1 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Our Products Unified Threat Management SSL VPN Data Protection & Encryption Device Management Application Control Asset Management Cyberoam – Endpoint Data Protection AJAY NAWANI Presales Head – Global Operations Insider Threats – Its significance and how to identify them
2 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Agenda of Presentation An overview of significant cyber security events Insider Threats Is your network security Future-ready?
3 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You An overview of significant cyber security events
4 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Stuxnet -Jan 2010: Targets industrial software and equipment Hydraq Trojan -July 2010: Hackers made backdoor entry to corporate Intranets Kama Sutra virus via downloadable ppt -Jan 2011: Downloaded presentation runs malware in the background News events driving spam in corporate networks -Wikileaks, Osama Bin Laden death Major recent security incidents
5 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Key threat statistics More than 300 million unique malicious programs in 2010 Mobile threat landscape comes into view -Public app stores leveraged for attacks 93% increase in web-based attacks -Attacks emerge using shortened URLs 14 NEW zero-day attacks per day -Including Hydraq, Stuxnet, Kama Sutra etc. 260,000 identities exposed per data breach -Hacking incidents drive identity theft in organizations
6 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Past -Lesser complex networks that were manageable -Fewer mediums of security vulnerability External drives, Instant Messengers, Email etc. The evolution of the threat landscape
7 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Present -Complex networks -Rise in number of incidents due to Wireless technologies Handheld devices (like PDAs, iPads, cellphones) Extending networks to partners, customers and more HTTPS / SSL websites Social media & Web 2.0 -Future: The threats would grow more serious Cloud-residing data Heterogenous networks (HetNets) The evolution of the threat landscape
8 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Insider Threats
9 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You How vulnerable is my organization to insider threats? 93% employees had betrayed the organization to directly benefit competition (SOURCE – KPMG Data Loss Baramoter, 2009)
10 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Greater fluidity of network parameter Employee access to business-critical applications, Web 2.0, social media Traditional security’s inability to identify human role -Victim - User ignorance, surfing patterns, trust, lack of awareness, lax security policy -Attacker - Malicious intent, vengeance, greed Why are insider attacks succeeding?
11 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You ? 192.168.3.105 Inside-out Threat Scenarios Internet Administrator Corporate LAN 192.168.3.120192.168.3.108192.168.3.1192.168.3.108192.168.3.120 In an inside-out threat scenario, user activities remain untraced Multiple users on same machine can share a common IP address “Human Identity” behind the IP address is a Question Mark
12 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Social Media: An increasing risk Individual tidbits of information lying across Twitter, Facebook, LinkedIn etc. when seen together, constitute insider threats -The DNA of the entire organization can be decoded INTANGIBLES -Core values, hierarchy, communication patterns, industry environment, employee morale TANGIBLES -Intellectual property, financial information, trade secrets What we did at Cyberoam -Monitored 20 companies with active social media presence
13 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Key demographics and distribution
14 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You More details about Cyberoam research… Pick an organization X Identify as many employees as possible from X’s Linkedin profile Go through the Twitter and Facebook profile of employees Monitor the information feed from these sources Identify the structure and hierarchy Sketch decision- makers and key employee motivators Chart the organization X’s DNA
15 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Singapore-based multimedia company Reason for selection? -Asian corporation with impressive clients list Employees monitored -Sales director, department head, designers Methods used -Private tweets of all mentioned individuals Example 1: Company A
16 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Social media profile – Company A Employees not getting salary Cashflow problems in organization Bounced salary checks Employees looking for new jobs
17 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Security Executives are in a Middle of a Complex System
18 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Is your network security Future-ready?
19 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Need of ‘Layer 8 Technology’ – Building Security around the User Need of ‘Layer 8 Technology’ – Building Security around the User
20 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Expectation from Layer 8 technology:
21 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You 192.168.3.110 Mona 192.168.3.110 Shiv Internet 192.168.3.110 192.168.3.105 Corporate LAN Administrator What Layer 8 does? Provides Identity-based security Applies security policies based on actual identity of users. User-specific rules for multiple users to share a common IP address
22 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Fighting Terrorism through Identity Location – Ahmedabad, India Date: 26 th July 2008 Attack Type: 21 serial bomb blasts –Cyberoam – Identity based management solved the case and culprit was arrested.
23 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Measure User Threat Quotient (UTQ) Help build patterns of activity profiles Layer 8 security -Identity-based approach to control -Who is doing what? -Who can connect using which device? -What is being accessed over the network and by whom? -Who are the likely targets? Securely extends network to customers, partners, remote workers Role based access to resources and social media Solution that can help mitigate insider threats
24 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Applications and More Applications. Am I in control? Who decides which applications are important to business and run on network ?
25 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You CRM ERP Sales force You Tube IM Application Web mail Casual Traffic A crowd of applications – how will you prioritize?
26 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Know and classify applications trying to enter the network -Business critical -Socio-business -Non critical -Undesirable Allows control over -Who (user) -When (Time) -What (Application) -How (Bandwidth) Essential for Cloud Computing Assures availability of business-critical applications Controls bandwidth costs Need of Application Visibility & Control
27 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Is my existing network security setup rigid and hard-coded? Can the architecture grow to accommodate future threats? Threat environment is dynamic. Can I keep up with it?
28 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Anti virus AS IM control Intrusion Prevention Next Gen GUI L7 Firewall Future-ready security with Extensible Security Architecture
29 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Extensibility Security Architecture (ESA): -Ability to accommodate additional features and capabilities -Protecting investment: No need to invest in new expensive hardware or additional rackspace Multicore-aware software architecture: -Parallelism – sharing computing load on multiple processors -Quickly deliver new patches and policies online Overcoming latest & unknown threats
30 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Regulatory compliance is becoming increasingly mandatory for organizations in all verticals Why? Organizations must follow best practices laid down by industry Does your appliance meet compliance challenges?
31 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Regulatory compliance is becoming increasingly mandatory for organizations in all verticals -Why? Organizations must follow best practices laid down by industry -Challenges to be addressed by security solution Complicated documentation processes Identifying users and their online behavior Painful audit process Solution which facilitates security compliance H I P A A CI P A
32 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Am I spending lesser and smarter? How many security products I have to manage? -Firewall, Routers -Content filters, Bandwidth Managers -Multiple Link Managers, VPN …and more Does my Total Cost of Security Operations increase with multiple solutions? -How much am I spending on licensing and subscription costs? -Do I spend lot of time configuring and managing my network security solution? How effectively are you spending?
33 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Reduced complexity: -Single security solution, single vendor and single AMC -No need for multiple software applications to be installed or maintained Troubleshooting ease: Single point of contact with 24X7 support Reduced technical training requirements: one product to learn Easy management: Simple is always more secure; Web-based GUI; saves time Future-ready: Preparing against HTTPS/SSL attacks, Cloud-based attacks Solution that helps you spend smartly on security
34 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Q&A If any??
35 www.cyberoam.com © Copyright 2011 Elitecore Technologies Pvt. Ltd. All Rights Reserved. Securing You Thank you!