Securing From the Inside Out Geoffrey Van Beylen Manager Systems Engineering

© Copyright Fortinet Inc. All rights reserved.

1

What We Used To Think

2

How We Think Today

3

The Anatomy Of An Attack

“Generic Threat” Bot Zero Day Threat

Trojan Virus Worm

Devices Email Web sites Physical media

4

Advanced Targeted Attack Lifecycle Day 1

2 Years + “Bot net” Activation

Advanced Targeted Attack

“Social Engineering”

Zero Day Exploit 5

The Threat is Worse Than Ever

*Akylus July 2014

6

With A Consistent Motivation

*Hackmageddon July 2014

7

2014 Threat Landscape Developments Heartbleed Vulnerable OpenSSL

IoT: The Moon Worm Linksys Routers

Feb 13!

Apple iCloud Ransomware $100 EUR Oleg Pliss

May 26!

Apr 07!

Havex RAT OPC Server Spy

Jun 23!

Aug 05!

Cybervor 1.2B User & Pass 500M emails

Aug 15!

Supervalu Data Breach, 200 Stores Affected Evernote Hack 50M Users

Q2 2014 (IDC): 301.3M Smart Phones Shipped Android 84.7% Market

Mar! 2013!

February: Drive-By Mobile (DriveGenie)

Jun 10!

Evernote Hack 164,644 Forum Members

June: Pletor Mobile Ransom (Doc Encryption)

July: Dorkbot/Ngrbot Kamikaze

8

No One Is Immune

Did you change your password?

9

ebay – The Impact by the Numbers

145 M 525,600 262,800 551

User accounts compromised

Minutes in a year

Number of Passwords changed in a year (Average 2 minutes/password) Man/years wasted changing passwords

10

Follow The Acronym Trail

11

Is There A Silver Bullet For Defeating an ATA?

Advanced Targeted Attack

12

Focus on Three Key Actions

Step 1 - Prevent

Step 2 - Detect

Step 3 - Mitigate

• Prevent threats before they enter your network

•  Discover threats that have or tried to enter the network

•  Respond to any threats that have breached the network

• Proactive is key

13

Fortinet Advanced Threat Protection Framework

14

Step 1 - Prevent § Stateful Firewall § 2 Factor Authentication § Intrusion Prevention § Application Control § Web Filtering § Email Filtering § Anti-Virus

15

A Cornerstone of efficient Migitation

The reports of my death have been greatly exaggerated.

16

The Human Factor - Laziness

“Old Habits Die Hard”

17

Operating Systems Require Constant Updates

Installed PC Operating Systems* 3%

9%

12% Windows 8/8.1 Windows 7

24%

Windows XP Windows Vista Other 52%

*Net Applications September 2014

18

Not All Anti-Virus Solutions are Equal

Detection Technology

Network Placement

Operational Efficacy 19

Step 2 - Detect § Stateful Firewall

§ Botnet detection

§ 2 Factor Authentication

§ Client reputation

§ Intrusion Prevention

§ Network behavior analysis

§ Application Control

§ Sandboxing

§ Web Filtering § Email Filtering §  Antivirus

20

Payload Analysis (aka “sandboxing”) § What is it?

Unsafe action, escape attempt

X

» Virtual container, reflecting an end user desktop, in which untrusted programs can be safely examined

§ What happens in it? » Code is executed in an contained, virtual environment communication » Activity is logged and is analyzed for suspect characteristics Controlled inspection » Rating is determined based on system, file, web and traffic activity

§ Why is it important? » Traditional security looks at static attributes (signature, heuristic, pattern, reputation, etc.) rather than dynamic activity » In many cases, a site or code is just the first, small stage 21

But a Word of Caution,,,,,

http://www.darkreading.com/attacks-breaches/the-increasing-failure-of-malware-sandbo/240159977

22

Step 3 - Mitigate § Stateful Firewall

§ Client reputation

§ 2 Factor Authentication

§ Network behavior analysis

§ Intrusion Prevention

§ Sandboxing

§ Application Control § Web Filtering

§ Consolidated logs and reports

§ Email Filtering

§ Professional Services

§ Antivirus

§ User or Device Quarantine

§ Botnet detection

§ Real-time Activity Views § Security Reporting § Threat Intelligence § Threat Prevention Updates 23

Coordinated Defense Strategy

In-Network Defenses

Continuous Updates

Threat Research and Discovery

24

The Fortinet ATP Solution

FortiGuard Lab FortiGuard Services

25

Fortinet Secure EcoSystem

SANDBOX INTEGRATION Provides advanced FortiGuard Analysis •  FortiGate – Verdict Query and Quarantine – Log Analysis •  FortiClient – Verdict Query, Hold and File Quarantine – Local Sandbox Signature Scan •  FortiMail – Hold and Await Verdict Response

FortiGate

FortiMail

FortiClient

FortiSandbox

26

Fortinet Secure EcoSystem Securing From the Inside Out FAST. SECURE. GLOBAL. FortiPresence

FortiCloud

FortiSandbox

FortiToken

Active Directory

Analyses customer presence in your retail stores and leverages powerful data mining capabilities to provide business intelligence

Provides cloud-based logging and centralized access point management

FortiGate

FortiDDoS

FortiAP

Detonates malware and detects zero-day and advanced attacks. Prevents your organization from making the news.

FortiADC

FortiGate

Secures against Ensures protection Ensures WAN link malicious websites, against application redundancy and undesirable applications, provides inbound level denial of client targeting attacks GSLB load service attacks and malware balancing

FortiExtender

Retail Location

FortiAuthenticator

Provides reliable LTE coverage by ensuring adequate placement of your LTE backhaul link

FortiManager FortiAnalyzer

Identifies users wherever they are, and enforces strong authentication

FortiMail

Servers Secures against email threats and prevents SPAM and virus alike from reaching your users

FortiADC

FortiWeb

Ensures your assets remain available

Product List FortiGate FortiAnalyzer FortiManager FortiWeb FortiADC FortiDB FortiMail FortiAuthenticator FortiToken FortiSandbox FortiAP FortiExtender FortiPresence FortiCloud FortiDDoS

NGFW Log Analysis Centralized Management Web App Firewall App Delivery Controller Database security Email Security 2FA and SSO Token 2FA ATP Wifi AP 3G/LTE termination Presence Analytics Cloud Logging DDoS Prevention

FortiGate FortiAP

Centralized policy management and offers a single pane of glass for your security configuration, logging and reporting

Prevents web application attacks against your critical web assets

FortiDB Provides secure, scalable wireless access to your users leveraging native firewalling on FortiOS

Databases

Inspects and monitors database transactions and ensures your database, and its data, do not fall in the wrong hands

Branch Office

Enterprise

27

FortiGuard Minute

Per Minute

Updates Per Week

FortiGuard Database

72,000

53 Million

150

210,000

100

17,000

68,000

920,000

5,800

Malware programs neutralized

New & updated AV definitions

Application Control rules

310,000

1 Million

250 Million

Malicious Website accesses blocked

New URL ratings

Rated websites in 78 categories

67,000

8,000

151

Spam emails intercepted

Network Intrusion Attempts resisted

Botnet C&C attempts thwarted

New & updated spam rules

Intrusion prevention rules

Hours of threat research globally

Terabytes of threat samples

Intrusion Prevention rules

Zero-day threats discovered

34 Million

Website categorization requests

Based on Q4 2014 data

28

Protecting Today’s Network § Evolution, evolution, evolution

§ Wherever there is value, the cyber criminal will follow

29

Protecting Today’s Network § Evolution, evolution, evolution

§ Wherever there is value, the cyber criminal will follow § Anticipate, React, Respond

30

Thank You!

31