7 2012isf Mcafee Oberry Unchainedwkforce Orig

Balancing Productivity and Risk for the
Unchained Work Force

The New Reality
David OBerry CISSP-ISSAP, ISSMP,
CSSLP, CRISC, CRMP, MCNE
Advanced Technologies
3/14/15
McAfee ConfidentialInternal Use Only
David OBerry, Previously Director of Strategic Development

and ITS for SC Probation, Parole, & Pardon Services
During my 19+ years with South Carolina
MS-ISAC Executive Board
SC Security Domain Chairman and Collaboration TL
Trusted Computing Groups Customer Advisory
Council (TNC-CAC)
Chairman, TOGs Improving The Digital EcoSytem
Workgroup
Chapters Published on IF-MAP, SCAP, TNC and
Standards Based Defense/Mitigation (ISMH 09,10,11)
My Previous Lifes Work and the IT Environment
800+ users, rapidly growing ext. user-base (1000s)
100% Mobile capable Plan started in 2002
26 Full-time IT including development , engineering,
help desk, & remote support
53 remote sites, decentralized work force
Heterogeneous Deployment including Open Standards,
Open APIs, and Open Source:
Core: McAfee, Dell, Juniper, APC
Network: Juniper, BlueCoat, Citrix, Imprivata
Data: McAfee EEPC, Device Control, Host DLP
Endpoint: McAfee AV, HIPS, Policy Auditor
Management: McAfees ePolicy Platform, STRM,
2
BETTER SECURITY SOLUTIONS & PRODUCTS
POWER
POWER EFFICIENT
EFFICIENT
PERFORMANCE
PERFORMANCE
INTERNET
INTERNET
CONNECTIVITY
CONNECTIVITY
SECURITY
SECURITY
SECURITY: THE THIRD PILLAR OF

COMPUTING
Key Trends
Hacktivist activities increased particularly targeting global
financial, military and other public sector enterprises
Attacker attention turns from PCs to mobile devices,
particularly Android
Attacks on Android nearly quadrupled
PC malware and FakeAV attacks declined significantly in Q4
Reported data breaches have more than doubled in the
last two years
Network level attacks techniques are now led by attacks on
Microsofts Remote Procedure Call, SQL injection and cross site
scripting
4
Art of War
Enemys Strategy
Dive Deep, Be Quiet, Surprise Attack

The Great Zoo: McAfee Known Malware

Samples
February 2012: we reach 81 million samples
(75,200,000 samples at December 31th)
Q1/Q2-2010: +10.0
Q3/Q4-2010: +10.9
Q1/Q2-2011: +12.1
Q3/Q4-2011: + 8.9
JAN+FEB-2012: +5.8
February 2012
million
million
million
million
million
samples
samples
samples
samples
samples
Threats Moving Down the Stack
Attack and disable

security products and
hence all protection
Applications/RDBM
S
AV
AV
HIPS
HIPS
Infect OS with APTs

resulting in threats hidden
from security products
Operating
System
Compromise
virtual machine and
hence all guest
machines within
Virtual Machine
I/O
Ultimate APTs
compromise
devices below OS,
either before or
after shipment
Memory
Traditional attacksand
defensesfocused
primarily on the
application layer
Disk
Networ
k
Display
Rogue peripherals &

firmware bypassing all
other security measures
BIOS
CPU
Economic Model of the Attack

More Malware
Variations
30
New malicious
website
Secondsdetected
Web 2.0
is the
Catalyst!
4m
Active new
zombies per
month
90%
Of all threats
have been
financially
motivated
Attack Target
Users vs.
Machines
10,000
Daily new
malware
threats
Toolkits &
Obfuscation
85
%
Malware is
obfuscated
Key Trend: Botnet Infections Recover

Botnet infections rebounded strongly in December, but is still no where near its
historic peak. Brazil, Belarus, Columbia, India, Spain, Turkey, and the United States
saw significant increases.
Global Botnet Infections per Month

6,000,000
5,000,000
4,000,000
3,000,000
2,000,000
1,000,000
-
Stealth Attacks Will Continue

110,000 new rootkits detected
each quarter
More than 1.8 M unique rootkits
More malware using rootkits to
evade detection
The Most Dangerous

Malware is the Unknown
Malware
Stuxnet targeted government

installations in Iran and India
Koobface quietly turns a system
into a bot
SpyEye is a do-it-yourself toolkit
to build stealth malware
TDSS family of rootkits with
multiple variants that goes
undetected by almost all OSbased security software
Source: McAfee Labs
Hacktivism Networks Will Evolve

McAfee believes the historical Anonymous syndicate will reinvent itself or die out. The people leading digital
disruptions will become better engaged with the people leading physical demonstrations. For political and
ideological ends, the private lives of public figurespoliticians, industry leaders, judges, and lawenforcement and security officerswill be disclosed this year more than in the past. Some hacktivists will
operate along the same lines as the various cyberarmies that primarily flourish in nondemocratic or
nonsecular states.
.
.
11
Reported Data Breaches Accelerate

The number of reports of data breaches via hacking, malware, fraud, and insiders has
more than doubled since 2009. In the Q4 2011 alone we saw more than 40 breaches
publically reported. Although the last three months are not the record holder in this
area, data breach events continue to increase.
Reported Data Breaches

250
200
150
100
50
0
2005
2006
2007
2008
12
2009
2010
2011
Sad and Scary Numbers?
80%
Of CISOs See Employees As

The Greatest Data Threat
73%
Of Data Breaches Come

From Internal Sources
77%
Unable To Audit Or Quantify

Loss After A Data Breach
13
Survey: Dark Reading/InformationWeek (2009)

Survey: MIS Training Institute at CISO Summit (2009)
McAfee DatagateReport. Produced by DataMonitor
(survey of 1400 IT professionals across UK, US, DR,
DE, and Australia)
3/14/15McAfee ConfidentialInternal Use Only
IT Dis-Innovation Death Spiral
Mobile Computing: Growth is Cool & Frightening
Mobile computing devices to drive 90% of

computing growth over the next three years.
By 2012, mobile computing devices would account

for 70% of all PC shipments.
20 million+ traditional tablets and next-generation

tablet devices worldwide in 2012
Changing rapidly and rich functionality will

accelerate growth
Gartner forecasts 2010 PC growth, business upgrades, iPad

impact TechRepublic Sept 2010
15
Mobile Malware - Cumulative

Mobile malware has now established itself as the fastest growing category as
attackers continue to experiment with new attacks aimed primarily at the Android
platform.
1,800
1,600
1,400
1,200
1,000
800
600
400
200
0
Q1 10
Q2 10
Q3 10
Q4 10
Q1 11
16
Q2 11
Q3 11
Q4 11
New Android Malware Samples by Quarter

Q4 2011 will be remembered as the point in time when Android malware creation
went ballistic. New Android targeted malware samples nearly quadrupled. Much of the
Android malware is now been for-profit SMS-sending Trojans, which benefit
cybercriminals by hijacking phones to send messages that cost their owners money.
Rooting Android devices has becoming easier with the availability of apps that
combine vulnerability exploits.
450
400
350
300
250
200
150
100
50
0
Q1 10 Q2 10 Q3 10 Q4 10 Q1 11 Q2 11 Q3 11 Q4 11
17
18
3/14/15
The Mobility Explosion!

The Goal of Radical Consumerization is?
Secure
Ubiquitous
Access to a
Environment
Computing
The User Has Evolved
Driving Consumerization of IT/BYOD
Trends
Consumerization of IT
Employee-owned devices on the
corporate network
Device diversity
iOS, Android, Windows, etc.
App explosion
Beyond email and web
Mobile threat emergence

Android an early favorite
TO 50B DEVICES
FROM 1B
ENDPOINT SECURITYto 50 Billion

Technology Dis-Innovation Life-Cycle

FUD CounterValence
Downward pressure
exerted by large or
incumbent vendors
through various means
amplifies risk aversion
inherent in human
nature
Market
Growth
Bleeding
Edge
Innovators,
Enthusiasts
and Risk
Takers
The
Chasm of
Fear
Uncertainty
and Doubt
Leading
Edge
Progressives
and Visionaries
24
Edge
Early Majority/
Pragmatists and
Doers
Original Work by
David OBerry with
input from Steve
Hanna
Defacto
Smackdown
T-Rex incumbent
vendors let friends
play by their rules,
smaller vendors try to
co-exist on the scraps
to survive
We Support the
Standardskinda
Suddenly large
incumbent vendors
GroundHog Day
say they want to play
Biz opportunity
fair? Trust a T-Rex?
played out and
standards on life
support, move on to
the next target
market
Trailing Edge
Late Majority/
Followers
Time
3/14/15
Failing Edge
Laggards and
Resisters
Adapted from
Crossing the
Chasm, Moore,
McAfee ConfidentialInternal
Use Only
1991
Who, What, Why, How?

M=FARS (Mobility Equals Flexibility,
Agility, Reliability, and Sustainability)
Personal Productivity Savings (PPS)
properly managed yields Business
Operating Efficiency (BOE)
The Three Monkeys
A fresh vision is required
A new way of truly listening to your customers is
required
A consolidated voice both internally and externally
is required
The Tail Wagging the Dog

De-facto way of doing things kills us from an agility
perspective...20+ years is long enough
Translator to Transgressor leap cripples

communication IT2B, B2B, IT2IT
Mobile Security Differences

PC
Malware, Virus, Phishing,
THREAT MODELS
ATTACK CHANNELS
Stolen Data, Trojans,

DoS, Social Engineering
Browser, Bluetooth, WiFi, Cellular Network,

Cross
Channel, Email
Homogenous OS
COMPUTING environment
ENVIRONMENT Largely local computing
centric
Mobile
= + similar
and more
divergent
Similar to PC +
Lost device,
=+
Similar to PC +
SMS, MMS, App
=+
eavesdropping, premium
SMS fraud
downloads
Fragmented OS
environment
Cloud-centric, tethered
to OS provider
Mobilitys Unique Challenges Call for Different Approaches to

Security
Source: McAfee, inCode
Lost Smartphone Protection

Employees consistently fail to protect their mobile devices
No protection
57%
Anti-theft device
31%
Encryption
19%
Password or keypad lock
17%
Client firewall
Anti-virus/anti-malware
Other
0%
11%
5%
4%
10%
20%
30%
40%
50%
60%
Enabling Mobility Brings Risk
There is a policy
disconnect between
IT and end users
HR
IT
Mobile devices
predicted to be
New Malware
Frontier
28
More than half of al

users dont lock
their devices
IT
Finance
Sales
Almost 1 in 5
devices are lost
each year
Perfect Storm for Mobile Threats

USER AGGREGATION
Others
26%
BlackBerry
13%
MOBILE MONEY
PROTECTION GAP
SENSITIVITY OF DATA
ALTERNATIVE ACCESS
Android
44%
iOS
17%
2015 OS Shipments IDC June

2011
RELIANCE ON USER
29
Mobile Threats
On PCs, rootkits and botnets deliver
ads and make money off of their
victims. On mobiles, weve seen
these types of malware used in the
same manner.
Rootkits allow the installation of
additional software or spyware, and
botnets can cause ad clicks or send
premium-rate text messages.
Bootkits, malware that replaces or
bypasses system startup, also
threatens mobile devices. Although
rooting ones own phone or ebook
reader opens the device to extra
features or to replacing the OS, it
can also allow attackers to load
their own modified OS.
Both rootkits and bootkits will
proliferate in 2012, though most are
currently aimed only at Android.
30
Mobile Security
Requirements
McAfee
McAfee
ConfidentialInternal
ConfidentialInternal
Use OnlyUse
Only
Enabling Mobility Through Security

PROTECT MOBILE DEVICES
Devices
Device Management (MDM)

Anti-Malware
Web Protection
PROTECT MOBILE DATA
Data
Data Protection (Locate, Lock, Wipe, Delete)

Jailbroken and Rooted Device Exclusion
Encryption
PROTECT MOBILE APPS
32
Apps
Enterprise App Store

McAfee SECURE for App Stores
McAfee App Alert
Secure App Enablement Requirements

Required:
Data Protection
Compliance
Authentication
Security Policy Management

Self-Service Provisioning
Enterprise App Management
WEB AND
SOCIAL
MEDIA
BASIC
SERVICES
ENTERPRISE
AND LOB APPS
CUSTOMERFACING APPS
Protect the Apps Today and Tomorrow

TODAY
TOMORROW
REAL TIME
QUERIES
34
Enterprise App
Store
App Management
(blacklisting)
Embedded URL site reputation

Developer reputation
App reputation
Vulnerabilities/malware
Behavior/history (monitoring)
Policy-based blacklist
Reputation-based blacklist
McAfee Secure for App Store
You already
built one
security
infrastructure
. Why build
another?
Bring Mobile Devices In

35
Enterprise Mobility Management
Enforce Strong Authentication
Exclude Risky Devices
Require Encryption
Lock, Wipe Remotely by Admin
36
Mobile Device Management Life Cycle

Provisioning
Define security policies, network
connectivity, and resources; user selfservice provisioning for automatic
device personalization
Enterprise Application Management

Make apps available in a secure, rolebased way. Offer apps for download,
links to third-party app stores, and
web links.
Application
Management
IT Operations Support
Visualize and manage
devices centrally through
McAfee ePO integration
Compliance
Automatically check devices
prior
to network access
37
IT
Operations
Support
Provisioning
ePO
ePO
Compliance
Security and
Authentication
Policy
Management
Security and Authentication

Enable devices to strongly
authenticate against Microsoft
CA.
Supports two-factor
authentication.
Policy Management
Remotely perform helpdesk
tasks and push security policies
and configuration updates
over-the-air
Self-Service Provisioning for iOS

1
GO TO THE
APP STORE
ENTER YOUR EMAIL

CREDENTIALS
AGREE TO
CORPORATE POLICY
IT SERVICES ARE
AUTO-PROVISIONED
Optional TwoFactor
Authentication
Easy, Secure, Automated

Bulk Provisioning Notifications

Locate which users are provisioned and how many devices
Send notifications to non-provisioned users
39
Search LDAP directories for users or groups, or upload list
Send notifications via email or SMS
3/14/15
Self-Service Provisioning for Android

1
GO TO THE
MARKETPLACE
ENTER YOUR EMAIL

CREDENTIALS
AGREE TO
CORPORATE POLICY
IT SERVICES ARE
AUTO-PROVISIONED
Easy, Secure, Automated

40
McAfee VirusScan Mobile for Android
Anti-malware optimized for mobile

Real-time scanning and alerts
Message attachment detection
Auto cleaning or quarantine option
24x7 automated protection
updates
41
Enterprise Application Store

Recommend and make
applications available
securely based on group,
role, or device type
Custom corporate
applications
Third-party applications
(Apple App Store or
Android Marketplace)
Webclips
Device application
inventory, audit, and
policy management
Empowering MobilityMcAfee EMM

Secure
Manages native security settings

Enforces device compliance
Extends the security
infrastructure via McAfee ePO
Integrates with the data center
Enterprise
Environment
iPad
Messaging
Android
Application
s
Easy
Simple administration and

reporting via McAfee ePO
User self-service provisioning
Device personalization for user
productivity
iPhone
Directory
McAfee
EMM
Certificate
Services
Win 7
Files
Scalable
Scales to 10s of 1,000s of

devices
Supports high availability and
disaster recovery configurations
BlackBerry
Database
VPN
Why Does a Single Pane of Glass Matter?

Single pane of glassMobile devices
are managed through McAfees broader
ePO security console
Consumer-to-enterprise offering
McAfees mobility solutions extend
interoperability out to the larger product
portfolio
ResourcesMcAfee EMM has strong
dashboard and reporting tools, something
Gartner places importance on when
evaluating a vendors technology
Breadth of managementMcAfee EMM is
compatible with Exchange, Lotus,
GroupWise, and Gmail
44
Coordinated Threat Intelligence More Important Than Ever
Threat Intelligence Feeds

DeepSAFE Endpoints
Appliances
Servers
Firewalls
Other feeds
and analysis
Email Reputation
Engine
File Reputation
Engine
Web Reputation
Engine
Network Reputation
Engine
Vulnerability Information
Browser
Firewall
Email
Web
AV
HIPS
AWL
Mobile
Coordinated Security
Asset
Manageme
nt System
Endpoint
Security
(via NAC)
SIM / SEM
Nitro, ePO, MAP
Servers
IPAM
Physical
Security
ICS/SCADA
Security
Open
Infterfaces
IF-MAP
Protocol
Routing
IDS
Server or
Cloud Security
AAA
Switching
Wireless
Firewalls
Maturity Model of Enterprise Security
RISK
OPTIMIZATION
47
Challenges Recapped and Refocused

Mobile Almost Always Requires More Devices Therefore Usually More
Work
Nothing Is Getting Easier
Endpoints And Flowpoints Were/Are Unmanageable With Technology
That Does Not Scale From A Visibility Perspective
Commoditize Where/What You Can
BOTH Modularity And Scalability Of Both Product And Aggregator Of
Relevant Data Required
Slow Adoption Of Open Standards Cripples Innovation Impacting
Efficiency And Overall Digital Ecosystem Safety
We Are All Part Of One Organism In This Digital Ecosystem
Immune System Concept, If Extremities Get An Infection It Can Easily
Become Systemic
Digital Feudalism or Castle And Moat Were Reasonable In The Past
Now The Barbarians Can Draft Your Citizens, Dogs, Cats, Livestock,
Refrigerators, etc. Into Service Against You
Bad Security Threatens Mobility Which In Turn Threatens Productivity
Dont Give Anyone An Excuse
48
Thank You

7 2012isf Mcafee Oberry Unchainedwkforce Orig

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

7 2012isf Mcafee Oberry Unchainedwkforce Orig

Hochgeladen von

Copyright:

Verfügbare Formate

Balancing Productivity and Risk for the

Unchained Work Force

McAfee ConfidentialInternal Use Only

David OBerry, Previously Director of Strategic Development

BETTER SECURITY SOLUTIONS & PRODUCTS

SECURITY: THE THIRD PILLAR OF

McAfee ConfidentialInternal Use Only

Dive Deep, Be Quiet, Surprise Attack

The Great Zoo: McAfee Known Malware

McAfee ConfidentialInternal Use Only

Threats Moving Down the Stack

Attack and disable

Infect OS with APTs

Rogue peripherals &

McAfee ConfidentialInternal Use Only

Economic Model of the Attack

McAfee ConfidentialInternal Use Only

Key Trend: Botnet Infections Recover

Global Botnet Infections per Month

McAfee ConfidentialInternal Use Only

Stealth Attacks Will Continue

The Most Dangerous

Stuxnet targeted government

Source: McAfee Labs

Hacktivism Networks Will Evolve

McAfee ConfidentialInternal Use Only

Reported Data Breaches Accelerate

Reported Data Breaches

McAfee ConfidentialInternal Use Only

Sad and Scary Numbers?

Of CISOs See Employees As

Of Data Breaches Come

Unable To Audit Or Quantify

Survey: Dark Reading/InformationWeek (2009)

3/14/15McAfee ConfidentialInternal Use Only

IT Dis-Innovation Death Spiral

McAfee ConfidentialInternal Use Only

Mobile Computing: Growth is Cool & Frightening

Mobile computing devices to drive 90% of

By 2012, mobile computing devices would account

20 million+ traditional tablets and next-generation

Changing rapidly and rich functionality will

Gartner forecasts 2010 PC growth, business upgrades, iPad

McAfee ConfidentialInternal Use Only

Mobile Malware - Cumulative

McAfee ConfidentialInternal Use Only

New Android Malware Samples by Quarter

McAfee ConfidentialInternal Use Only

McAfee ConfidentialInternal Use Only

The Mobility Explosion!

McAfee ConfidentialInternal Use Only

The User Has Evolved

McAfee ConfidentialInternal Use Only

Driving Consumerization of IT/BYOD

McAfee ConfidentialInternal Use Only

Mobile threat emergence

McAfee ConfidentialInternal Use Only

ENDPOINT SECURITYto 50 Billion

Technology Dis-Innovation Life-Cycle

Who, What, Why, How?

The Tail Wagging the Dog

Translator to Transgressor leap cripples