Presentation PDF - Baltic Cyber Security Forum

www.cyberoam.com
10 worst IT security failures:
How Cyberoam addresses
Key Challenges of CISO
Justinas Valentukevicius,
Channel Manager Baltics and Finland
Our Products
Modem Router
Network Security Appliances - UTM, NGFW
(Hardware & Virtual)
Integrated Security
appliance
www.cyberoam.com
Major global IT Security Failures
www.cyberoam.com
RSA Security Breach
Analysis of breach:
 Spear Phishing attacks were launched by
hackers claiming to be RSA employees. A flash
object was used in an excel file
 Reconnaissance was done on social networking
sites and finally malware was planted on RSA’s
network. A variant of the poison ivy Trojan was
used to infect the machines in RSA’s network
 The attacker in the RSA case established
access to staging servers at key aggregation
points.
 Then they went into the servers of interest,
removed data and moved it to internal staging
servers where the data was aggregated,
compressed and encrypted for extraction
www.cyberoam.com
The attacker then used FTP to transfer many password protected RAR
files from the RSA file server to an outside staging server at an external,
compromised machine at a hosting provider
Impact:
 Hackers claim that SecurID seeds have been lifted, along with the
mechanism that links an individual token's serial number to its
individual seed
 RSA's database of serial numbers may have been compromised.
 Possibly 40 million employee records stolen as per hackers
 But according to RSA no customer’s networks were breached
Repercussion:
 Claims are there that RSA have spent around $66 million on
remediation
www.cyberoam.com
Dropbox Security Breach
Analysis of breach:
 Spam was used to compromise the network
 One of its employee's accounts was
compromised, leading to a raft of spam that
irritated users
 Stolen password was used to access the
employee's account, which contained a project
document with user email addresses
 Username and passwords stolen from other
websites were used to access dropbox
accounts
 No compromise to internal systems were found
www.cyberoam.com
Impact:
 Dropbox users started using spam e-mails from gambling websites
Repercussions:
 Dropbox plan to use two-factor authentication with
username/password and temporary tokens
 Revamping of user login page to show logs of user activity to track
suspicious usage
www.cyberoam.com
Card Systems Solutions Breach
Analysis of breach:
 SQL Trojan attack was used
 Malicious code was injected via the Trojan
into the database with the help of browser
agent
 Data extracted via this was sent to an FTP
server situated externally
 Major flaw was the company’s server
never encrypted user’s personal
information
Impact:
 40 million credit card information were reported to be stolen
Percussions:
 It suffered heave losses and finally was acquired by another
company
www.cyberoam.com
Department of Veteran Affairs Breach
Analysis of breach:
 Database was stored on laptop and
external hard drive
 Lack of Security awareness
 Lack of physical security caused this
attack
 No encryption methods were used to
store the database
Impact:
 Name, social security numbers and other personal information were
leaked
Percussions:
 Financial loss is estimated to be around $100-$500 million
www.cyberoam.com
New York Times Breach
Analysis of breach:
 Spear Phishing attacks were used in this
attack
 E-mails with phishing links were sent to
targeted users that lead to websites infected
with custom malwares
 53 different types of malware was used in
this attack
 Backdoors were set on user’s computers
 On gaining access to the network, hackers
got access to the domain controller
containing the hashed passwords of every
employee
www.cyberoam.com
Impact:
 Gained access to employees’ e-mail address and specific documents
 53 employees’ computers were accessed
Percussions:
 Blocked compromised computers
 Removed backdoors from every computer
 Changed every employee password
 Implemented additional Security Systems
www.cyberoam.com
Facebook Breach
Analysis of breach:
 When people upload their contact lists or
address books to Facebook, Facebook try to
match that data with the contact information of
other people on Facebook in order to
generate friend recommendations
 Due to Facebook bug, if a person went to
download an archive of their Facebook
account through our Download Your
Information (DYI) tool, they may have been
provided with additional email addresses or
telephone numbers for their contacts or
people with whom they have some connection
www.cyberoam.com
Impact:
 Exposure of email addresses and telephone numbers of an estimated
6 million Facebook users
Percussion:
 Immediate disablement of the DYI tool to fix the problem and turn the
tool back on next day after fixing the tool
www.cyberoam.com
Twitter Breach
Analysis of breach:
 Got hacked with a combination of
methods once in Feb and then again in
August
 Vulnerability in XML of their template
 Exploit in twitter apps
 Exploit that exposes e-mail IDs of twitter
accounts
Impact:
 Exposure of Usernames, e-mail addresses and encrypted passwords
of 250,000 users
Percussion:
 Reset Passwords and revoked session tokens
www.cyberoam.com
NSA Surveillance Program Breach
Analysis of breach:
 Hacker fabricated secure shell keys and digital
certificates to gain access to documents on
NSA computers
 Used Social Engineering to get usernames and
passwords from fellow mates and used these
credentials for illegal login to systems
 Exploiting system administrator’s privileges to
gain unauthorized access to systems
 Gained unauthorized access to other
administrative SSH keys and made it look as if
he could be trusted and gain access to files
 Organization has not protected and secured
these technologies
www.cyberoam.com
Impact:
 Releasing data on the National Security Agency's surveillance
program
 Hacker had access to top-secret data and over time used a thumb
drive to take thousands of confidential documents, damaging to the
NSA
Percussion:
 Implemented proper security measures and secured the technologies
implemented in the organization
www.cyberoam.com
Design of Security Policies and Approach
www.cyberoam.com
Security Framework
Proper Security framework should define the following:
 Access of enterprise network by external network
 Access of enterprise nodes by other branches
 Access of the internet by users in internal
 Access by users from internet to the enterprise
Have Proper measures to implement the following:
 Integrity
 Confidentiality
 Availability/Continuity
www.cyberoam.com
Network and Security Policy Concerns
You need the following to have proper network and security policy
in place:
1: Proper deployment and design of network security devices
2: Find the inside points of attack
3: Have confidentiality of passwords
4: Effective deployment of authentication
5: Protection from packet snooping
6: Physical Security
7: Network Recovery Center
8: Application Security Implementation
9: Content Security Implementation
www.cyberoam.com
www.cyberoam.com
Cyberoam Product Line
Physical environment
Network Security
Centralized Security
Management
Network Monitoring &
Analysis
Cyberoam
UTM, Next-Gen
Firewall
Cyberoam
Central
Console
Cyberoam
iView
Virtual environment
Cyberoam
Virtual
Security
appliance
Cyberoam
Central
Console
Cyberoam iView software
www.cyberoam.com
Cyberoam – UTM or NGFW?
UTM Features
Core NGFW Features
Layer-8
Security
Firewall
Application
Filtering
IPS
Bandwidth
management/QoS
On-appliance
reporting
Web Application
Firewall
Multilink
management
Gateway Anti-Spam
(Inbound/outbound)
Wireless
Security
VPN
Web & Content
Filtering
IPv6
Support
Support for
3G/4G/WiMAX
Gateway
Anti-Virus
www.cyberoam.com
Threat Protection Features
Intrusion Prevention System
- Layer 8 and IPS Tuner driven
- Identity-based IPS policies per user, group and
IP address
- Allows multiple IPS policies
- Identity-based alerts & reports
- 4500+ signatures – broadest security cover
Gateway Anti-Virus, Anti- spyware
-
4 million+ signatures
Bi-directional scanning: Web & Email
Self-service Virus Quarantine
Scans HTTP, FTP, SMTP, POP3, HTTPS, IMAP and
IM traffic
- Instant visibility into Attacker/Victim
Cyberoam
Security Center
Anti-Spam (Inbound/Outbound)
- Three level scanning:
 IP Reputation filtering
 Real-time Blackhole List (RBL)
 Recurrent Pattern Detection (RPDTM) technology
DoS & DDoS Protection
- Packet Rate Limit
- Protection against flood attacks
- SYN Flood
- TCP Flood
- UDP Flood
- ICMP Flood
- IPS Signature to prevent attacks
- Protocol Anomaly
Continuously updated via
-
Cyberoam Security Center
~98% spam detection
Self-service Quarantine and Spam Digest
Scans SMTP, POP3, IMAP traffic
Virus outbreak detection for zero-hour protection
www.cyberoam.com
Enhanced Features – Effective Security
Controls access to HTTP/HTTPS
websites
Blocks Google Cache pages
Blocks Embedded URLs
Blocks Malware hosting sites
Detects & Blocks Third Party Proxy
and Tunneling sites
Filters Web 2.0 content
Safe Search
Blocks file upload on HTTP and HTTPS
www.cyberoam.com
Cyberoam’s Layer 7 Application Visibility & Control
 Industry leading coverage for Visibility &
Control over 2000+ key applications
 Security against data leakage, sophisticated
application-layer threats – malware,
phishing, botnet
 Support for Business & Collaboration
applications and Cloud & SaaS deployments
www.cyberoam.com
Prioritize applications with Layer 7 and Layer 8 controls
Internet
Application Traffic
Cyberoam Appliance
Visibility
Control
Manage Bandwidth
Business Critical
Socio business
Non Critical
Infected Applications Blocked
worms
Spyware
Undesirable
Logs & Reports
Controls over applications based on User Identity, Time, Application and Bandwidth
www.cyberoam.com
Data Leakage Prevention
Web leakage prevention
 Restrict file upload over
HTTP, Web Email, FTP, P2P
and other file sharing
applications.
 Restrict upload based on
username and work profile
Encrypted HTTPS/SSL
protocol leakage prevention
Instant Messaging (IM)
leakage prevention
 Control file upload over
HTTPS/SSL websites
 Prevent misuse of
encrypted medium
for
.
unauthorized data transfer
 Control over chat, voice,
video, file transfer
 Control who can chat with
whom
.
 Block specific keywords
 Block regular expressions
(RegEx) e.g. SSN, credit card
no., ABN routing numbers
Logging and Reporting
 Layer-8 Identify-based Logs and Reports
 IM audit logs
 Filter logs based on Users, IPs, Messages based on
.
keywords
 Support CIPA, HIPAA, PCI DSS regulatory compliances
www.cyberoam.com
Traffic Discovery
www.cyberoam.com
Identity-based Reports
1200+ detailed reports
Customizable Reports
Per User/Customer Logs & Reports
www.cyberoam.com
Protection against threats
Ensuring network /application, service
availability against DDoS attacks
Protecting network against latest
malware & vulnerabilities
Reducing time & efforts required to
retrieve legitimate mails from Spam
www.cyberoam.com
Cyberoam IPS offers protection against DDoS attacks
Botnet
Bot
Cyberoam
Bot
Bot
www.cyberoam.com
Cyberoam Antispam

RPD technology

>98% ratio

1 out of 1mln. false
positive

Self service portal

Mailbox management

Up to 8 mailboxes/user.
Premium
www.cyberoam.com
Holistic Security for Connected
Critical Infrastructure
Integrated threat protection, situational awareness and security controls
for Industrial Control Systems (ICS) including SCADA
www.cyberoam.com
SCADA-aware IPS with pre-defined category for ICS & SCADA signatures
www.cyberoam.com
Granular visibility and control over ICS/SCADA protocols like
Modbus, Bacnet, IEC, DNP3
www.cyberoam.com
Securing virtual data centers
Migration to Virtualization
Servers
Storage
Security
Server & Storage
 How do
Workstations
Security appliance
I Network
secure my virtual network?
 Do I need to buy virtual security from
another vendor?
Organization’s
Existing Environment
?
Organization’s Virtual Environment
Organization’s Physical Environment
www.cyberoam.com
Cyberoam secures virtual data centers with
Virtual security appliances
vSwitch
Internet
vSwitch
vSwitch
Cyberoam
Virtual NGFW
administrator
www.cyberoam.com
Thank you
[email protected]
www.cyberoam.com

Download Report