The Changing Nature Of Cyber Crime,

Attackers, Counter Measures and

New Models For Defense In Depth

Speaker: Charles Kolodgy

Chris McKillop: Hello, and Welcome to a SearchSecurity.Com presentation, ‘The
Changing Nature Of Cyber Crime, Attackers, Counter Measures and New Models For
Defense In Depth’. This presentation is being brought to you by ESET. For more
information on ESET you can click on their logo in the lower portion of your screen. My
name is Chris McKillop and I will be moderator for the today’s presentation. Joining me
today is Charles Kolodgy, Research Director for IDC Security Products. Before we
begin the presentation, I would like to review a few housekeeping items with you. The
slides to this presentation will be pushed to your screen automatically. If any of our
attendees have any questions today, Charles will be located in the booth chat of today’s
live ESET Interactive Resource Center for questions. Now that said, I am going to turn
things to Charles Kolodgy to begin this presentation. Charles?

The Risk Equation:

An Analyst’s View

Charles Kolodgy
Research Director
IDC

Copyright 2009 IDC. Reproduction is forbidden unless authorized. All rights reserved.
Charles Kolodgy: Thank you Chris and thank you Jeff for your presentation for
providing great information on the qualitative and quantitative aspects of risk analysis.
And as a market analyst and security analyst, I am going build on what Jeff spoke about
and provide information on some additional data that can help you with your risk
calculation.

Risks Everywhere

© 2009 IDC

Next please. As this graphic, this picture kind of shows, you know risks are everywhere
and so irrespective of the methodology that we use to calculate the risk you know, we try
to do math formulas or other qualitative issues of how you calculate risks and look at
risks, it is everywhere and the components of the risk are the same. It is what is bad or
what is the dangerous element and what you can do to help prevent that. So we are going
to get into that in the IT world in a little more detail, kind of try to put some meat on the
bones of this issue and what it means to all of us.
 The Risk Equation Agenda

• My Risk Equation

• Asset Value

• Vulnerabilities

• Threats – New World

– Examples

• Counter Measures – Defense in Depth

• Analyst Thoughts
© 2009 IDC

So next, so my agenda for today is I am going to give my risk equation, something that I
have been playing with and talking to people with and again as an analyst it is the work in
progress and the rest of the discussions is kind of going to build off on that and that it is
the beginning and we are going to talk about asset value, we are going to talk
vulnerabilities, we are going to talk about threats and I am going to give you some
examples on how threats have been changing and what their issues are and then really I
want to deal with those counter measures and Jeff kind of talked about that and I am
going into that more issues and talk about defense in depth and just as a foreshadowing, I
am going to talk about different concepts of defense in depth and finally we will give
some analyst stocks on what this report. So we are going into the next slide please and
the next slide is my risk equation and you know it is an equation that is similar to other
peoples and it has grown overtime from what used to be just vulnerabilities, times threats
equals risks and now we add other things such as asset values and the probability of a
vulnerability being important, the probability of a threat and what its impact and then
counter measures and again, Jeff kind of talked about the risk mitigation components and
I talked about counter measures which are designed to reduce the impact of
vulnerabilities and threats, reduce their power over you. So that is going to be something
we are going to talk about a lot more as we go into again the counter measures aspect and
what that means to us and for us in the future. So let us go into the components of my
risk equation at least and define some of those elements. So next slide please.
 Asset Value

• Enterprise Value resides in Bits not Atoms

– Intellectual Property
– Business Plans and Operations
– Emails

• IT Infrastructure
– All are equal but some are more equal

• Productivity
– Uptime
– Access
– Help Desk Calls
– Automation

© 2009 IDC

So Asset value, I put that first here, originally I had some of the other aspects but now
when I really think about the asset value, what you are trying to protect are really the key
aspects of everything and you know as our enterprises as our information technology
grown has the value that the company has the important knowledge and resources, many
of those resides in bits not atoms. So it is what you know, it is the context that you have,
it is the models that help you decide what business decisions to make, medical records in
many cases have a value reside in bits in that issue. So intellectual property, business
plans and even E-mails, right? So much value of our companies’ activities are just down
to E-mails and what that means. The IT infrastructure, when I talk about IT
infrastructure and taking some animal farm you know all IT infrastructures are equal but
some are more equal than others and that would be you know your E-mail servers may
have more value than a regular server or your web application servers, ones that are
providing information to customers, may not have the same value to you as a
transactional server.

Different laptops, desktops, the intrinsic value of the machine is the same but the value
on the information is different, so those have to be taken into account, it is not just what it
does, but what it has. And I have also added to asset value productivity, like how much
impact does an asset have to your company’s working, about the uptime, about access,
about how it is going to impact how an activity will impact your help desk, how
automation can improve your productivity or make your productivity less. You now I
think we need to consider security in this space too, in this productivity space. You know
you have look at the impact that your security will have on your productivity, especially
you know system resources consumption, you know as we look at endpoint security in
many cases, that is a very important consideration when you are looking at what is going
on with your assets, you know are they functioning well, if they are not, why not and the
security needs to be part of that consideration too. So that is the summary of asset value,
I think it is very critical to look at what the assets are that are being protected, the data
that is being protected and how it impacts on your business and everything else.

Vulnerabilities - Software
• 99% of security breaches target
known vulnerabilities. (CERT)
• OSes, browsers, applications, games
• Vulnerabilities Don’t go away
• Window of Exposure Remains
• Zero Day Exploit Problem
Window of Exposure

Exploit
Patch 50%
Written Exploit
Vulnerability Testing Patches All Patches
Popularized
Patch Released Installed Installed

© 2009 IDC

Next slide is Vulnerabilities and to kind of just summarize these into software
vulnerabilities, that is really what we deal with in the information technology and you see
is you know known vulnerabilities are the main of the existence of the security world.
We know what is bad out there, we are not always able to prevent it, to stop it, primarily
because it is so ubiquitous in that they are in all types of software, be they operating
systems or gains or applications that you buy from someone else, applications that you
design on your own and you know the vulnerabilities don’t go away, it is you know once
you are aware that vulnerability does not go away, it is still there. Now when we get into
talking about the issue of counter measures now, if you patch something, you counter
measure the vulnerability but the vulnerability is still there. The window of exposure
remains, which is as you can see it from the graphic there, with an exploit is written and
normally we define it when about 50% of the patches are installed but if you are one of
the people in the 49% that have not installed the patch, and have not done some other
counter measures, your window of exposure is much longer and will continue until it is
patched. So windows of exposure have been growing because when of the vulnerability
is released the attackers get out there and find that vulnerability and write and exploit
because they are trying to beat you to the patch, trying to beat you to the patch. So it is
the aspect of vulnerability, and I think we are well aware of that and I want to get on to
other things. The next slide please, this slide just I wanted to give you some resources so
that we when you are trying to figure what your risk is associated with vulnerabilities,
they have some sources to go there and you know your software vendors just gave some
examples of where to find those vendors but the U.S. Government has a lot of
informations on vulnerabilities and the NVD, National Vulnerability Database, that list
maintains and has a lot of great information or your top 20 SANs provide information
there. This sort of would be useful to give you that information to pass on something.

Vulnerabilities – Attack Surfaces

Office Apps
OSs
VMs
Enterprise
Laptops Apps

PDAs
Web
Apps
Mobile
Proliferation of
Phones
Attack Surfaces
Web 2.0
VoIP
IM
eMail

© 2009 IDC

So the next slide and talking about vulnerabilities is the attack surface. So just like the
window of exposure which is time, that is an issue, element of time, and that is growing
then, the growing attack surface which is the What, primarily, you get and What, you
know we used to just be able to worry about the OS aspect, may be the E-mail and E-mail
is more controlled, now we have a lot of web E-mails, you have instant messaging, lot of
web applications, social networking, mobile phones, all of those are now areas that can
be attacked. So we have actually increased the proliferation of attack surfaces which also
make to the window of exposure of the time needed to protect those much more difficult
and much more abusing. So just some these two aspects of the vulnerabilities, is the
window of exposure and the attack surface make things a lot more difficult. And then
next slide, also really shows that the vulnerabilities are growing and this is also areas for
continued attack surface growth, Web 2.0. So vulnerability for enterprises because of
Malware distribution there in the left hand corner where IDC predicts that these type of
applications will become major source of Malware distribution, they have been and you
know the other issue is there kind of on the right hand side, where office workers believe
that you should be able to access this information from their work computes for personal
reasons, so that greatly expands the opportunity for the Malware distribution but is jet
point without the loss of critical data through data loss, is part of this equation, so Web
2.0, very important technology from a business point of view, it does provide you with a
lot of opportunities, but on the other side it also is a vulnerability.
 Vulnerabilities - Compliance

Compliance Security

Regulatory compliance should be treated as a vulnerability within a risk

management program

“Hackers may find you, auditors

WILL find you.”

© 2009 IDC

Now this next slide I do not know how many people talked about vulnerabilities being
part of compliance. Compliance being part of vulnerabilities but I do, I talk about it
being a vulnerability and not because I am saying that you know you need to consider the
vulnerability because it is bad or it is going to cause you damage because you know there
are spy-ins for potentially for not being compliant or whatever, but I would like to it
really to be considered as something that allows you, that you need to use the systems
and vulnerabilities and risk management overall to track your progress towards
compliance, the same way you need to track your progress towards handling other
vulnerabilities; you should be able to track your progress for compliance in that same
manner. So, its part of this solution primarily because it is something to look at to ensure
that I am covering all of my bases and you know as compliance, kind of what we say
here, it does not really equal security but you need security to match up with compliance
across a wide range of elements and the best way to have your security match up to that
wide range of compliance requirements for multiple regulations in dealing with multiple
auditors is to build it in to your risk management environment and consider it as a
vulnerability, so I am not kind of one person that talks about this, not many others you
would have in this area.
 Threats - Environment

• 1988: 1,738

Malware is Multiplying • 1998: 177,615

• 2008: 1,100,000+

• Blended Threats

Malware Sophisticated • 13 unique variants every minute

• Toolkit created

• Legitimate websites link to malware

Exploiting Web • Web multi-media expoited

• Weak browser security

© 2009 IDC

So next, a threat environment, just a quick look here, we are all pretty familiar with that.
You know, Malwares, multiplying into millions of different variations of different
Malware. It is getting much more sophisticated because it will be cutting across many
different disciplines. It is easy to create through the help developmental tool kits as a
business analyst, and security analyst, it is interesting to watch the progress of the
Malware market so to speak, development of a market or developing Malware and
exploiting the web, kind of alluded to that in the web 2.0 issue, where the general
websites linked to Malware, someone gets on and puts a link in, you know, that users
comment on something or provide a review or testimonial, they can just put it on the web
or someone could embed a link and that will send a person to a Malware site to some
other site that will be exploited. So a lot of issues with exploiting the web in that area
again, we are kind of well versed on that and I do not want to dwell on it, so we are going
to move on to the next slide.
 Threats: Perceptions
Q: Please rate the items below on threat each poses to your company's enterprise security.

Malware 27% 36% 22% 13% 2%

Employee inadvertent release of information 26% 33% 18% 15% 8%

Spyware 17% 36% 26% 16% 5%

Hackers 15% 27% 30% 21% 6%

Data stolen by insider 15% 23% 28% 20% 13%

Misconfiguration of devices 14% 29% 29% 20% 9%

Insider sabotage 14% 17% 31% 22% 15%

Application vulnerabilities 12% 27% 34% 21% 6%

SPAM 11% 24% 30% 27% 7%

Deployment of new technology 9% 20% 39% 23% 9%

0% 25% 50% 75% 100%

Source IDC Enterprise Security Survey, 2009 N=267
Significant Threat (5) 4 3 2 No Threat (1)

© 2009 IDC

And this is just the next slide that kind of again as an analyst, I want to present what
research we have, what other people see so, we ask, we do a survey every year and we
ask questions, you know, please rate the items that threats posed to your accompany and
interesting so graphic is here, the people are from 1 to 5 with 5 being more significant
Malware is the number one issue. That has been number one, I think we have done the
survey for at least six or seven years, Malware has been number one every year, say one
and the year that it was not number one, employees inadvertent release of information
was number one, and Malware number two. So you can see here the gap is relatively
narrow in persons’ perceptions of these threats and so they remain pretty much locked at
in one and two, Spyware and hackers, come in second or third. So those are what other
people that we did surveys, consider the greatest threats you can take and relate that to
your own position.
 Threats: Players
Professionals
Organized Crime Credit Cards
Foreign Intelligence
Identity Theft
Web Site Defacement
Financial Gain Hackers for Hire
Amateurs
Denial of Service Insiders
Trust Data Leaks
Thrill Seekers Partners
Policy Violations
Script Kiddies
Vandals
System Downtime Employees

© 2009 IDC

So the next slide, this slide talks about the players, now IDC has talked about
professionals in this being drivers for a lot of the problems. A lot of the threats that are
coming in, we’ve got organized crime, we’ve got foreign intelligence agencies, we’ve got
Hackers for Hire, they are all out there after financial gain and so they are the top kind of
pyramid here as opposed to a cyclone. Number one amateurs, you know they are kind of
the noise level, they can do a lot of bad things, they can you know cause you some web
defacement and do damage to our servers but they are not really out after financial gain
per se, that’s left to the professionals and the insiders as we noted before, people are
really concerned about insiders doing things by accident and in many cases that lead to
data loss or policy violation. So these are the players that we need to consider when we
consider threats. So when you are trying to make your determination as to what the risk
is you know, is the potential attacker an amateur or is it going to be a professional or is it
is going to be someone who is inside or what the combination of the three are because we
are behind to see that organized crime professional organizations, have been able to get
people hired as insiders whose purpose isn’t to do the work usually for their company,
their ultimate purpose is to take information and open up the system to attack. So those
are the players in the threat area.
 Threats: Example - Conficker
“The Conficker Worm:
April Fool’s Joke or
Unthinkable
Disaster?”

“Conficker
worm spikes,
infects 1.1
million PCs in
<24 hours”

© 2009 IDC

So next, I promised talking a little about the examples, and I think Conficker is one of the
best examples that we can take here, because it was high on maneuvers last spring, it was
60 minutes to the sampling. And if you would like me, you got a lot of questions from
people who saw that, you know what does it mean, so it is just to give a quick rundown.
It was a simple worm, it exploited the known Windows vulnerability that came out in
November and was patchable and the worm’s exploits were continuing to grow and the
worm spread but didn’t seem to do anything. There was no purpose. There was no
execution, it just existed, had the opportunity to go to websites and they could be
connected to them but it didn’t really seem to do anything. Interesting that even though
you are patched, there were still avenues for it to reach you, to get into your systems, so
you could use a thumb drive, an external drive that was infected, if you plug that into a
patched system, it could be exploited. If a computer had open shares, shared a lot of data
and they weren’t protected well with strong passwords, you could get infected. So there
were a lot of ways to get infected with Conficker that made it very interesting. So just to
continue the story, you know you had the April 1st date that was the date that it was all
supposed to happen that and nothing really did happen on April 1st although the Internet
had shut down, your systems did not shut down. There wasn’t this plague of locusts
descending upon us, but you know slowly a few days later, the security research people
began to discover that Conficker was distributing Rogue security software through a P to
P network that it had created.
 Threats: Example - Conficker
“The Conficker Worm:
April Fool’s Joke or
Unthinkable
Disaster?”

“Conficker
Conficker is platform for mass distribution worm spikes,
infects 1.1
allowing attackers to monetize the platform!
million PCs in
<24 hours”

© 2009 IDC

So next slide please. So in reality what Conficker was and still is, is a platform for the
mass distribution of some type of code, be it the Rogue security software that you know
that you got them, so they pay us 79 99, and it will solve all your problems. So it is really
allowing for the mass distribution of any executable content that the attackers want to
monetize their platform for. So what that means of course is that we are looking at
professionals who are trying to find ways to make money out of doing attacks. We will
move on to the next slide.
 Threats: Targets of Choice

• Criminal endeavor
• Targeted attack
• Keystroke logger
• IM channel
• Stole credentials
• Circumvented controls

http://voices.washingtonpost.com/securityfix/2009/07/an_odyssey_of_fraud_part_ii.html

© 2009 IDC

And the next slide really just talks about same sort of criminal endeavors, we have got
targeted attacks that are out after people, out after bank accounts. They use spam mail or
some other ways to get keystroke loggers onto their systems. They use different
communication channels, they steal credentials to get to the money, so example here is
that Bullitt County Kentucky that had a recognized system but the attackers who are out,
say cyber criminals are out after the money, now its just worth about 15000, much of that
has been accessed but they still lost 100s of 1000s of dollars from their accounts and
unlike personal accounts, most of these business accounts that use wire transfers are not
protected. So when these are lost, these are lost.
 Threats: Targets of Choice

• Criminal endeavor
• Targeted attack
• Keystroke logger
• IM channel
• Stole credentials
• Circumvented controls
Play it Sam:
Sanford School District (CO)
Patco Construction (ME)
Ferma Corp. (CA)
Western Beaver school district (PA)
Unique Industrial Product Co. (TX)
JM Test Systems (LA)
$1,000,000s in Fraud

© 2009 IDC

Next slide shows that you know, I was not just picking on Bullitt County Kentucky
because this has been happening all over the country, especially this year. These are
pretty much all examples from this year, you can see the school, no one is immune.
School districts, construction companies, regular manufacturing companies, anyone that
has money, these attackers are out after them, they do their research, they find out where
your system is, they know who the key players are and they go out and target those
people and try to get the information on their machines and they will find ways of
working around the system. So you can see there is targets of choice, there is not just a
random activity anymore, they are out after specific money and specific activities.
 Threats: Summary

• Professionals/organized
• Profit motive
• Stealthy attack methods
• Targeted malware variants
• Exploit web and social vulnerabilities
• Seek out exploitable endpoints

© 2009 IDC

So next slide. I did not want to spend too much time on the threats, but you just can’t
help it that much. So just in summary for threats, we have got professionals and
organized. They are no longer just random issues that you can deter easily. They are out
after profits, they are out after your money. They are stealthy, they use Malware, they
use the web and social vulnerabilities and they seek out exploits endpoints, and they seek
out any exploitable components that you can find.
 Threats: Summary

• Professionals/organized
• Profit motive
• Stealthy attack methods
• Targeted malware variants
• Exploit web and social vulnerabilities
• Seek out exploitable endpoints

Attackers are competitors

Look at it as a business operation

© 2009 IDC

And next slide please, and I would just like to bring out that attackers are competitors or
you can look at them as part of the business operation, so this kind of works into my issue
for compliance as a vulnerability that makes you looking at vulnerability, looking at
compliance as part of your risk management system and here you really need to start
thinking of many of the threats, many of the attackers as competitors, competitors against
your assets, so another way of looking at this you and you can you know, you can look at
them as competitors, you can find ways to defeat them to out compete them. So to speak
so, there is a winnable solution in this.
 Counter Measures – D-in-D
Products

Network
Security

Web
Security

Messaging
Security

Endpoint
Security

© 2009 IDC

So let us move on to the next slide which is going to be counter measures and this slide,
this is kind of a quick way of people looking at counter measures, we have got our SILO
security products, we got our network security, web messaging, and endpoint security,
are all of these components onto what it means to be a security product and you know
they don’t really like to work together, they do not communicate together, they are
SILOs.
 Counter Measures – D-in-D
Products

Network
Security Web Security

Central Security
Management

Endpoint Messaging
Security Security

© 2009 IDC

So the better way and that is the next slide, I am thinking about your products and
defense in depth is that they need to work together or you need to have your network
security be able to get information on how the messaging security is doing things or how
the web security is doing things and the key is right in the center, right in the central
security management that can get the information from all of these points, and be able to
understand that there is a web attack or an issue with web security that we can block at
the network level or we can block at the endpoint, so in that respect, we need this, this is
one way of looking at defense in depth, but I would like to look at defense in depth in a
different way as opposed to what I would call this one dimension, I would like to look at
three dimensions.
 Counter Measures - Layers

“Ogres are like Onions.”

"Layers. Onions have layers. Ogres have layers."

© 2009 IDC

So the next slide please, we will start talking about that. So remember from movie Shrek,
Ogres are like Onions, and it wasn’t because they were smelly, it was because they have
layers, onions have layers and Ogres have layers, well, security and counter measures
should have layers too so as the next part of defense in depth is really a layer.

Counter Measures – Layers

Products Policy

Network
Security Web Security

Central Security
Management

Endpoint Messaging
Security Security

© 2009 IDC
So next slide. So the first part of our layered component is policy, lets have policy that
will contribute to the product side.

Counter Measures - Policy

Risk Management isn’t solved with just technology, but rules

Examples: Speed limits, Building Codes, Food Safety

Policies are central to risk management

We can’t eliminate all risk with technology

The key is to understand the risks, determine mitigation strategy

Knowing why something needs to be protected
ties risks to business objectives.
Enforcement required to make policies real

Policy bridges the gap between technology and reality!

© 2009 IDC

So next slide, so policy is to have rules, right? It is designed to cover for where
technology can’t not do it all the time. It helps you really determine what your mitigation
strategy is, OK I can have these products, but I also need limits, I also need to tell people
you know how big their password is or what they need to run, what they need to not run,
I need to monitor these activities to know what people are doing. Interestingly you know
in the example I gave on Conficker, so if you were patched you were good, unless
someone took an infected thumb drive and plugged that into your system or if you had
open shares with weak passwords. So that is not too much, you can try to deal some of
that with technology but a lot of that was policy, you do not install unknown thumb
drives into your machine or you use a thumb drive you have to ensure that it is virus
scanned first. So you know and there is a cost issue here too, so when we think about
technology, you know you can only buy so much technology, we have to look at policy
what we can do with policy that is going to save us money and be able to close the gap
between technology and reality, so we cannot just do it with technology, we need to do it
with policy, with rules and we need to enforce them because policy without
reinforcement is really not going to get us that far. So that is the part of the layer, one
layer is policy.
 Counter Measures – Layers
Products Policy

Network
Security Web Security

Central Security
Management

People
Endpoint Messaging
Security Security

© 2009 IDC

The next slide highlights the other part of the layer and that is people, right. We have to
have the people involved in this, you know they are as much a part of what you do with
security and what you contribute as, again going back to the slides and let us take this
next slide first.

Counter Measures – People

• Awareness
• Training
• Diligence
– Adhere to policy
– Report problems

• Engage – Process Improvements

© 2009 IDC
So the next slide you know as we talked about in the parts of this area that the survey data
that you know people are really concerned about employees, inadvertent release of
information, so you need to have them trained, they need to be trained, they need to be
aware that you know security is an issue that needs to be dealt with. We have a lot of
concerns, we have as part of our company, part of our activity, so you need the training,
you need the awareness and you need the diligence. All of the issues with the attacks that
were discussed on the target of choice slides, like Bullitt County, like all those others,
most of them were all discovered by people seeing something strange, they got an E-mail
about some notice of a transaction or they saw something that wasn’t right and they were
able to report that and stop the activity, so there was diligence and the willingness to
report that something had gone bad. So people are as important to these counter
measures as anything else is, they need to be engaged, to be a part of the process
improvement. So you know I would like you to think about layers, security layers and
those are the technology, the products that you but also the policy and people you have
and that they all make up what we are kind of define to as the counter measures for risk
management.

Final Analyst Thoughts

UNDERSTAND the “competition”

LIVE for today: PLAN for the future

Security is a JOURNEY, not a destination

Security products offer real SOLUTIONS

Policies and People COMPLEMENT security technology

AUTOMATE where possible

Risk management encourages a FOCUS on critical systems

© 2009 IDC

So the next slide kind of summarizing some of my thoughts on this process where we
have you know risk management. I like risk management, I think it is part of a proactive
way of protecting yourself against your threats, you know the processes to determine the
probability and impact of an event we talked about that and Jeff talked about that, so they
are very important, but part of that probability is also going to be the counter measures
that you are putting together and the counter measures are going to include your
employees, your people and your policy, not just you know what kind of products you
can put up there. Again products are important, they need enforcement, much of this but
you also need to have policy and people involved, you need to be able to monitor what is
going on in the said components and lastly you know I kind of talked about the you know
the business goals have to be part of this process too, that is where the assets contribution
to this all falls.

Analyst Thoughts
Risk Management is Proactive Security Toolbox

Process to determine the probability and impact of an event

Requirements:
– Catalog assets and assign value
– Determine vulnerabilities and assess threats
– Implement counter measures
– Identify “Security Posture Drift” and remediate
– Steadily monitor status and progress

Layered counter-measures utilizing policy, people and

technology

Align business goals with security reality, reduce operational
costs, and improve IT and end-user productivity

© 2009 IDC

So my last slide, is that you need to understand the competition, attackers are actually
professionals are competition, you make it hard on them, you make it so that their
business return on their investment, is going to be much harder because you have
protections, they are not going to compete with you, they are going to move on. We need
to live for today, we need to know we have today but we need to plan for the future.
There is Web 2.0 issues be able to take a risk calculation though, OK I know what my
assets are, I know what my value is, I think I have a good understanding of what the
threat is, you know, so what counter measures do I need to do to continue and you know,
the old cliché, security is a journey, it is not a destination, we cannot just come out and
say, Yep, I’m all done, I’m all secure because the attacks change, the environments
change, all the components change that we have. You know I will try to talk about this
again, security products, they do offer solutions but the people and processes that you
need to rely on are going to conform to the security technology. These layers need to
work together to ensure protection. You need to automate work as possible because that
just makes it easier to have things work well and it will be more productive. And the last
bullet here is that you know risk management encourages a focus on critical systems. It
allows you to kind of take a look and say OK, what are my assets, which ones are more
equal than others, which ones need to be protected better, what is the cost going to be
with those systems, can I mitigate some of that risk with policies or people and play all of
those together. So that is where we go and happy to continue the discussion later on.
Chris McKillop: All right, thank you Charles for your discussion. That concludes this
presentation, ‘The Changing Nature Of Cyber Crime, Attackers, Counter Measures And
New Models For Defense In Depth’. If any of our attendees have any questions today,
Charles will be located in the booth chat of today’s live ESET Interactive Resource
Center for questions. If you would like to review today’s material at a later date, an
archived version of this event will be made available on SearchSecurity.Com webcast
library. I would like to thank Charles Kolodgy for taking the time out to be part of
today’s presentation and also would like to thank ESET for sponsoring this event. And as
always, thank you for taking the time out to join us today. This is Chris McKillop,
wishing you all a great day.