security alert: latest trends in global attacks, sources and impact vince steckler vice president,...

Security Alert: Latest Trends in Global Attacks, Sources and Impact

Vince StecklerVice President, Asia Pacific

2 © 2003 Symantec Corporation.

New Technologies and Targets

Broadband

120M subscribers worldwide by 2005

SCADAUsed by oil and natural gas,

controls electric power and water supplies

Instant Messaging/P2P

Over 500M users by 2005

Wireless

484M users worldwide by 2005

Grid Computing

$4.1B market by 2005

Web Services Security

$4.4B market by 2006


High

Low

1980 1985 1990 1995 2000 2005

Less Knowledge Required to Attack

IntruderKnowledge

Automated Tools &

Attack Sophisticatio

n


Flash threats? Massive worm-driven

DDoS? Critical infrastructure

attacks?

Regional

Sc

op

e

IndividualPCs

Individual Orgs.

Sector

GlobalImpact

2000 2003

1st gen. viruses Individual DoS Web defacement

1990s

General Threat Evolution

email worms DDoS Credit hacking

Blended threats Limited Warhol threats Worm-driven DDoS National credit hacking Infrastructure hacking

Time


Hours

Time

Weeks or months

Days

Minutes

Seconds

Class IIHuman response: difficult/impossibleAutomated response: possible

Early 1990s Mid 1990s Late 1990s 2000 2003

Class IIIHuman response: impossibleAutomated response: unlikelyProactive blocking: possible

Threat Evolution: Malicious Code

Co

nta

gio

n T

imef

ram

e

File Viruses

Macro Viruses

e-mail Worms

Blended Threats

“Warhol” Threats

“Flash” Threats

Class I Human response: possible


Vulnerabilities on the RiseNew vulnerabilities per week

10

2530

50

70

0

10

20

30

40

50

60

70

'99 '00 '01 '02 '03 proj.Source: Bugtraq


Vulnerability-ThreatWindow

VulnerabilityIdentified

ThreatReleased

Time

Threat Evolution: Day-zero Threats

A day-zero threat exploits a previously unknown, and therefore unprotected vulnerability.


Vulnerabilityidentified

Threatreleased

Time

Day-zero exploit

Threatreleased

Threat Evolution: Day-zero Threats

A day-zero threat exploits a previously unknown, and therefore unprotected vulnerability.

Months

Days

Hours

“Day 0”Novice

ProgrammerSophisticated Programmer

Organized Crime/Terrorist Organization

Nation/State Threat

As attacker demographics shift,we expect a reduction in the vulnerability-threat window.

Time Until Exploitation


Wireless Infrastructure Web ServicesInternet Backbone/

Broadband

Flash andDay-Zero Threats

Warhol and Day-Zero Threats

Blended Threats

DDoS

TargetedHacking

Threats

Targets

Major disruption of B2B services

sector-level impact

Majordisruption to

multiple networks

Short-term disruption

of individual networks

Account theft/ corruption, DoS

GlobalInternet

Disruption

Short-term/ localized Internet

disruption

Data theft/ corruption, DoS

Threat Impact on Emerging Targets


Instant Messaging & Peer to Peer

Grid ComputingPhysical

Infrastructure/SCADA

Flash andDay-Zero Threats

Warhol and Day-Zero Threats

Blended Threats

DDoS

TargetedHacking

Threats

Targets

Potential disruption of all participating

grid nodes.

Possible major compromise of

hosts.

Potential disruption of millions of IM/P2P

agents.

Possible major compromise of

hosts.

Content eavesdropping, password theft

Impact to:

Power Comm Hydro Chemical Other infra.

Disruption of inter-networked SCADA

Disruptionof targeted

infrastructures

Data theft and corruption to grid

and host

Threat Impact on Emerging Targets

Short-term disruption to grid

computations.

Short-term service disruption


Threat Class Sensing StrategiesReactive Protection

StrategiesProactive Protection

Strategies

Class III threats(Flash threats,

Day-Zero)

Class II threats(Blended threats, Warhol, Day-Zero)

Class I threats(Blended threats, worms, viruses)

Distributed Sensor Networks

ProtocolAnomaly Detection

Rule and Statistical

Correlation

Malicious Code Protection Strategies

Generic Exploit Blocking

Network Intrusion

Prevention

Host Intrusion Prevention

Only useful after initial wave

Manual Fingerprints

Auto Fingerprint Generation

Auto Fingerprint Generation(for slower

Class II threats)

Adaptive Security

Information Security Governance


IT Governance

Part of overall enterprise governance, to ensure that

• IT is aligned to enable business objectives and deliver value

• IT resources are responsibly used

• IT risks are mitigated and managed appropriately

Governance

IT Governance



Governance

IT Governance

Information Security

Governance



• Specific value drivers for

– Integrity of information

– Continuity of service

– Protection of information assets

• Outcomes:

– Strategic Alignment

– Value Delivery

– Risk Management

– Performance Measurement

Source: IT Governance Institute


Security Performance Metrics Examples

• Summary and Trends

• Incidents

• Awareness

• Risk and Compliance

• Financial


Metrics Are a Challenge with Typical Information Security Solutions

• Fragmented functionality

• Little to no integration

• Lack of a cohesive security management capability

• Doesn’t provide an overall view of security posture

Authen-Authen-ticationtication

AntivirusAntivirus

FirewallFirewall

IntrusionIntrusionDetectionDetection

VulnVulnAssessAssess

VPNVPN

Content Content Updates & Updates &

SecuritySecurityResponseResponse

24x724x7GlobalGlobal

CustomerCustomerSupportSupport

Attack Attack Recovery Recovery ServicesServices

Threat Threat ManagementManagement

& Early & Early WarningWarning

Honey PotHoney Pot& Decoy& Decoy

TechnologyTechnology

Vuln Vuln MgmtMgmt

Policy Policy MgmtMgmt

Event & Event & Incident Incident

MgmtMgmt

Access Access ControlControl& Auth& Auth

IdentityIdentityMgmtMgmt

Config.Config.MgmtMgmt

CommonCommonConsoleConsole

SecuritySecurityServicesServices


Conclusion – Critical Success Factors

• Information security reports to senior management / CIOs

• Information security audit is integral part of audit program

• Clearly defined roles, responsibilities and accountability

• Security policy in place and compliance monitored

• Scorecards to ensure common alignment with overall objectives and to provide transparency

IT Audit, Control, Security and Assurance professionals play pivotal role in successful governance

security alert: latest trends in global attacks, sources and impact vince steckler vice president,...

Documents