The risk to confidential information continues to grow as IT executives are facing an increasing number of threats to their information from both internal and external sources. Today’s attacks are proving to be more sophisticated, well-organized and covert in nature than attacks seen in years past, thus requiring a new approach to secure and manage IT assets.
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Targeted Attacks on Intellectual Property
1. Targeted Attacks on Intellectual Property
April 13, 2010
Targeted Attacks on Intellectual Property 1
2. Agenda
1 Symantec’s Unique Vantage Point
2 Targeted Attacks on Intellectual Property
3 New Security Suites from Symantec
Targeted Attacks on Intellectual Property 2
3. Building a “Community of Defense” with Businesses
> Customers from businesses around the world
Who
> Symantec Security Leadership and Experts on
Threat Research
What > Ongoing discussions about the types of IT risks
businesses face today
> Share information about security incidents, impact
assessment, and best practices to prevent
Key Findings
> Today’s targeted attacks characterized by
organization, covert nature and patience
> Strong consensus these attacks represent a
significant risk to intellectual property
Targeted Attacks on Intellectual Property 3
4. Anatomy of a Breach
> Incursion
> Discovery
> Capture
> Exfiltration
Targeted Attacks on Intellectual Property 4
5. Dissecting Hydraq
Hi, I met you at the Malware
Conference last month. Wanted to
let you know I got this great shot of
you doing your presentation. I
posted it here:
Incursion
Organized
Organized
Attacker breaks into the
Criminal
network by delivering targeted
Criminal
malware to vulnerable systems
and employees
Targeted Attacks on Intellectual Property 5
6. Dissecting Hydraq
Discovery
Organized
Organized
Hacker maps organization’s
Criminal
Criminal
defenses from the inside and
creates battle plan
Targeted Attacks on Intellectual Property 6
7. Dissecting Hydraq
Capture
Organized
Organized
Attacker accesses data on
Criminal
unprotected systems and
Criminal
installs malware to secretly
acquire crucial data
Targeted Attacks on Intellectual Property 7
8. Dissecting Hydraq
Hydraq
Victim
Exfiltration
Organized
Organized
Confidential data sent back to
Criminal
enemy’s “home base” for
Criminal
exploitation and fraud Attacker
72.3.224.71:443
Targeted Attacks on Intellectual Property 8
9. Mass Attack vs. Targeted Attack
Phase Mass Attack Targeted Attack
Generic social engineering Handcrafted and personalized
By-chance infection methods of delivery
Examination of infected resource,
Typically no discovery, assumes
monitoring of user to determine
content is in a predefined and
other accessible resources,
predictable location
and network enumeration
Predefined specific data or data
Manual analysis and inspection of
which matches a predefined pattern
the data
such as a credit card number
Information sent to dump site often Information sent directly back to
with little protection and dump site attacker and not stored in known
serves as long term storage location for extended period
Targeted Attacks on Intellectual Property 9
10. The Challenges
Develop and Enforce IT Policies
Protect The Information
Manage Systems
Protect The Infrastructure
Targeted Attacks on Intellectual Property 10
11. Comprehensive Security Strategy is Required
Risk Based and Policy Driven
IT Governance, Risk and Compliance
Information - Centric
Information Risk Management
Operationalized
Infrastructure Management
Well Managed Infrastructure
Infrastructure Protection
Targeted Attacks on Intellectual Property 11
12. New Security Suites Meet These Challenges
Develop and > Control Compliance Suite 10.0
Enforce IT Policies
Protect the > Data Loss Prevention Suite 10.5
Information
Manage Systems > IT Management Suite 7.0
> Symantec Protection Center &
Protect the > Symantec Protection Suite
Infrastructure Enterprise Edition Family
Targeted Attacks on Intellectual Property 12
13. Develop and > Control Compliance Suite 10.0
Enforce IT Policies
Key Benefits New in Version 10.0
• Define risk and develop IT • Centralized evidence
policies collection and management
• Assess infrastructure and • Dynamic web-based
processes dashboards
• Report, monitor and • Integration with Symantec
demonstrate due care Data Loss Prevention
• Remediate problems • New CCS Vulnerability
Manager
Targeted Attacks on Intellectual Property 13
14. Protect the > Data Loss Prevention Suite 10.5
Information
Key Benefits New in Version 10.5
• Discover where sensitive • Better visibility and control
information resides of unstructured data
• Monitor how data is being • Enhanced protection for
used social media sites
• Protect sensitive – Twitter, LinkedIn, YouTube, …
information from loss • New protection for private
clouds (Citrix)
• New endpoint option for less
complex environments
Targeted Attacks on Intellectual Property 14
15. Manage Systems > IT Management Suite 7.0
Key Benefits New in Version 7.0
• Implement secure operating • New comprehensive suite that
environments brings together all Altiris
components
• Distribute and enforce patch
levels • Automated end to end
Windows 7 migration process
• Automate processes to • Intelligent software
streamline efficiency management providing
• Monitor and report on complete visibility
system status • Process automation of complex,
time-consuming IT tasks
Targeted Attacks on Intellectual Property 15
16. > Symantec Protection Center &
Protect the Symantec Protection Suite
Infrastructure Enterprise Edition Family
Key Benefits What’s New
• Improved Visibility into • Symantec Protection Center:
Security & Operations – Next generation security
• Stronger Protection management solution
– Simplifies management &
• Accelerated Remediation improves security posture
• Containment of Security • Symantec Protection Suites:
Expenses
– Three new suites designed to
meet the needs of enterprise IT
personnel in endpoint, gateway
and server functions
Targeted Attacks on Intellectual Property 16