g v tech ©2010 government technology solutions, inc. robert deitz ii president and ceo security...

GVVTech

©2010 Government Technology Solutions, Inc.

Robert Deitz II President and CEO

Security Policies that hackers love to see...

GVVTech


“Every 1.5 seconds, there’s a new virus that

exists. ”

GVVTech


Pattern matching – a number problem

Data source: AV-test. Org (September, 2007)

GVVTech


Malicious Code sources are now growing by the second..

In Q2 2010, we estimate that 1.3 million web sites were infected, based on data from our telemetry systems. Q2 was the first quarter in history for which we believe that over one million web sites were infected in a three month time period*

* Source – Dasient Anti-Malware, Sept 2010

GVVTech


IA tools today are not as effective as 5 years ago – the rules have changed

Source: NSS Labs Endpoint Security Socially Engineered Malware Protection Comparative Test Results Report, Sept 8, 2009

GVVTech


The newest malware data is daunting More than 100,000 new malicious samples and urls

identified each day! Distribution on multiple vectors, including various buffer

overflows, email, usb drives, botnet redistribution and the world wide web

The growing use of social networking and web 2.0 sites The intense background noise of spam overwhelms the

gateway Existing and traditional methods to detect and block are

causing more visible problems than the malware itself These problems are all escalating at an alarming rate

GVVTech


Dealing with modern threats to data security using outdated policies is like using the castle as a defense 1500 years ago

At one time the Castle was solid and safe – it defeated most attacks.

But because it was immovable – it could be studied and it’s defenses tested.

Soon new attacks like catapults, battering rams, and introducing the plague made this immovable and static object a easy target…

GVVTech


Castle Defenses Today more and more data is centralized. More data is accessible today than ever before. More agencies and departments are connected than

ever before. Contractor use is much higher than 20 years ago – more

hands to store, categorize, and protect agency data. The Human factor is the number one cause of security

breaches. In short – data today is stored in larger castles

locally……(new State Data Center?)

GVVTech


Sound Familiar?

IT Department

VPN

Login/CAC

passwordfirewall

Airgap / Anti-Spam

Email servers

CEO office

XSP (services)

ESM

Anti-Virus

GVVTech


Are we still trying to hide in a Castle?

The modern computer is not bounded by it’s geolocation. Wireless is built in to most motherboards

And what is a computer today? Your printer? Blackberry? Router? Cell Phone?

Portable computing and endpoint security is a good start Data leak prevention and Data Protection offer good

insider control, very low current deployment In-The-Cloud services reduce the update hit, and offer

faster time to protect, very low current deployment The truth is, computing end points are connected by

nature, and there are no castles in outer space. Trying to secure your data like a castle won’t work.

GVVTech


Are you purchasing and deploying IA like 5 years ago?

Most Government agencies today purchase and deploy IA tools like they do commodities – a different PO and contract for each Anti-Virus, Firewall, Content Filter, etc.

Is it acceptable to purchase and manage your security the same way you buy toner cartridges?

This is like buying 5 different prescriptions from 5 different pharmacist – do your IA tools need to work together, or can this cause a problem?

Is your organization treating security tools as a integrated solution set – or a patchwork of products from different sources that you hope continue to work together?

GVVTech


Defining Security

Data Security today needs to be defined – Is Data Integrity a “nice to have”, non mission critical

function, or Or, is Data Security a “Must have” mission critical core

department function? And if the data is mission critical – does destroying or

stealing this have the full support and resources of law enforcement and homeland security behind those efforts.

Do your day to day polices mirror your stated goals – is your security a tightly integrated, coordinated program?

Or – do you have to search multiple contracts, folders, records for your defenses – and hope you didn’t forget one?

GVVTech


Does it matter?

Is security just a embarrassment or bother? – 2003 – Blowing up a power plant via the Internet – no

problem: http://www.cnn.com/2007/US/09/27/power.at.risk/#cnnSTCVideo

2008 – 154 die because worm disrupts flight controls: Failure

of controls...Spanair crash caused by a Trojan Published: 2010-08-22,Last Updated: 2010-08-22 01:01:41 UTCby Rick Wanner

Several readers have pointed us to an article about the preliminary report of the Spanair flight that crashed on takeoff in 2008 killing 154. The article suggests that a Trojan infected a Spanair computer and this prevented the detection of a number of technical issues with the airplane. The article speculates that if these issues had been detected the plane would not have been permitted to attempt take off.

* http://isc.sans.edu/diary.html?storyid=9433

2010 - October 11, Homeland Security Newswire – (International) Experts: Stuxnet a “game changer”. The Stuxnet malware is a game changer for critical information infrastructure protection, …PLC controllers of SCADA systems infected with the worm might be programmed to establish destructive over/under pressure conditions by running pumps at different frequencies, for example.

GVVTech


Sometimes you need to adapt to get your mission done

The horse was eliminated as part of the official DOD “equipment inventory” in the 20’s. Some people decided that was not going to stop them from getting their mission done….

GVVTech


Modern Defense StrategyIf you care about being on the front page – care about who might be able to keep you off it – be selective.

Invest some time to review the performance of your contractors. Did your Firewall work like it was supposed to? Did you have any virus/malware outbreaks? Were there any data loss/breaches last year?

Did your staff have to reach out to your security team (contractors) to ask questions, confirm/deny rumors, trouble shoot a problem that should not have happened?

Or did your security team keep you apprised of technology or manufacturer changes, provide roadmaps briefs, warn of potential issues between tools or manufacturers?

GVVTech


Best utilization for your security budget

Can you improve your security without increasing your budget?

To consider: Paperwork cost money Time cost money Doing trouble shooting that should not be done cost

money Security breaches cost money Bad PR can cost you reputation and oversight Preventing a breach usually has at least a 10-1 ROI

(the cost to prevent a likely beach is many times less than the cost of fixing the damage)

GVVTech


Ideas to improve security

Meet with your security provider(s) – ask questions about your department and ask for ideas (free).

Meet with your employee’s and contractors and solicit their honest opinions on who is doing the job for your department – and who is not (free).

Review all contracts awarded last year. How many? Were they to different providers than the year before? If so, why? (cost – your time).

Evaluate if consolidation is possible. Cutting 4 contracts into one saves a lot of time, paperwork, and moves responsibility into fewer hands (cost – up front time, reduction in staff time and administrative paperwork long term).

GVVTech


Ideas to improve security

Define what your security provider will be – no manufacturer’s product works in isolation today. Where is your information coming from?

Look at contracting options – can you establish a BPA? Bundle your solutions into one purchase from specialized supplier?

Look at the hard decisions. DLP can address SB 1386 – but you need to acknowledge there is data loss. UTM can address consolidation of data center space and energy usage required under AB 2408, as well as reduce multiple vendors. But it is a big change the first year.

GVVTech


Securing data has changed. Have your policies kept up?

Security is driven by changes in the world of malware New technologies, new detection vectors, new solutions The growth in volume of malware and attacks is

increasing In addition, malware has changed it’s purpose several

times From student pranks (Melissa, I Love You, etc.) To dirty tricks (Code Red, etc.) To crime (Phishing, Spyware) To organized crime (DDS, Data Loss, etc.) To data mining of social networks… And what is the next step in this progression?

GVVTech


Closing…..

How to Secure your data has changed. Have your policies kept up?

A Golf, Batting and Ski coach all have students with the same equipment. It is how they use that equipment (along with talent) that changes what results they get with it…….

GVVTech


Contact

Happy Halloween!Robert Deitz530-677-1333

[email protected]

g v tech ©2010 government technology solutions, inc. robert deitz ii president and ceo security...

Documents