Beruflich Dokumente
Kultur Dokumente
2
McAfee ConfidentialInternal Use Only
POWER
POWER EFFICIENT
EFFICIENT
PERFORMANCE
PERFORMANCE
INTERNET
INTERNET
CONNECTIVITY
CONNECTIVITY
SECURITY
SECURITY
Key Trends
Hacktivist activities increased particularly targeting global
financial, military and other public sector enterprises
Attacker attention turns from PCs to mobile devices,
particularly Android
Attacks on Android nearly quadrupled
PC malware and FakeAV attacks declined significantly in Q4
Reported data breaches have more than doubled in the
last two years
Network level attacks techniques are now led by attacks on
Microsofts Remote Procedure Call, SQL injection and cross site
scripting
McAfee ConfidentialInternal Use Only
4
Art of War
Enemys Strategy
Q1/Q2-2010: +10.0
Q3/Q4-2010: +10.9
Q1/Q2-2011: +12.1
Q3/Q4-2011: + 8.9
JAN+FEB-2012: +5.8
February 2012
million
million
million
million
million
samples
samples
samples
samples
samples
Applications/RDBM
S
AV
AV
HIPS
HIPS
Operating
System
Compromise
virtual machine and
hence all guest
machines within
Virtual Machine
I/O
Ultimate APTs
compromise
devices below OS,
either before or
after shipment
Memory
Traditional attacksand
defensesfocused
primarily on the
application layer
Disk
Networ
k
Display
BIOS
CPU
30
New malicious
website
Secondsdetected
Web 2.0
is the
Catalyst!
4m
Active new
zombies per
month
90%
Of all threats
have been
financially
motivated
Attack Target
Users vs.
Machines
10,000
Daily new
malware
threats
Toolkits &
Obfuscation
85
%
Malware is
obfuscated
11
2006
2007
2008
12
2009
2010
2011
80%
73%
77%
13
1,800
1,600
1,400
1,200
1,000
800
600
400
200
0
Q1 10
Q2 10
Q3 10
Q4 10
Q1 11
16
Q2 11
Q3 11
Q4 11
18
3/14/15
Secure
Ubiquitous
Access to a
Environment
Computing
Trends
Consumerization of IT
Employee-owned devices on the
corporate network
Device diversity
iOS, Android, Windows, etc.
App explosion
Beyond email and web
TO 50B DEVICES
FROM 1B
Market
Growth
Bleeding
Edge
Innovators,
Enthusiasts
and Risk
Takers
The
Chasm of
Fear
Uncertainty
and Doubt
Leading
Edge
Progressives
and Visionaries
24
Edge
Early Majority/
Pragmatists and
Doers
Original Work by
David OBerry with
input from Steve
Hanna
Defacto
Smackdown
T-Rex incumbent
vendors let friends
play by their rules,
smaller vendors try to
co-exist on the scraps
to survive
We Support the
Standardskinda
Suddenly large
incumbent vendors
GroundHog Day
say they want to play
Biz opportunity
fair? Trust a T-Rex?
played out and
standards on life
support, move on to
the next target
market
Trailing Edge
Late Majority/
Followers
Time
3/14/15
Failing Edge
Laggards and
Resisters
Adapted from
Crossing the
Chasm, Moore,
McAfee ConfidentialInternal
Use Only
1991
required
A consolidated voice both internally and externally
is required
THREAT MODELS
ATTACK CHANNELS
Homogenous OS
COMPUTING environment
ENVIRONMENT Largely local computing
centric
Mobile
= + similar
and more
divergent
Similar to PC +
Lost device,
=+
Similar to PC +
SMS, MMS, App
=+
eavesdropping, premium
SMS fraud
downloads
Fragmented OS
environment
Cloud-centric, tethered
to OS provider
No protection
57%
Anti-theft device
31%
Encryption
19%
17%
Client firewall
Anti-virus/anti-malware
Other
0%
11%
5%
4%
10%
20%
30%
40%
50%
60%
There is a policy
disconnect between
IT and end users
HR
IT
Mobile devices
predicted to be
New Malware
Frontier
28
IT
Finance
Sales
Almost 1 in 5
devices are lost
each year
BlackBerry
13%
MOBILE MONEY
PROTECTION GAP
SENSITIVITY OF DATA
ALTERNATIVE ACCESS
Android
44%
iOS
17%
RELIANCE ON USER
29
Mobile Threats
On PCs, rootkits and botnets deliver
ads and make money off of their
victims. On mobiles, weve seen
these types of malware used in the
same manner.
Rootkits allow the installation of
additional software or spyware, and
botnets can cause ad clicks or send
premium-rate text messages.
Bootkits, malware that replaces or
bypasses system startup, also
threatens mobile devices. Although
rooting ones own phone or ebook
reader opens the device to extra
features or to replacing the OS, it
can also allow attackers to load
their own modified OS.
Both rootkits and bootkits will
proliferate in 2012, though most are
currently aimed only at Android.
30
Mobile Security
Requirements
McAfee
McAfee
ConfidentialInternal
ConfidentialInternal
Use OnlyUse
Only
Devices
Data
32
Apps
WEB AND
SOCIAL
MEDIA
BASIC
SERVICES
ENTERPRISE
AND LOB APPS
CUSTOMERFACING APPS
TOMORROW
REAL TIME
QUERIES
34
Enterprise App
Store
App Management
(blacklisting)
Policy-based blacklist
Reputation-based blacklist
McAfee Secure for App Store
You already
built one
security
infrastructure
. Why build
another?
Require Encryption
36
Application
Management
IT Operations Support
Visualize and manage
devices centrally through
McAfee ePO integration
Compliance
Automatically check devices
prior
to network access
37
IT
Operations
Support
Provisioning
ePO
ePO
Compliance
Security and
Authentication
Policy
Management
Policy Management
Remotely perform helpdesk
tasks and push security policies
and configuration updates
over-the-air
GO TO THE
APP STORE
AGREE TO
CORPORATE POLICY
IT SERVICES ARE
AUTO-PROVISIONED
Optional TwoFactor
Authentication
39
3/14/15
GO TO THE
MARKETPLACE
AGREE TO
CORPORATE POLICY
IT SERVICES ARE
AUTO-PROVISIONED
Device application
inventory, audit, and
policy management
Enterprise
Environment
iPad
Messaging
Android
Application
s
Easy
iPhone
Directory
McAfee
EMM
Certificate
Services
Win 7
Files
Scalable
BlackBerry
Database
VPN
McAfee ConfidentialInternal Use Only
44
Appliances
Servers
Firewalls
Other feeds
and analysis
Email Reputation
Engine
File Reputation
Engine
Web Reputation
Engine
Network Reputation
Engine
Vulnerability Information
Browser
Firewall
Web
AV
HIPS
AWL
Mobile
Coordinated Security
Asset
Manageme
nt System
Endpoint
Security
(via NAC)
SIM / SEM
Nitro, ePO, MAP
Servers
IPAM
Physical
Security
ICS/SCADA
Security
Open
Infterfaces
IF-MAP
Protocol
Routing
IDS
Server or
Cloud Security
AAA
Switching
Wireless
Firewalls
RISK
OPTIMIZATION
47
48
Thank You