what keeps security leaders up at night  john peterson vp of enterprise technology

What Keeps Security Leaders Up At Night John Peterson

VP of Enterprise Technology

Five Innovations That Created Security Risks

• One new domain each second• 196 million domain names• 47 million new sites last year

1. Rapid Growth

Source:Verisign

Rich site-to-browser interaction

Browser is the new operating system

Browser is active in the application, not simply a passive display tool

2. Dynamic Web Apps: AJAX

3. User-Generated Content• Half of Top 100 sites based on UGC

• 500 million users on Facebook

• 100 million accounts on Twitter

• 2.5 billion photos uploaded each month to Facebook

• 30 million new ads per day on Craigslist

• 20% of the workforce works remotely

• 1 in 11 organizations had remote workers infected

• 46% of remote infections come from infected Web sites

4. Remote Employees

Smartphone and tablet computing blur the line between personal and business computing

Companies must reconsider policies for devices that are not owned by the company

5. New Devices

How Does This Affect Us?

9

#1 Time Usage On Web:Social Networks

Source: Nielsen

11

1 in 100 posts on

Twitter

are spam/malicious

12

1 in 60 posts on

Facebook

are spam/malicious

Malicious Social Network-branded

Email Lures

15

Malicious Facebook and LinkedIn Messages

Twitter-based Attacks

17

Redirects1. Bit.ly2. Infodsi.com

19

20

21

FTC Judgment for ScareWare

Facebook

23

85,860 machines a day pretend to Facebook

Facebook Social Attacks

Photo ‘Tags’ Up To 50 People

Website Selling Fake Illegal Shoes

27

Affiliate campaigns

28

Affiliate campaigns: Hit Rates

Snapshot: Oct 18-20, 2011Domain #Share #comment

www.dealdrop.me 15K 5Kwww.insideoutback.com 11K 3.7Koutbacknews.me 8.3K 3.1Kall.pizzalovers.me 3.5K 1.2Kwww.steakvouchertoday.com 2.2K 0.7Kwww.freepizzaoffer.net 1.9K 0.7Kwww.giveolivegardento.me 1.4K 0.5Kwww.steakgiftcards.com 1.0K 0.4KTotal 44.3K 15.3K impact (~130 friends) 600,000

Commissions

Credit Card - $5-$20Exercise equip - up to %10Hotel booking - $1-$3Software– up to 75%

Rogue Facebook Apps

Barracuda Labs Technology:Profile Protector System

• Process Twitter and Facebook Streams• Query Attributes and Features• Analyze Users’ Activities• Analyze Web Links• Track Malicious URLs and Users

ProfileProtector.com

Barracuda Labs Threat Intelligence

Maltrace: Malware Analysis w. Virtualization

• Collect thousands of malware samples daily from honeypot network

• Load samples into Maltrace• Maltrace allows the malware to run on a virtual PC• Maltrace collects the network traffic generated• Maltrace creates signatures based on malicious traffic• Adds the signatures to URL, IP and fingerprint databases

Barracuda Labs Resources• Web Sites and Reports

– www.BarracudaLabs.com– www.BarracudaCentral.org– www.TweetBrawl.com– www.TweetGrade.com– Barracuda Labs Annual Threat Report

• Contact– Barracuda Labs on Twitter: @BarracudaLabs– Kris Salas, ksalas@barracuda.com

Branch Office

Headquarters

Mobile Worker

Cloud Filtering

Content Security

Content FilteringMalware ProtectionApplication ControlRegulate Social

Media

Allow

Filter

Block Archive

Barracuda Dynamic Content Security

Barracuda Networks Product Overview

Barracuda Networks 49

SECURITY

Thanks

Kris SalasEnterprise AccountManagerBarracuda Networksksalas@barracuda.com