o ow.

ITEM RANGE OF PRICES

Credit card inormation $0.85 $30

Bank account credentials $15 $850

Email accounts $1 $20

Email addresses $1.70/MB $15/MB

Shell scripts $2 $5

Full identities $0.70 $20Credit card dumps $4 $150

Mailers $4 $10

Cash-out services $0 $600 plus 50% 60%

Website administration credentials $2 $30

Bad Guys Posing as Good GuysT B o v o o

oo oo. Aw B, L T R A o Woo, o o

J o o Nwok S Nw.

I o k , W o o W

o wo wok o W . T o ko. I , k o o

w oo o w W o o o o o o o, FP o

w o o k k.

A , oo w o o o o

o o , w x o w o o v

o o ko oo o o o wo v W .

Source: Internet Security Threat Report,

Symantec April 2010

Beefmaster

Webmaster

Removing

malware

Keylogger Adding

malware

Malware infects users

who visit the site

FIGURE 4

Source: Webroot

FIGURE 3


4/10


2010 c csg, llc4

A oo W o z w o o , ov . Howv, o

w oo, o o o o oo - w o

o W . Mo ,6 w o. T FP oo o 6 , q

IP , k v o o k ow oo o o wo o.

W o o o w o o k o, o o v

ow. I ooWk A S S Sv o o o ov x x . A o o w w , o, 84

o o w o k w . A o o k W o

o xo w . Ro o v o k o w

, wok o o ow, o v oo.

T qo w o o o o ?

FIGURE 5

0 20 40 60 80 100

DENIAL OFSERVICE

WEB ORSOFTWARE

APPLICATIONSEXPLOITED

OPERATINGSYSTEM

VULNERABILITIESATTACKED

PHISHING

MALWARE(VIRUSES,

WORMS,BOTNETS)

N/A

84%

56%

41%

52%

48%

25%

44%

29%

N/A 20092010

Source: Strategic Security Survey,

InformationWeek Analytics, May 2010

FIGURE 6

0 10 20 30 40 50 60

FRAUD

VIOLATED REGS RE: DATA SECURITY

LEGAL LIABILITY

IDENTITY THEFT

OTHER INTERNAL RECORDS LOST

CUSTOMER RECORDS COMPROMISED

MINOR FINANCIAL LOSSES

IP THEFT OR CONFIDENTIALITY COMPROMISED

NETWORK OR BUSINESS APPLICATIONS UNAVAILABLE 57%

54%

39%

39%

39%

34%

34%

30%

29%

Which Types of SecurityBreaches or EspionageAre Most Likely to Occurin Your Company Withinthe Next Year?

What Will be the Impactsof These Breaches?

Source: Strategic Security Survey,

InformationWeek Analytics, May 2010


5/10


2010 c csg, llc5

The Good Guys Are Getting OutT v-ow o v w x o o o o o.

A v o oo wo o o o.

T o w o o . M o ov

o o v w . T o o v ow. Lkw, ow o . F o wok o w, o wv v w o wok .

T o o o o o o I o.

Ao o Io D Co (IDC), o o o o-PC o v w I

. I-k w , IDC o o o o v

. I oo z ow o o o wo o

.

R o o w o wok, o o o wok o

o . R oo U o IDC o 75 o

oo wok w o o o o I oo o o o w

w. T ozo o I o w q o o

oo I .

IDC o wok o o wok x o o oox 4 o o 8 3. I o o o o v

o wok, v W o v oo wok oo.

FIGURE 7

020 40 60 80 100

GOOGLE APPS

ACCESSING BLOGS

PROFESSIONALSOCIAL NETWORKS

TEXT OR IM

GPS

SMART PHONE

MOBILE PHONE

LAPTOP 61%

52%

55%

38%

47%

36%

35%

51%

BUSINESS BOTH PERSONAL

COMPANIES WITH 500+ EMPLOYEES N=2,820 Source:A Consumer Revolution in the

Enterprise by IDC, sponsored by Unisys,

June 2010

Te days o only

company issued assets

connecting to the I

inastructure are gone.

Percent of RespondentsUsing for...


6/10


2010 c csg, llc6

T xoo o W o ow ---v (SS) o I

o v w wo v o w o. T ow

w--vw o w o ow o k o. IDC x

, 5 o w ow w v k o (CD). o , IDC

o ow SS k. I DC S S k $3. o v

, w ow o $4.5 o 4 oo ow (CAGR) o ov 5 .

T o- wo. No o w o o v,

W , o wok, o oo. B o w :

providing solid secur ity at the point that users connect to business applications ensuring va luable data is protected

constantly updating device-level protection.

Citizens Still Must be ProtectedT xoo o o o o o o o o -

. Co o o w o o v . Gov o wo o

o o.

I o, ov x o o o ,

o v o o z. T w o v q o

o o .

FIGURE 8

0 20 40 60 80 100

TWITTER

YOUTUBE

VIDEOSTREAMING

BLOGS/WIKIS

PROFESSIONALNETWORKING

INTERNETPHONE

GOOGLEAPPS

INTERNETVIDEO

TEXTMESSAGING

IM

WEB ORAUDIO

SHAREDDOCS

WEBBROWSING

EMAIL

COMPANIES WITH 500+ EMPLOYEES N=2,820

Source:A Consumer Revolution in the

Enterprise by IDC, sponsored by Unisys,

June 2010

Laws and regulations

require companies

to implement specifc

measures aimed

at protecting data.

Percent Respondents Usingfor Both Business and Personal


7/10


2010 c csg, llc7

FIGURE 9

GLBAw h a t i t i s w h at i t d o e s w h o i t i m p a c t s m o s t

Gramm-Leach

Bliley Act

Requires that sensitive inormation sent across

the Internet is encrypted

Finance industry

DPAw h a t i t i s w h at i t d o e s w h o i t i m p a c t s m o s t

Data Protection

Act o 1998

Protects peoples personal inormation

by imposing legal obligations on anyone

processing personal data

European companies that

handle personal data

SOXw h a t i t i s w h at i t d o e s w h o i t i m p a c t s m o s t

Sarbanes-

Oxley Act

Protects shareholders and the general public

rom accounting errors and scandals by

requiring all public companies to retain their

email and business records or at least 7 years

Finance industry, public

companies that register

shares or sale on a US

Stock Exchange

FRCPw h a t i t i s w h at i t d o e s w h o i t i m p a c t s m o s t

Federal Rules o

Civil Procedure

Enorces data retention standards by requiring

companies to produce records within a set

amount o time

Any business that may

become involved in a

court case

FOIAw h a t i t i s w h at i t d o e s w h o i t i m p a c t s m o s t

Freedom o

Inormation Acts

Gives citizens the right to have copies o any

inormation that government or commercial

bodies are holding on them

UK and US government

organizations

HIPAAw h a t i t i s w h at i t d o e s w h o i t i m p a c t s m o s t

Health InsurancePortability and

Accountability Act

Ensures the privacy and confdentiality opatients healthcare inormation Healthcare industry

PCI-DSSw h a t i t i s w h at i t d o e s w h o i t i m p a c t s m o s t

Payment Card

Inormation Data

Security Standard

Enorces global standards to protect credit

card data against thet and raud

Anyone that handles

payment card transactions

CIPAw h a t i t i s w h at i t d o e s w h o i t i m p a c t s m o s t

Childrens Internet

Protection Act

Prevents access to o ensive Internet content

on school and library computers

Education industry

T w-o o o o o o o o

o o oo . S o w k o woko o o

v o o o o v I . Fo

- -z , o o.

Source: Webroot


8/10


2010 c csg, llc8

Beyond the Perimeter Is the CloudNow o wok o w o o kow o,

k o ov o. T oo w. Co o o

o .

T k vo, vo W- o o w vw k q. T o o w o- o o oo .

T o ov o o o v. I o , oo Woo, W

S oo A , U Ko, U S , v,

ok o o o o o o SS .

T Fo R-Wo I o SS I o S z x o

wo v o SS o. T ov SS o :

Speed to deploy

Responsive serv ice from vendor

Lower costs

Faster deployment of latest innovations Easy-to-use interfaces

Security

I owo o o , v o o o o o

o SS . Howv, o wo v SS f o o

oo. T Fo o :

Te majority o the customers we interv iewed revealed that their SaaS vendors were doing more to secure their data than their

own I departments coul d do. One reerence said, Our greatest ear became our biggest con dence.

TWITTER

CRM

CONSUMER IT

INFRASTRUCTURE

ERP

COMPANY COMPUTERS

POST-PERIMETERPERIMETER

EXTERNAL

STORAGE DEVICES

HOME OFFICE MOBILE DEVICES

WEB SURFING

CONSUMER IM

FACEBOOK

WEB 2.0

WEBMAIL

HOSTED EMAIL

SKYPE

CRM

ERP

TWITTER

WEB SURFING

CONSUMER IM

FACEBOOK

WEB 2.0

WEBMAIL

HOSTED EMAIL

SKYPE

FIGURE 10

Perimeter vs. Post-Perimeter Security

Source: Webroot

Te time has come or

a new post-perimeter

approach to

inormation security.

SaaS vendors are

doing more to secure

data than in-house I

departments could do.


9/10


2010 c csg, llc9

T o o - -z k o v

o o v I -o.

Farewell to the Company Data Center

I o o w. M o o w o w ow o o w. A o o o v o o wok o

o ov v o ow , o o .

G , o w ow o I . Ao o G, Sv -

v ov ow I w , v z o, o-

v, o o ko oook o oo wok. T w

o k V Pv Nwok (VPN) oo.

T -v oo o o w o o w o. No o

w o v w-v . S- o o SS oo

instead of shopping for servers. Established small- a nd medium-sized businesses should retire application soware

o w v o o o SS oo.

Fo o, v ooo o o ow ov. SS oo f w o.

Whats Next?I o , x o v v o I o o o. IDC Wow

S SS Fo Mk ow vo x

v .

T o o w o- wo k oo o o o v o oo, v oo.

I o o k v o o o k SS vo ov oow:

. Co- oo o o oo o o wok. T o

w ov o oo.

FIGURE 11

0

$1000M

$2000M

$3000M

$4000M

$5000M

$4500M

$3500M

$2500M

$1500M

$500M

OTHER

SECURITY ANDVULNERABILITYMANAGEMENT

IDENTITY AND ACCESSMANAGEMENT

NETWORK SECURITY

ENDPOINT SECURITY

WEB SECURITY

MESSAGING SECURITY

2008 2009 2010 2011 2012 2013

Source: IDC March 2010

Start-up companies

should be selecting SaaS

solutions instead o

shopping or servers.

Worldwide Security SaaSForecast by Market

Companies need to

quickly adapt to the new

post-perimeter world.


10/10

beyond the wall - security in a post perimeter world

Documents