The New Order of Security George Chang Vice President, Southeast - - PowerPoint PPT Presentation

"Securing Cyberspace for Economic Growth"

People First, Performance Now Ministry of Science, Technology and Innovation

"Securing Cyberspace for Economic Growth"

10010101010 010110101101 110010110101 001010110010 101010110101

The New Order of Security

George Chang Vice President, Southeast Asia and Hong Kong gchang@fortinet.com

14 November 2013

"Securing Cyberspace for Economic Growth"

How important is IT Security to your overall business setup? Key Note: : All four countries attribute high levels of importance towards IT security, with Malaysia registering the highest level.

% of respondents

Mean Score ( 1 Not important at all | 5 Very important) 4.32 4.51 4.27 4.25 4.25 45.7% ¡ 58.7% ¡ 40.0% ¡ 44.0% ¡ 40.0% ¡ 41.7% ¡ 34.7% ¡ 48.0% ¡ 37.3% ¡ 46.7% ¡ 11.7% ¡ 5.3% ¡ 10.7% ¡ 18.7% ¡ 12.0% ¡ 1.0% ¡ 1.3% ¡ 1.3% ¡ 0.0% ¡ 1.3% ¡ 0% ¡ 20% ¡ 40% ¡ 60% ¡ 80% ¡ 100% ¡ Overall ¡ Malaysia ¡ Singapore ¡ Hong ¡Kong ¡ Thailand ¡ Not ¡Important ¡At ¡All ¡ Not ¡important ¡ Neutral ¡ Important ¡ Very ¡Important ¡

Survey by Frost & Sullivan, Oct 2013

"Securing Cyberspace for Economic Growth"

Important ¡ 42% ¡ Very ¡ Important ¡ 45% ¡ Neutral ¡ 12% ¡ Not ¡ important ¡ 1% ¡

How important is the IT Security to your overall business setup? Key Note: The majority of respondents treat IT security as important from the viewpoints of securing data and protecting against external threats.

% of respondents N = 300

(Very Important & Important) To ¡secure ¡data ¡and ¡informaJon ¡ 49.6% ¡ Protect ¡against ¡external ¡aNacks ¡ 15.3% ¡ Ensure ¡confidenJality ¡ 11.5% ¡ CriJcal ¡to ¡overall ¡business ¡ 7.3% ¡ Ensure ¡reliability ¡ 5.3% ¡ Top 5 reasons why IT security is considered important: Survey by Frost & Sullivan, Oct 2013

"Securing Cyberspace for Economic Growth"

Key Note: Singapore organizations are more likely to view APT solutions as being highly critical, whilst Hong Kong organizations are more focused on DDoS prevention solutions. What are your opinions towards the following statements What are your opinions towards the following statements What are your opinions towards the following statements What are your opinions towards the following statements How would you rate the criticality of the respective IT security solutions listed below to your

• verall security posture?

3.50 ¡ 3.60 ¡ 3.70 ¡ 3.80 ¡ 3.90 ¡ 4.00 ¡ 4.10 ¡ 4.20 ¡ 4.30 ¡ Hong ¡Kong ¡ Malaysia ¡ Thailand ¡ Singapore ¡ Overall ¡ ApplicaJon ¡Security ¡ Data ¡Security ¡ Network ¡Security ¡ Database ¡Security ¡ Endpoint ¡Security ¡ Wireless ¡Security ¡ DDoS ¡PrevenJon ¡SoluJon ¡ Cloud/VirtualizaJon ¡ Security ¡ Advanced ¡Persistent ¡Threat ¡ (APT) ¡SoluJon ¡ Content ¡Security ¡ Managed ¡Security ¡Services ¡ Mean Score (1 Not critical at all | 5 Very critical) Critical

Survey by Frost & Sullivan, Oct 2013

"Securing Cyberspace for Economic Growth"

Key Note: The CEO’s participation in IT security decision making is higher than that of the CIO. CFOs also have a high participation rate and high degree of influence, compared to IT Heads. What are your opinions towards the following statements What are your opinions towards the following statements What are your opinions towards the following statements Who are the people involved in the decision making process for IT Security spending?

69.0% ¡ 45.7% ¡ 43.7% ¡ 29.7% ¡ 17.3% ¡ 13.3% ¡ 7.0% ¡ 4.7% ¡ 1.7% ¡ 3.7% ¡ 40.0% ¡ 29.7% ¡ 11.7% ¡ 11.0% ¡ 3.3% ¡ 2.7% ¡ 0.0% ¡ 0.3% ¡ 0.0% ¡ 1.3% ¡ 0.0% ¡ 10.0% ¡ 20.0% ¡ 30.0% ¡ 40.0% ¡ 50.0% ¡ 60.0% ¡ 70.0% ¡ 80.0% ¡ CEO ¡ CIO ¡ CFO ¡ IT ¡Head ¡ COO ¡ CTO ¡ CSO ¡(Chief ¡ Security ¡ Officer) ¡ CSO ¡(Chief ¡ Strategy ¡ Officer) ¡ CMO ¡ Others ¡ Decision ¡Maker ¡ Key ¡Decision ¡Maker ¡

% of respondents

Survey by Frost & Sullivan, Oct 2013

"Securing Cyberspace for Economic Growth"

People First, Performance Now Ministry of Science, Technology and Innovation

• April, Target against Spamhaus – RBL provider

– 150 Gbps DDOS Traffic

• “Masterminded” by a 15 year old London boy

– 1 laptop controlling 5-7 compromised servers

• Mainly DNS amplification attack

The Largest DDDOS Ever …

Spoof DNS query from victim Send requests to an open DNS resolver asking for a copy of a larger DNS zone file (Amplification: 1 query = 100 reply)

"Securing Cyberspace for Economic Growth"

People First, Performance Now Ministry of Science, Technology and Innovation

• Hit at least 50 of which are ranked by Alexa as among the world’s

most popular 100,000

• Cdorked

– secretly redirects visitors using selected browser/OS to a compromised website that hosts the Blackhole exploit kit – attempts to find and take advantage of software vulnerabilities. – The redirect commands run in memory only, they aren’t captured by Apache logs – Does Not load additional malicious modules on the infected server – Does not attempt to redirect each and every visitor to a BlackHole site or visitors of certain language/geographical area

The Apache gets attacked by Stealth Malware

"Securing Cyberspace for Economic Growth"

People First, Performance Now Ministry of Science, Technology and Innovation

• This year most infectious botnet -

ZeroAccess (2011) – around 1 million active and infected machines – owners continue to pay their infection affiliates a significant amount of money to keep the 100,000 new infections per week going – Primary motive revolves Bitcoin mining and click fraud

Botnets are still alive

"Securing Cyberspace for Economic Growth"

People First, Performance Now Ministry of Science, Technology and Innovation

• Spear phishing

– More focused attack typically aimed at an individual with access to corporate assets – Scammers try to create an email that's apparently from a trusted source and that seems legitimate, so the victim will click on the poison link – Use owner’s public tweets and other public posts to fine-tune messages, mimicking writing style

Time to worry about your friends

"Securing Cyberspace for Economic Growth"

People First, Performance Now Ministry of Science, Technology and Innovation

• Eliminates need to work hard getting malicious

software installed on thousands of computers

• Simply by spending some money on banner ads
• The moment that ad showed up, your browser

executed a snippet of Javascript, and the attack left no traces behind …

New DDOS trick – The Browser Botnet

"Securing Cyberspace for Economic Growth"

People First, Performance Now Ministry of Science, Technology and Innovation

• Surveillance is an attempt to monitor

communications in order to prevent attacks on USA - a form of preventive security

– Questionable Effectiveness – Invasion of Privacy – Questionable Legality

• Recent revelations on spying foreign

government and commercial communications

– Drives requirement for non-standard encryptions – Close system communications

NSA and privacy

"Securing Cyberspace for Economic Growth"

People First, Performance Now Ministry of Science, Technology and Innovation

• Currently, tracks over 300

unique families of Android mobile malware

• Crossing over 1,000 new

samples every day – 30% increase in six months

• Result of:

– Wide scale manufacturer adoption of Google’s Android OS globally – available applications to extend device functionality

Raise of the Mobile Malware

"Securing Cyberspace for Economic Growth"

People First, Performance Now Ministry of Science, Technology and Innovation

• An Andriod malware that pretends to provide malware

and virus protection to the victim’s phone – About six hours after FakeDefender is installed, it will lock the victim’s phone with an image of pornography and a link to purchase software that will clean up the phone. – searches for key files on the phone and erases them, in the hopes of preventing restoration of the phone from a backup file.

The Birth of Mobile Ransomware

"Securing Cyberspace for Economic Growth"

People First, Performance Now Ministry of Science, Technology and Innovation

• The password-only security model is dead

– Easily downloadable tools today can crack a simple four or five character password in only a few minutes – Using new cloud-based password cracking tools, attackers can attempt 300 million different passwords in only 20 minutes at a cost of less than $20 USD

• Twitter, Microsoft’s Outlook.com, Dropbox, Evernote and Facebook

have all introduced some type of multi-factor authentication to their products.

• Easily for users:

– iPhone 5S Fingerprint Scanner – Mobile Tokens

Primetime for 2FA

"Securing Cyberspace for Economic Growth"

People First, Performance Now Ministry of Science, Technology and Innovation

• New evasion techniques against file analysis

solutions

– Requires human interaction – VM detection – Environment check (versions, time, etc)

• Debates over adoption of such security

measures

– Cost effectiveness, privacy, if AV engine is still relevant …

New Battlefield – Virtual OS Sandboxing

"Securing Cyberspace for Economic Growth"

People First, Performance Now Ministry of Science, Technology and Innovation

• Founded in 2000, original name –

APSecure

• IPO in 2009
• Staff strength of over 2,200 with 30+
• ffices globally.
• Pioneered integrated security platform

– 133 patents; 106 pending – Over 1.25 Million units shipped to more than 160,000 customers – Leading-edge diversified product portfolio

Facts about Fortinet

(That you might not know)

A Leader in Network Security

One of the 3 Largest Network Security Vendors Worldwide Fastest Growing Top-5 Security Appliance Vendor Worldwide

• Leader in Unified Threat

Management (UTM) MQ Since 2009 World #1 in Unified Threat Management

"Securing Cyberspace for Economic Growth"

Fortinet 3rd largest Network Security Vendor

(1) IDC Worldwide Security Appliances Tracker, September 2013 (market share based on factory revenue) Notes

Worldwide Security Appliance Market Share Q2 2013 (1)

Rank ¡ Company ¡ Market ¡ Share ¡(%) ¡ Growth ¡Y/Y ¡

1 ¡ Cisco ¡ ¡ ¡ ¡ ¡ ¡16.2 ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡0% ¡ 2 ¡ Check ¡Point ¡ ¡ ¡ ¡ ¡ ¡12.5 ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡4% ¡ 3 ¡ ¡ ¡ ¡ ¡ ¡6.2 ¡ ¡ ¡ ¡ ¡ ¡ ¡13% ¡ 4 ¡ Juniper ¡ ¡ ¡ ¡ ¡ ¡5.5 ¡ ¡ ¡ ¡ ¡ ¡(19%) ¡ 5 ¡ Blue ¡Coat ¡ ¡ ¡ ¡ ¡ ¡5.1 ¡ ¡ ¡ ¡ ¡ ¡ ¡61% ¡ 6 ¡ McAfee ¡ ¡ ¡ ¡ ¡ ¡5.0 ¡ ¡ ¡ ¡ ¡ ¡ ¡10% ¡ 7 ¡ Palo ¡Alto ¡Networks ¡ ¡ ¡ ¡ ¡ ¡4.8 ¡ ¡ ¡ ¡ ¡ ¡ ¡48% ¡ 8 ¡ Barracuda ¡ ¡ ¡ ¡ ¡ ¡2.9 ¡ ¡ ¡ ¡ ¡ ¡ ¡16% ¡ 9 ¡ Others ¡ ¡ ¡ ¡ ¡41.8 ¡

Total ¡ ¡ ¡ ¡ ¡100% ¡ Market ¡Size ¡ ¡ ¡ ¡$8.5 ¡Bil. ¡ 0% 5% 10% 15% 20%

2010 2011 2012 Q2'13

Market Share

Market Trending – 3 Years CSCO CHKP JNPR FTNT

"Securing Cyberspace for Economic Growth"

Top 10 Fortune 500 Top 10 Global 500 Banks Top 5 Global Carriers

"Securing Cyberspace for Economic Growth"

Certifications – 3rd Party testing

"Securing Cyberspace for Economic Growth"

SMB MSSP Carrier Data Center

Comprehensive security solutions for all type of locations and

• rganizations with FortiGate

Enterprise

Data Center / MSSP / Cloud / Carrier Branch Office/ Stores /SMB Head Quarters

INTERNET

Distributed Enterprise

Virtual Firewall Data Center Firewall GTP Firewall LTE SeGW CGN / Gi Firewall SIP/SCTP Firewall Mobile Users Edge Firewall Branch Firewall UTM CPE

2 FA

BYOD

"Securing Cyberspace for Economic Growth"

Addressing Advanced Threat Protection (ATP)

Malicious URLs Blocking Anti-Malware Botnet Blacklisting Anti-Botnet (App Control) FortiGuard Security Update Services

FortiSandbox

On Premise Sandbox Appliance

FortiCloud Sandbox

Cloud Based Sandbox Service

Muti-layered defense against Malwares

"Securing Cyberspace for Economic Growth"

Summary

• Rethinking your IT security
• Go back to basic
• Revisit Policy and

Governance

"Securing Cyberspace for Economic Growth"

Thank You

gchang@fortinet.com