Mr. Bulent Teksoz - Security trends and innovations
1. Security Trends and Innovations
Bulent Teksoz
Chief Security Strategist for Emerging Markets
@bteksoz
Kuwait Info Security Conference – May 2012
2. Bad News
Good News
@bteksoz Kuwait Info Security Conference – May 2012 2
3. @bteksoz Kuwait Info Security Conference – May 2012 3
4. Targeted Attacks by Sector
Government & Public Sector
Manufacturing
Finance
IT Services
Chemical & Pharmaceutical
Transport & Utilities
Non-Profit
Marketing & Media
Education
Retail
@bteksoz Kuwait Info Security Conference – May 2012 4
5. @bteksoz Kuwait Info Security Conference – May 2012 5
6. @bteksoz Kuwait Info Security Conference – May 2012 6
7. Four Key Trends
Malware Targeted Mobile Data
Attacks Attacks Threats Breaches
Internet Security Threat
Expand
81% Report, Vol. 17
↑ Expose All on Rise
@bteksoz Kuwait Info Security Conference – May 2012 7
9. @bteksoz Kuwait Info Security Conference – May 2012 9
10. @bteksoz Kuwait Info Security Conference – May 2012 10
11. @bteksoz Kuwait Info Security Conference – May 2012 11
12. What’s Ahead in 2012?
Attackers will
capitalize on
work/personal
Macs are not info on mobiles
immune
Cloud computing
and mobile will
Targeted attacks force IT to rethink
will continue security
@bteksoz Kuwait Info Security Conference – May 2012 12
13. The Big Question
How secure are we now?
@bteksoz Kuwait Info Security Conference – May 2012 14
14. One Dashboard
@bteksoz Kuwait Info Security Conference – May 2012 15
15. Summary – What does that mean?
• Risk - volume becoming impossible to manage
• Acceptance that breaches will occur
• Change in focus from asset to information
• Business demands – consolidate security (Back to
basics)
– Risk based approach (Information & identity centric)
– Security must become a two way street (stop exfiltration of
data)
– Smarter Intelligence
– Centralized correlated timely visibility & activity
16
ISTR 17 DataSector information …. Gov’t and public sector target is big, but other sectors are being attacked as well Lots of other industries are being targeted – not just gov’t and public sector … Key takeaway? Companies of all sizes and sectors need to be vigilant.
There is so much information that is covered in the ISTR 17 that we can’t cover it all in this one discussion. So, we’ve tried to focus on key trends in the ISTR – these are trends that the data spoke to and we thought were worth emphasizingWe’ll look at all of these in more detail over the following slides.
So … that’s a quick overview of some of the key trends we saw in the ISTR 17 – there is a lot more information available online at www.symantec.com/threatrerportKey trends we see for 2012?Macs are not immune to malwareThe use of Java for cross-platform attacks was discussed in ISTR 16Targeted attacks will be ongoing and will expandMalware authors will capitalize on co-mingling of work and personal lives on mobile devices As financial transactions move to mobile devices, they will followCloud computing and mobile will force IT to rethink security
Big Numbers for 2011: Interesting ups and downsThese are the big numbers from the infographics we looked at earlier … with a bit more explanation. Red and Green Arrows (explanation): Red = going up is a “bad” thing – Green = going down is a “good” thingAlmost doubled # of attacks blocked from 2010 – many of the blocked attacks have shifted from AV signatures to IPS – this is important for customers to know – IPS can 403 million unique variants of malware – very significant growth over 2010.Interesting things – you would have expected vulnerabilities to go up with more attacks, but that’s not the case0-day vulnerabilities dropped – we’ll talk more about that later.there was a big jump in mobile vulnerabilities – it’s still new a platform and being explored by malware authors – we expect to see more increases on that frontSpam has dropped – 34% decrease – dramatic drop – will look at that later