Don’t Let a Breach Make You Famous

Stephan Tallent, CISSPDirector Managed Security Service Providers

1. Threat Landscape

2. Security Trends

3. Exploits & Lessons

4. What can you do?

Ponemon Institute, 2014 Cost of Data Breach Study

2013 2014

Ponemon Institute, 2014 Cost of Data Breach Study

Ponemon Institute, 2014 Cost of Data Breach Study

• State Affiliated – 87% Espionage/Financially motivated – Mercenaries, Russia,China

Manufacturing, Pro Services, Transportation

• Organized Crime – 11% Financially motivated – Eastern Europe – Romania 28%

Finance, Retail, Hospitality

• Hacktivists – 2% PR motivated – North America 18%

Public informational

Verizon Business, 2014 Data Breach Investigation Report

• Stealthy & continuous Persistent effort to gain and maintain access

• Advanced, sophisticated techniques Zero day threats, social engineering, web and email

• Automated, targeted Pre-packaged malware -Segment, vertical or specific entity

• Land, expand & maintain access New APTs better at covering their tracks

• 40% of breaches - Malware 84% of malware was direct install

95% of malware evaded Anti-virus

• 34% email attachments Downloaded through malicious email

Phishing attacks, CryptoLocker

• 26% brute force attacks Guessed or stolen credentials

Verizon Business, 2014 Data Breach Investigation Report

1. Threat Landscape

2. Security Trends

3. Exploits & Lessons

4. What can you do?

• Blended Threats increasing Web based threats increased by 30%

Social networking sites spoofing increased 125%

• Advanced Persistent Threats 42% increase in targeted attacks

Crypto Locker, BlackPOS

• All verticals under attack 31% of all targeted attacks aimed at businesses with less

than 250 employees

Verizon Business, 2014 Data Breach Investigation Report

• Security becoming a utility Too complex and subtle for most in-house IT

More strategic and economical to outsource

• Cloud migration across verticals Security is an inhibitor and opportunity

Customers weighing cost benefits vs. potential risk

• Firewall and AV no longer sufficient Unified Threat Management leads demand

Adaptive threat protection needed against ATPs

• MSS market reached $15.8B in 2014 Revenue will in crease 40% over next 5 years

14.7% CAGR from 2012 to 2017**

• Market Segment Dynamics SME MSS double to near 50% of the market in 2013/14

Enterprises adoption expands to $6.8B by 2017***

• MSS Market Evolution Cloud MSS grows to 69% of market over next 5 years

CPE MSS dropping to 48%(from 57%) of market by 2019***

Infonetics MSS Analysis 2015

Ponemon Institute, 2014 Cost of Data Breach Study

1. Threat Landscape

2. Security Trends

3. Exploits & Lessons

4. What can you do?

Verizon Business, 2013 Data Breach Investigation Report

• Retail – 21% Financially motivated – Eastern Europe

• Manufacturing – 12.2% Espionage motivated – China 30%

• Healthcare – 10.4% ID theft motivated – North America 18%

• Attributed to North Korea, but…. New research indicates Russia mercenaries

• Wiped out hard drives Phishing - downloaded through malicious email

• Freedom of speech held hostage 1st time a cyber attack stopped a creative release

• 47K employees affected SSNs, medical records, compensation, email

• Attributed to Chinese APT (Kungfu Kittens)

Sophisticated skillsets, targeted effort, combination of exploits

• Malware bundle used to expand Likely a web application vulnerability granting access

• 79M people affected SSNs, addresses, phone numbers, etc

Verizon Business, 2014 Data Breach Investigation Report

Anti-spam

Web Filtering

Intrusion Prevention

Antivirus

App Control/

IP Reputation

SpamMaliciousEmail

Spam

Anti-spam

Web Filtering

Intrusion Prevention

Antivirus

App Control/

IP Reputation

SpamMaliciousEmail

MaliciousLink

MaliciousWeb Site

Spam

MaliciousLink

Anti-spam

Web Filtering

Intrusion Prevention

Antivirus

App Control/

IP Reputation

SpamMaliciousEmail

MaliciousLink

MaliciousWeb Site

Exploit

Spam

MaliciousLink

Exploit

Anti-spam

Web Filtering

Intrusion Prevention

Antivirus

App Control/

IP Reputation

SpamMaliciousEmail

MaliciousLink

MaliciousWeb Site

Exploit

Spam

MaliciousLink

Exploit

Anti-spam

Web Filtering

Intrusion Prevention

Antivirus

App Control/

IP Reputation

SpamMaliciousEmail

MaliciousLink

MaliciousWeb Site

Exploit

Malware

Spam

MaliciousLink

Exploit

Malware

Anti-spam

Web Filtering

Intrusion Prevention

Antivirus

App Control/

IP Reputation

SpamMaliciousEmail

MaliciousLink

MaliciousWeb Site

Exploit

Malware

Bot Commands& Stolen Data

Command &Control Center

Spam

MaliciousLink

Exploit

Malware

Bot Commands& Stolen Data

Anti-spam

Web Filtering

Intrusion Prevention

Antivirus

App Control/

IP Reputation

SpamMaliciousEmail

MaliciousLink

MaliciousWeb Site

Exploit

Malware

Bot Commands& Stolen Data

Command &Control Center

Spam

MaliciousLink

Exploit

Malware

Bot Commands& Stolen Data

San

db

ox

Anti-spam

Web Filtering

Intrusion Prevention

Antivirus

App Control/

IP Reputation

1. Threat Landscape

2. Security Trends

3. Exploits & Lessons

4. What can you do?

• Managed Security Services Reduced security TCO, threat intelligence

• Advanced Threat Protection Unified Threat Management & Sandboxing

• Strong Authentication Dual Factor Authentication

• Education Know yourself, know your employees

TRADITIONAL SOLUTIONS

Cumbersome and costly

THE FORTINET SOLUTION

Simple and cost-effective

Bad guys are getting better - zero day is tool of choice

Can’t defend what you don’t know

Defenders must adapt to stay ahead

Creates a pristine environment to let threat run course

Provides closed loop, cooperative security intelligence

Per Minute Updates Per Week

72,000Spam emails intercepted

210,000Network Intrusion Attempts resisted

68,000Malware programs neutralized

310,000Malicious Website accesses blocked

67,000Botnet C&C attempts thwarted

34 MillionWebsite categorization requests

53 MillionNew & updated spam rules

100Intrusion prevention rules

920,000New & updated AV definitions

1 MillionNew URL ratings

8,000Hours of threat research globally

FortiGuard Database

150Terabytes of threat samples

17,000Intrusion Prevention rules

5,800Application Control rules

250 MillionRated websites in 78 categories

151Zero-day threats discovered

Based on Q4 2014 data

Platform Advantage built on key innovations

• FortiGuard: industry-leading threat research

• FortiOS: tightly integrated network + security OS

• FortiASIC: custom ASIC-based architecture

• Market-leading technology: 177 patents, 146 pending

Founded 2000, 1st product shipped 2002, IPO 2009

HQ: Sunnyvale, California

Employees: 2700+ worldwide

Consistent growth, gaining market share

Strong positive cash flow, profitable

$13M

$770M

$16M

$991M

Cash

Revenue

2003 2014

2003 2014

Global presence and customer base

• Customers: 218,000+

• Units shipped: 1.8+ Million

• Offices: 30+ worldwide

Top 10

Fortune

500

Top 10

Global 500

Banks

Top 5

Global

Carriers

Awards & Certifications Partnerships & Industry

35 Awards

Founded by Fortinet additional members include Palo Alto Networks, McAfee and Symantec

FW

IPS

Baselin

e

CP 8NP 66Gbps

2Gbps

3.5Gbps

FW

VPN

IPS

40Gbps

25Gbps

FW

VPN

10Gbps

9Gbps

IPS

VPN

• 10X data center firewall performance

• 5X NGFW performance

• Security that keeps up with

growing bandwidth requirements

Description Fortinet Check Point CiscoPalo Alto

NetworksJuniper FireEye

NSS - Firewall NGFW Recommended RecommendedRecommended

& NeutralCaution Caution x

NSS - Firewall DC Recommended x x x x x

NSS - Breach Detection Recommended x Recommended x x Caution

NSS - IPS (DC) ✔ ✔ x x Caution x

NSS - IPS (Enterprise) ✔ x Recommended x Caution x

NSS - WAF Recommended x x x x x

BreakingPoint Resiliency Record High - 95 x x Poor - 53 x x

ICSA Firewall ✔ ✔ x ✔ ✔ x

ICSA IPS ✔ ✔ x x x x

ICSA Antivirus ✔ x x x x x

ICSA WAF ✔ x x x x x

VB 100 ✔ Caution x x x x

AV Comparative ✔ x x x x x

Common Criteria ✔ ✔ ✔ ✔ ✔ ✔

FIPS ✔ ✔ ✔ ✔ ✔ ✔

Contains results from the latest published NSS Labs reports as of Sept. 30 2014 X = did not participate, not certified

Position Magic

Quadrant

Application Deliver

Controller

Position Magic

Quadrant

Enterprise Firewall

Position Magic

Quadrant

Wired & Wireless

Infrastructure

Position Magic

Quadrant

Security E-Mail

Gateway

2006–2013

2010–2013

2012–2013

2005–2013

1. Threat Landscape Growing

2. Trend to targeted, sophisticated

3. Malware, phishing and web apps

4. Layered defense, actionable threat intel

Mahalo!