security measures to protect your organisation from fraud and cyber terrorism: how to prevent it...

Security Measures To Protect Your Organisation From Fraud And Cyber Terrorism:

How To Prevent IT From Costing Your Organisation Millions

Wong Joon HoongCountry Sales Manager

Trend Micro Malaysia

Copyright 2002-2003, Trend Micro, Inc. 2

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

Agenda

Ever Changing Network Today’s Security Top Concern Social Engineering Spam mail & Virus evolution Summary Q & A



Ever changing network

Broadband adoption Wireless Network Integrated communication devices Information Island -> LAN -> MAN -> WAN Internet ->Intranet -> Extranet-> Internet commerce



Goal of Security

Previous :

Security is to prevent losses, protect against confidentiality breaches

Today:

The goal of Security is enabling e-Business



Security Challenges

Spam

Viruses & Worms

System Vulnerabilities

Unwelcome Visitors Firewall ensures that unauthorized users/hackers can’t gain access to internal company network

Remote Access

VPN ensures that employees may securely access company data on the road or from home.

Monitoring for and applying patches to applications and OS as soon as they are made available

YTD, 50% of Internet email is spam, and growing Spam clogs resources and drain productivity

85% of viruses comes from the Internet Difficult to maintain current antivirus versions and to protect all possible access points



Spam – The Rising Problem

Junk Mail Rate 2002*

75%

100%

125%

150%

175%

200%

Jan Feb Mar Apr May Jun Jul AugSept

20%

25%

30%

35%

40%

* Source: 7 billion actual customer messages processed by Postini

Junk mail rate for corporations approaching 50% and continuing to rise.

Pornographic spam causing workplace liability concerns.

There is no end in sight, thus email for business use could become useless by 2004. (Think it couldn’t happen? Usenet Newsgroups suffered a similar fate)



Got Spam?

Censored!!!!


RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineWhat is the tangible cost of Spam?

Base on 500 User email users in an organsition!



Un-be-lievable.

IDC survey: more than a third (37 percent) of business email users would still open the attachment of an email titled 'ILOVEYOU' The report found that on any day of the year, business users

would open an email appearing to be from someone they know if the following appeared in the subject line:

• “Great Joke” (54 percent)

• “Look at this” (50 percent)

• “Message” (46 percent)

• “No title” (40 percent)

• “Special offer” (39 percent)

Source: http://www.theregister.co.uk/content/8/16668.html 2/6/2001



Malicious Code Growth

183 1,000

5,000 10,000

18,000

38,000

48,000

60,000

73,000

77,000+

0

10000

20000

30000

40000

50000

60000

70000

80000

90000

Malicious Code Growth (1990- 2003)

1990 1991 1994 1996 1998 1999 2000 2001 2002 2003



Evolution of Viruses



Recent Network Virus Attacks

Year Attack Number of Infected

PC’s

Est. Amount of Loss (USD)

Y 2003 Worm_MSBLAST 1.4 Million + Still Counting……

Y 2003 SQL Slammer 200,000 + 950 million ~ 1.2 billion

Y 2002 Klez 6 Million + 9 Billion

Y 2001 CodeRed 1 Million + 2.6 billion

Y 2001 NIMDA 8 Million + 600 million

Y 2000 Love Letter 8.8 billion


RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineVirus attack and mail spamming are the most common types of security breaches experienced

49

37

31

27

19

16

15

14

11

8

2

4

83

50

49

87

Types of security breach(es) experienced before%

Virus attack

Mail spamming

Employee's abuse: Downloading pornography

Employee's abuse: Inappropriate use of e-mail system

Employee's abuse: Downloading pirated software

Denial of service

Theft: Hardware/ Computer

Hack threat/ system penetration

CDs/ Diskette stolen

Website unauthorized access/ misuse

Sabotage of data or network

Theft: proprietary information

Website vandalism

Financial fraud

Active wire tap

None of the above

Base : All organisations 100

NISER 2003 Survey


RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineProblem #1: Network Viruses (Worms) Have been Unstoppable

No security solution has stopped or contained these network virusesMost often it has been too late = $2.15B in damages in Year 2003 alone

Source: Trend Micro, Computer Economics

Central Site

VPN

Firewall

DoS Protection

IntrusionPrevention

TraditionalAntivirus

Vulnerability AssessmentNimda

Code Red

Slammer MSBlaster.AWelchia

SecurityMgmt.

Internet


RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineProblem #2: Vulnerability Prioritization and Isolation is Daunting

Window of time from patch availability to outbreak is shrinking Difficult to prioritize patches to apply and isolate unpatched machines during an outbreak Source: Trend Micro

MSBlaster.A

Aug. 11, 2003Patch: MS03-026

Jul. 16, 2003

Patch: MS02-039Jul. 24, 2002

Slammer

Jan. 25, 2003

Nimda

Patch: MS00-078Oct.17, 2000 Sept. 18, 2001

SASSER.B

May,02, 2004Patch: MS04-01

Apr 13, 2004 Window

26 days

185 days

336 days

17 days



0.00

1.00

2.00

3.00

4.00

5.00

6.00

Problem #3: Ineffective Policy Enforcement Leads to Re-infections

1999 2002 2003M

illio

ns o

f in

fect

ions

(20

03)

2001

5 of Top 10 viruses in 2003 released 1-4 years ago

Non-compliant devices connect from multiple network access pointsIneffective access control of these devices leads to re-infections

Source: Trend Micro



Why the current industry solution is ineffective

Mixed threat attacks need more than pattern files Attack-specific policy and system assessment and cleanup

Inconsistent or inaccurate security policy settings Lack of central policy management

Inability to respond quickly enough when outbreak or reinfection occurs Pattern files take time to develop

Out-of-date pattern files, AV not present on all hosts and pathways Lack of central management and updates = missed detections

Security devices don’t coordinate Enterprises must coordinate themselves with several vendors



Virus Outbreak Lifecycle = Customer Experience

Threat Information

Attack Prevention

Notificationand

Assurance

Pattern File

Scan and Eliminate

Assess and Cleanup

Restore and Post-

mortem

Antivirus focus is not sufficient

Antivirus focus is not sufficient

Enterprise TCO and lost productivity affects the

customer at all stages of the lifecycle.

Enterprise TCO and lost productivity affects the

customer at all stages of the lifecycle.

$$ $$$$$$$ $$

“An estimated 74% of outbreak cost is related to cleaning.” -- Computer

Economics, 2002

$ $

The Result

Vulnerability Assessment

Vulnerability Assessment

$$


RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 lineSecurity Wish List Requirements Remain Unfulfilled

Security Policy Enforcement

Network Virus Detection

Network Outbreak Monitoring

Traditional Antivirus

Security

Mgmt.

Infection Locator/Automated Cleanup

Centralized Outbreak Management

IDS/

IDP

VA

Network Virus Outbreak Prevention

Vulnerability Isolation

Security Wish List

Security Policy Enforcement

Network Virus Detection

Network Outbreak Monitoring

Traditional Antivirus

Security

Mgmt.

Infection Locator/Automated Cleanup

Centralized Outbreak Management

IDS/

IDP

VA

Network Virus Outbreak Prevention

Vulnerability Isolation

Security Wish List

No combination of security solutions fulfills this security wish list

Legend: Partially Addresses Need VA - Vulnerability AssessmentIDS - Intrusion Detection System

IDP – Intrusion Detection/Prevention



Which Security Solution should I invest to?

Point Products Proactive Mixed defense Security

Solution

Security Suites:

Integrated firewall, AV, CF, IDS



Vulnerability Assessment Outbreak Prevention Services

Virus ResponseServices

Damage Cleanup Services O

utb

rea

kM

gm

t.

You need protection strategy instead of product

COMMAND CENTRE

Malicious Code Eliminated

Outbreak Prevention

Virus Response

Assessment and Restoration

Malicious Code Attack

VulnerabilityPrevention

Vulnerability Discovered

Proactive Outbreak Lifecycle Management



Summary

Network and security landscape ever changing

Virus/Worn and Spam making use of social engineering delivery mixed threat attack, traditional way of handling virus/spam is no longer effective

Antispam : 2/3 of today spam email is 1st time spam and hybrid behaviour. Need heuristic antispam approach and integration of AV + Content Filtering + Antispam as solution.

Internal : Enforce Security policy, practice secure computing, Management involvement and support in IT security decision

External : Deployed proactive, centrally managed, precise security mixed threat defense solution instead of point product or suite product

Let the security system work for you instead!



Fastest growing antivirus vendor in the world.*

Founded in the US in 1988. Corporate headquarters in Tokyo, Japan. Publicly traded on NASDAQ and NIKKEI exchanges

Antivirus and content security software and services provider to enterprise, small and medium business, and consumer segments

Transnational company with 1800+ employees across 30 business units worldwide

First and only security solution provider pioneering end-to-end proactive outbreak life cycle management

*Antivirus Software 2002: A Segmentation of the Market (IDC)

Trend Micro Overview

THANK YOU

security measures to protect your organisation from fraud and cyber terrorism: how to prevent it...

Documents

running header

subject line

internet email

pornographic spam

linegot spam

user email users

business users

tangible cost of spam