Beruflich Dokumente
Kultur Dokumente
680 Million
3 Million
2004
Copyright 2009 Trend Micro Inc.
2004 2010
Copyright 2009 Trend Micro Inc.
Social Engineering....
payout per adware install $0.02 $0.30 basic malware package $1,000 $2,000 virus es exploit kit rental $1 per hr undetected info-stealing trojan $80 worm spyw s are distributed denial of service attack $100 per day botn 10,000 compromised PCs (zombies) ets $1,000 1 million freshly harvested e-mails $8 & up stolen bank account credentials $50 es may vary find your local cybervandal-turned-entrepreneur & up credit card + validation info $1 to $2 personal ID & their pets name $10
Copyright 2009 Trend Micro Inc.
Classification
Prediction #5 The Cybercrime Underground Evolution Prediction #6 Cloud-related issues Prediction #7 Targeted Attacks and Cyber- Espionage Prediction #8 Vulnerable Legacy Systems
Classification
Visits to malicious websites ( 42% ) Downloaded by other malware 4. ( 34% ) wor E-mail attachments & ms links 6. ( 9% ) Transfers from removable source: Computer Weekly disks 8. ( 8% ) Other (mostly via INTERNET Internet) 10. ( 7% )
2.
92%
viru ses spyw are botn ets
3.
TARGET
FILE TRANSFERS
5.
8%
REMOVABLE MEDIA
7.
9.
Traditional Security
There is a desperate need for new standards for todays anti-virus products. The dominant paradigm, scanning directories of files, is focused on old and known threats, and reveals little about product efficacy in the wild.
Williamson & Gorelik (2011)
A V
TARGET
FILE TRANSFERS E-MAIL spa m WEBSITES
REMOVABLE MEDIA
INTERNET
IT Environment Changes Challenge: Traditional Approaches Fail Signature file updates take too long
Delay protection across all clients and servers Leave a critical security gap Signature files are becoming too big Increase impact on endpoint resources Unpredictable increase of client size Patches cannot be deployed in time Systems remain exposed to exploits Average time to patch was 55 days in 2010
Unique threat samples PER HOUR
Copyright 2009 Trend Micro Inc.
AV protection networks have multiple layers of protection Vulnerability, Execution & Infection Layer blocking the transfer & execution of malware on target computers
inspection based on
inspection based on inspection based on source (IP, url, source (IP, URL, domain) FILE TRANSFERS E-MAIL spa m WEBSITES
Exposure Layer
TARGET
Exposure Layer LINKS & blocking ATTACHMENTS access to/from sources delivering malware
REMOVABLE MEDIA
INTERNET
Vulnerabilit y Layer
inspection based on
Copyright 2009 Trend Micro Inc.
exploit (rules)
Web reputation services identify and block bad web sites & URLs E-mail reputation services identify and block spam by sender IP address Correlation between layers enhances threat identification
LINKS & ATTACHMENTS FILE TRANSFERS E-MAIL spa m WEBSITES
TARGET
REMOVABLE MEDIA
INTERNET
Copyright 2009 Trend Micro Inc.
Public Cloud
Virtual
Physical
Traditional datacenter
15
Questions?