the new order of security
play

The New Order of Security George Chang Vice President, Southeast - PowerPoint PPT Presentation

Sep 16, 2022 •164 likes •395 views

People First, Ministry of Science, Performance Now Technology and Innovation 10010101010 010110101101 110010110101 001010110010 101010110101 "Securing Cyberspace for Economic Growth" The New Order of Security George Chang Vice

  1. People First, Ministry of Science, Performance Now Technology and Innovation 10010101010 010110101101 110010110101 001010110010 101010110101 "Securing Cyberspace for Economic Growth" The New Order of Security George Chang Vice President, Southeast Asia and Hong Kong gchang@fortinet.com 14 November 2013 10010101010 "Securing Cyberspace for Economic Growth" 010110101101 110010110101 001010110010 101010110101

  2. Key Note: : All four countries attribute high levels of importance towards IT security, with Malaysia registering the highest level. How important is IT Security to your overall business setup? Mean Score ( 1 � Not important at all | 5 � Very important) 4.32 4.51 4.27 4.25 4.25 100% ¡ 0.0% ¡ 1.0% ¡ 1.3% ¡ 1.3% ¡ 1.3% ¡ 5.3% ¡ 11.7% ¡ 10.7% ¡ 12.0% ¡ 18.7% ¡ 80% ¡ % of respondents 34.7% ¡ 41.7% ¡ Not ¡Important ¡At ¡All ¡ 48.0% ¡ 46.7% ¡ 37.3% ¡ 60% ¡ Not ¡important ¡ Neutral ¡ 40% ¡ Important ¡ 58.7% ¡ Very ¡Important ¡ 45.7% ¡ 44.0% ¡ 20% ¡ 40.0% ¡ 40.0% ¡ 0% ¡ Overall ¡ Malaysia ¡ Singapore ¡ Hong ¡Kong ¡ Thailand ¡ Survey by Frost & Sullivan, Oct 2013 10010101010 "Securing Cyberspace for Economic Growth" 010110101101 110010110101 001010110010 101010110101

  3. Key Note: The majority of respondents treat IT security as important from the viewpoints of securing data and protecting against external threats. How important is the IT Security to your overall business setup? Not ¡ important ¡ Top 5 reasons why IT security is 1% ¡ considered important: Neutral ¡ (Very Important & Important) 12% ¡ To ¡secure ¡data ¡and ¡informaJon ¡ 49.6% ¡ Protect ¡against ¡external ¡aNacks ¡ 15.3% ¡ Important ¡ 42% ¡ Ensure ¡confidenJality ¡ 11.5% ¡ Very ¡ CriJcal ¡to ¡overall ¡business ¡ 7.3% ¡ Important ¡ 45% ¡ Ensure ¡reliability ¡ 5.3% ¡ % of respondents N = 300 Survey by Frost & Sullivan, Oct 2013 10010101010 "Securing Cyberspace for Economic Growth" 010110101101 110010110101 001010110010 101010110101

  4. Key Note: Singapore organizations are more likely to view APT solutions as being highly critical, whilst Hong Kong organizations are more focused on DDoS prevention solutions. How would you rate the criticality of the respective IT security solutions listed below to your What are your opinions towards the following statements What are your opinions towards the following statements What are your opinions towards the following statements What are your opinions towards the following statements overall security posture? ApplicaJon ¡Security ¡ Overall ¡ Data ¡Security ¡ Network ¡Security ¡ Singapore ¡ Database ¡Security ¡ Endpoint ¡Security ¡ Thailand ¡ Wireless ¡Security ¡ DDoS ¡PrevenJon ¡SoluJon ¡ Malaysia ¡ Cloud/VirtualizaJon ¡ Security ¡ Advanced ¡Persistent ¡Threat ¡ (APT) ¡SoluJon ¡ Content ¡Security ¡ Hong ¡Kong ¡ Managed ¡Security ¡Services ¡ 3.50 ¡ 3.60 ¡ 3.70 ¡ 3.80 ¡ 3.90 ¡ 4.00 ¡ 4.10 ¡ 4.20 ¡ 4.30 ¡ Mean Score (1 � Not critical at all | 5 � Very critical) Critical Survey by Frost & Sullivan, Oct 2013 10010101010 "Securing Cyberspace for Economic Growth" 010110101101 110010110101 001010110010 101010110101

  5. Key Note: The CEO’s participation in IT security decision making is higher than that of the CIO. CFOs also have a high participation rate and high degree of influence, compared to IT Heads. What are your opinions towards the following statements Who are the people involved in the decision making process for IT Security spending? What are your opinions towards the following statements What are your opinions towards the following statements 80.0% ¡ 70.0% ¡ 69.0% ¡ Decision ¡Maker ¡ 60.0% ¡ Key ¡Decision ¡Maker ¡ % of respondents 50.0% ¡ 40.0% ¡ 45.7% ¡ 40.0% ¡ 43.7% ¡ 29.7% ¡ 30.0% ¡ 29.7% ¡ 20.0% ¡ 11.7% ¡ 11.0% ¡ 17.3% ¡ 10.0% ¡ 13.3% ¡ 3.3% ¡ 2.7% ¡ 0.3% ¡ 7.0% ¡ 0.0% ¡ 4.7% ¡ 1.7% ¡ 3.7% ¡ 1.3% ¡ 0.0% ¡ 0.0% ¡ CEO ¡ CIO ¡ CFO ¡ IT ¡Head ¡ COO ¡ CTO ¡ CSO ¡(Chief ¡ CSO ¡(Chief ¡ CMO ¡ Others ¡ Security ¡ Strategy ¡ Officer) ¡ Officer) ¡ Survey by Frost & Sullivan, Oct 2013 10010101010 "Securing Cyberspace for Economic Growth" 010110101101 110010110101 001010110010 101010110101

  6. People First, Ministry of Science, Performance Now Technology and Innovation The Largest DDDOS Ever … • April, Target against Spamhaus – RBL provider – 150 Gbps DDOS Traffic • “Masterminded” by a 15 year old London boy – 1 laptop controlling 5-7 compromised servers • Mainly DNS amplification attack Send requests to an open DNS resolver asking for a copy of a larger DNS zone Spoof DNS query from file victim (Amplification: 1 query = 100 reply) 10010101010 "Securing Cyberspace for Economic Growth" 010110101101 110010110101 001010110010 101010110101

  7. People First, Ministry of Science, Performance Now Technology and Innovation The Apache gets attacked by Stealth Malware • Hit at least 50 of which are ranked by Alexa as among the world’s most popular 100,000 • Cdorked – secretly redirects visitors using selected browser/OS to a compromised website that hosts the Blackhole exploit kit – attempts to find and take advantage of software vulnerabilities. – The redirect commands run in memory only, they aren’t captured by Apache logs – Does Not load additional malicious modules on the infected server – Does not attempt to redirect each and every visitor to a BlackHole site or visitors of certain language/geographical area 10010101010 "Securing Cyberspace for Economic Growth" 010110101101 110010110101 001010110010 101010110101

  8. People First, Ministry of Science, Performance Now Technology and Innovation Botnets are still alive • This year most infectious botnet - ZeroAccess (2011) – around 1 million active and infected machines – owners continue to pay their infection affiliates a significant amount of money to keep the 100,000 new infections per week going – Primary motive revolves Bitcoin mining and click fraud 10010101010 "Securing Cyberspace for Economic Growth" 010110101101 110010110101 001010110010 101010110101

  9. People First, Ministry of Science, Performance Now Technology and Innovation Time to worry about your friends • Spear phishing – More focused attack typically aimed at an individual with access to corporate assets – Scammers try to create an email that's apparently from a trusted source and that seems legitimate, so the victim will click on the poison link – Use owner’s public tweets and other public posts to fine-tune messages, mimicking writing style 10010101010 "Securing Cyberspace for Economic Growth" 010110101101 110010110101 001010110010 101010110101

  10. People First, Ministry of Science, Performance Now Technology and Innovation New DDOS trick – The Browser Botnet • Eliminates need to work hard getting malicious software installed on thousands of computers • Simply by spending some money on banner ads • The moment that ad showed up, your browser executed a snippet of Javascript, and the attack left no traces behind … 10010101010 "Securing Cyberspace for Economic Growth" 010110101101 110010110101 001010110010 101010110101

  11. People First, Ministry of Science, Performance Now Technology and Innovation NSA and privacy • Surveillance is an attempt to monitor communications in order to prevent attacks on USA - a form of preventive security – Questionable Effectiveness – Invasion of Privacy – Questionable Legality • Recent revelations on spying foreign government and commercial communications – Drives requirement for non-standard encryptions – Close system communications 10010101010 "Securing Cyberspace for Economic Growth" 010110101101 110010110101 001010110010 101010110101

  12. People First, Ministry of Science, Performance Now Technology and Innovation Raise of the Mobile Malware • Currently, tracks over 300 unique families of Android mobile malware • Crossing over 1,000 new samples every day – 30% increase in six months • Result of: – Wide scale manufacturer adoption of Google’s Android OS globally – available applications to extend device functionality 10010101010 "Securing Cyberspace for Economic Growth" 010110101101 110010110101 001010110010 101010110101

  13. People First, Ministry of Science, Performance Now Technology and Innovation The Birth of Mobile Ransomware • An Andriod malware that pretends to provide malware and virus protection to the victim’s phone – About six hours after FakeDefender is installed, it will lock the victim’s phone with an image of pornography and a link to purchase software that will clean up the phone. – searches for key files on the phone and erases them, in the hopes of preventing restoration of the phone from a backup file. 10010101010 "Securing Cyberspace for Economic Growth" 010110101101 110010110101 001010110010 101010110101

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Higher-Order Model Checking: Principles and Applications to Program Verification and Security

Higher-Order Model Checking: Principles and Applications to Program Verification and Security

Higher-Order Model Checking: Principles and Applications to Program Verification and Security Part I: Types and Recursion Schemes for Higher-Order Program Verification Part II: Higher-Order Program Verification and Language-Based Security

836 views • 54 slides
Formal Analysis of the Entropy / Security Trade-off in First-Order Masking Countermeasures

Formal Analysis of the Entropy / Security Trade-off in First-Order Masking Countermeasures

Introduction RSM: Rotating Sboxes Masking Information Theoretic Evaluation of RSM Security Evaluation of RSM against CPA and 2O-CPA Conclusions and Perspectives Formal Analysis of the Entropy / Security Trade-off in First-Order Masking

539 views • 38 slides
CSE 154 LECTURE 25: WEB SECURITY Our current view of security until now, we have assumed:

CSE 154 LECTURE 25: WEB SECURITY Our current view of security until now, we have assumed:

CSE 154 LECTURE 25: WEB SECURITY Our current view of security until now, we have assumed: valid user input non-malicious users nothing will ever go wrong this is unrealistic! The real world in order to write secure code,

445 views • 18 slides
CSc 337 LECTURE 24: SECURITY Our current view of security until now, we have assumed:

CSc 337 LECTURE 24: SECURITY Our current view of security until now, we have assumed:

CSc 337 LECTURE 24: SECURITY Our current view of security until now, we have assumed: valid user input non-malicious users nothing will ever go wrong this is unrealistic! The real world in order to write secure code, we

211 views • 18 slides
CSE 154 LECTURE 26: WEB SECURITY Our current view of security until now, we have assumed:

CSE 154 LECTURE 26: WEB SECURITY Our current view of security until now, we have assumed:

CSE 154 LECTURE 26: WEB SECURITY Our current view of security until now, we have assumed: valid user input non-malicious users nothing will ever go wrong this is unrealistic! The real world in order to write secure code,

210 views • 18 slides
STRONG ORDER INTAKE IN CORPORATE SECURITY AGENDA Highlights from Q3 Market update

STRONG ORDER INTAKE IN CORPORATE SECURITY AGENDA Highlights from Q3 Market update

Samu Konttinen, CEO Interim Results Q3/2016 3 November, 2016 STRONG ORDER INTAKE IN CORPORATE SECURITY AGENDA Highlights from Q3 Market update Business update Outlook Financials KEY TAKEAWAYS FROM Q3 Corporate security

788 views • 32 slides
International Security, Multilateralism and World (Dis)Order: Is there a Southern Perspective?

International Security, Multilateralism and World (Dis)Order: Is there a Southern Perspective?

International Security, Multilateralism and World (Dis)Order: Is there a Southern Perspective? Conference at University Torcuato di Tello, Buenos Aires, Argentina, August 16-17, 2007 Session III: State Crisis, Intra-state Conflict and the

242 views • 10 slides
Reducing a Masked Implementations Effective Security Order with Setup Manipulations And an

Reducing a Masked Implementations Effective Security Order with Setup Manipulations And an

Crypto. group SWORD Reducing a Masked Implementations Effective Security Order with Setup Manipulations And an Explanation Based on Externally-Amplified Couplings Itamar Levi, Davide Bellizia and Franois-Xavier Standaert Aug. 2018 Moti

298 views • 27 slides
A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection

A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection

A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and

296 views • 14 slides
Very High-Order Masking: Efficient Implementation and Security Evaluation Anthony Journault and

Very High-Order Masking: Efficient Implementation and Security Evaluation Anthony Journault and

Very High-Order Masking: Efficient Implementation and Security Evaluation Anthony Journault and Franois-Xavier Standaert UCL (Louvain-la-Neuve, Belgium) CHES 2017, Taipei, Taiwan Outline Background Masking Barthe et al. masking

614 views • 48 slides
Higher-Order Side Channel Security and Mask Refreshing J.-S. Coron,E. Prouff, M. Rivain and T.

Higher-Order Side Channel Security and Mask Refreshing J.-S. Coron,E. Prouff, M. Rivain and T.

Higher-Order Side Channel Security and Mask Refreshing J.-S. Coron,E. Prouff, M. Rivain and T. Roche thomas.roche@ssi.gouv.fr FSE 2013 March 2013 T. Roche, ANSSI Higher-Order Side Channel Security and Mask Refreshing Side Channel Analysis

1.14k views • 75 slides
York University www.cs.york.ac.uk/~ndm First order vs Higher order Higher order:

York University www.cs.york.ac.uk/~ndm First order vs Higher order Higher order:

First Order Haskell Neil Mitchell York University www.cs.york.ac.uk/~ndm First order vs Higher order Higher order: functions are values Can be passed around Stored in data structure Harder for reasoning and analysis More

483 views • 15 slides
COVID-19: Where are the women? Clare Wenham In order to understand the state of health

COVID-19: Where are the women? Clare Wenham In order to understand the state of health

COVID-19: Where are the women? Clare Wenham In order to understand the state of health security for all people on the planet we need to understand the embodied realities of peoples lives that Feminist result in health security for some

303 views • 27 slides
Presentation by Ambassador Smail Chergui, AU Commissioner for Peace and Security at the Munich

Presentation by Ambassador Smail Chergui, AU Commissioner for Peace and Security at the Munich

Presentation by Ambassador Smail Chergui, AU Commissioner for Peace and Security at the Munich Security Conference Munich, 12-14 February 2016. Panel on Africa and the Global Security Order Excellencies, Ladies and Gentlemen, It

533 views • 7 slides
ORC Chapter 420-3-26-.15 and 10 CFR Part 37 Changes to Physical Security Protection Requirements

ORC Chapter 420-3-26-.15 and 10 CFR Part 37 Changes to Physical Security Protection Requirements

ORC Chapter 420-3-26-.15 and 10 CFR Part 37 Changes to Physical Security Protection Requirements A Brief History of Security Measures - 11/14/05 - EA-05-090: NRC Order Imposing Increased Controls (IC). In Alabama the Orders were implemented by

498 views • 27 slides
Review May 2017 Current Activity Order DEVELOPING INDUSTRY SKILLS . Certificate I in Security

Review May 2017 Current Activity Order DEVELOPING INDUSTRY SKILLS . Certificate I in Security

DEVELOPING INDUSTRY SKILLS . Security Operations Review May 2017 Current Activity Order DEVELOPING INDUSTRY SKILLS . Certificate I in Security Operations; (relevance?) Certificate II in Security Operations; and Certificate III in Security

649 views • 20 slides
Tesserent Limited AGM 2016 23 rd NOVEMBER 2016 Disclaimer This presentation has been prepared

Tesserent Limited AGM 2016 23 rd NOVEMBER 2016 Disclaimer This presentation has been prepared

Tesserent Limited AGM 2016 23 rd NOVEMBER 2016 Disclaimer This presentation has been prepared by Tesserent Limited (the "Company"). It does not purport to contain all the information that a prospective investor may require in

492 views • 25 slides
Tesserent Limited December 2015 Disclaimer Forward-Looking Statements This presentation has

Tesserent Limited December 2015 Disclaimer Forward-Looking Statements This presentation has

Tesserent Limited December 2015 Disclaimer Forward-Looking Statements This presentation has been prepared by Tesserent Limited and contains background information about Tesserent Limited current at the date of this presentation. The

467 views • 19 slides
PPE ESSENTIALS PPE KIT : Coverall Face Shield (Optional) Safety Goggles 3 Play

PPE ESSENTIALS PPE KIT : Coverall Face Shield (Optional) Safety Goggles 3 Play

PPE ESSENTIALS PPE KIT : Coverall Face Shield (Optional) Safety Goggles 3 Play Surgical Mask Shoe Cover Disposable Bag Hand Sanitizers PPE ESSENTIALS MASKS I95s, N95s, KN95s, Others 3 PLY SURGICAL MASK : I

500 views • 15 slides
Shibin El Kom Free Zone, Menofia, Egypt. TEL: +20482323837 FAX: +20482323836

Shibin El Kom Free Zone, Menofia, Egypt. TEL: +20482323837 FAX: +20482323836

Shibin El Kom Free Zone, Menofia, Egypt. TEL: +20482323837 FAX: +20482323836 E-MAIL:munawer@needlecraftegypt.com LOCATION INTRODUCTIONS Needle Craft was established in 2006 producing mens, women and children apparel. It

433 views • 28 slides
Magnet Schools Assistance Program Magnet Schools of America Winter Conference February 17, 2017

Magnet Schools Assistance Program Magnet Schools of America Winter Conference February 17, 2017

Magnet Schools Assistance Program Magnet Schools of America Winter Conference February 17, 2017 U.S. Department of Education Office of Innovation and Improvement Office of Parental Options and Improvement Programs Agenda FY 2017 MSAP Grant

333 views • 32 slides
Best Practices in Content Marketing Anna Byrne @annammlb Best Practices in Content Marketing 1.

Best Practices in Content Marketing Anna Byrne @annammlb Best Practices in Content Marketing 1.

Best Practices in Content Marketing Anna Byrne @annammlb Best Practices in Content Marketing 1. Understanding What Content is 2. and Why its Worthwhile 3. Develop Customer Personas 4. Vary Content Types 5. Develop a Content Editorial

405 views • 38 slides
City of Covington, Kentucky FY 2015-2016 City Manager Recommended Budget May 18, 2015 City

City of Covington, Kentucky FY 2015-2016 City Manager Recommended Budget May 18, 2015 City

City of Covington, Kentucky FY 2015-2016 City Manager Recommended Budget May 18, 2015 City Budget FY 2015-16 All Revenues Non-major 2015-2016 Budget Government General Fund Combined Housing Voucher Capital General Fund Program

1.12k views • 81 slides
Building a Data Science Capability from Scratch Victor Hu Head of Data Science QCon - March2017

Building a Data Science Capability from Scratch Victor Hu Head of Data Science QCon - March2017

Building a Data Science Capability from Scratch Victor Hu Head of Data Science QCon - March2017 Contents Background QBE Context The five challenges: 1. Buy-in -- creating a corporate ambition for data science 2. Team

363 views • 24 slides

More recommend