SlideShare a Scribd company logo
1 of 31
Download to read offline
Internet Security Threat Report (ISTR) 16
    Highlights and Recommended Defenses



    April 2011


Symantec Internet Security Threat Report (ISTR), Volume 16   1
Threat Landscape



Symantec Internet Security Threat Report (ISTR), Volume 16   2
Threat Landscape
2010 Trends
                         Social Networking + Social Engineering = Security Nightmare
                         Whether targeting a CEO or the family next door, the Internet and
                         social networks provide cybercriminals rich research for tailoring an
                         attack. By sneaking in among our friends, hackers can learn our
                         interests, gain our trust, and convincingly masquerade as friends. A
                         well-executed, socially engineered attack has become almost
                         impossible to spot.


                                                                                        Mobile Threats increase
                                                                             More people than ever are using smartphones and tablets,
                                                                             and cybercriminals are taking notice. Because most
                                                                             malicious code now is designed to generate revenue, there
                                                                             are likely to be more threats created for these devices as
                                                                             people increasingly use them for sensitive transactions such
                                                                             as online shopping and banking.


                           Targeted Attacks continue to evolve
                 Targeted attacks, while not new, gained notoriety from high-profile
                 attacks against major organizations (Hydraq) and significant targets
                 (Stuxnet). These attacks raised awareness of Advanced Persistent
                 Threats (APTs) .




Symantec Internet Security Threat Report (ISTR), Volume 16                                                                         3
Threat Landscape
2010 Trends
                                 Attack Kits get a caffeine boost

         While targeted attacks are focused on compromising specific
         organizations or individuals, attack toolkits are the opposite side of the
         coin, using broadcast blanket attacks that attempt to exploit anyone
         unfortunate enough to visit a compromised website. Innovations from
         targeted attacks will make their way into massive attacks, most likely
         via toolkits.




                                                                    Hide and Seek zero-day vulnerabilities and rootkits

                                                          The primary goal of malicious code that employs rootkit techniques is
                                                          to evade detection. This allows the threat to remain running on a
                                                          compromised computer longer and, as a result, increases the potential
                                                          harm it can do. Targeted attacks depend on their ability to get inside an
                                                          organization and stay hidden in plain sight. Zero-day vulnerabilities and
                                                          rootkits have made this possible.




Symantec Internet Security Threat Report (ISTR), Volume 16                                                                            4
Threat Landscape
 Social networking + social engineering = security nightmare

                                                                       More Info:




                                                                 Detailed review of
                                                                 Social Media threats
                                                                 available in The Risks of
                                                                 Social Networking




• Hackers have adopted social networking sites to:
    – Use profile information to create targeted social engineering attacks
    – Impersonate friends to launch attacks
    – Leverage news feeds to spread spam, scams and massive attacks

Symantec Internet Security Threat Report (ISTR), Volume 16                                   5
Threat Landscape
 Social networking + social engineering = security nightmare
• Shortened URLs can hide
  malicious links, increasing
  infections
• 73% of the shortened URLs observed on social networks (that
  led to malicious websites) were clicked 11 times or more




Symantec Internet Security Threat Report (ISTR), Volume 16      6
Threat Landscape
 Mobile threats
• Currently most malicious code for mobile devices consists of
  Trojans that pose as legitimate applications



                                               163
                       115                  vulnerabilities
                   vulnerabilities




                     2009                     2010


• Will be increasingly targeted as they are used for financial
  transactions


Symantec Internet Security Threat Report (ISTR), Volume 16       7
Threat Landscape
 Targeted attacks continue to evolve
• High-profile targeted attacks in 2010 raised awareness of Advanced Persistent
  Threats (APTs)




    Stuxnet signaled a leap in the sophistication of these types of attacks:
     – Four zero-day vulnerabilities (vulnerabilities that were                            More Info:
       previously unknown)
     – Stolen digital signatures helped mask it from security systems
     – Ability to leap the “air gap” (Used USB keys to spread
       Stuxnet to computers not connected to a network)
     – Potential damage to infrastructure including power grids, water supplies and
       nuclear power plants                                                           Detailed review in the:
                                                                                      W32.Stuxnet Dossier
                                                                                      & W32.Stuxnet



Symantec Internet Security Threat Report (ISTR), Volume 16                                                      8
Threat Landscape
 Targeted attacks continue to evolve
• Less sophisticated attacks also cause significant damage




                                                             Average Number of Identities Exposed per Data Breach by Cause



• Average cost to resolve a data breach in 2010: $7.2 mm USD


Symantec Internet Security Threat Report (ISTR), Volume 16                                                                   9
Threat Landscape
 Attack kits get a caffeine boost with Java
Def: Bundles of malicious code tools used to facilitate the launch of concerted and widespread attacks
   on networked computers

• Attack kits continue to see widespread use
• Java exploits added to many existing kits
• Kits exclusively exploiting Java vulnerabilities appeared for the first time



                                                                                                 More Info:




                                                                                            Detailed information
                                                                                            available in ISTR Mid-
                                                                                            Term: Attack Toolkits
                                                                                            and Malicious
                                                                                            Websites




Symantec Internet Security Threat Report (ISTR), Volume 16                                                           10
Threat Landscape
 Hide and seek (zero-day vulnerabilities and attack rootkits)
• A rootkit is a collection of tools
  that allow an attacker to hide
  traces of a computer
  compromise from the operating
  system and also the user
• Zero-days are being used in a
  more aggressive way and
  featured heavily in
  Hydraq/Stuxnet
• Attack toolkits help to spread
  knowledge of exploits that
  leverage vulnerabilities
                                                             Number of documented ‘zero-day’ vulnerabilities




Symantec Internet Security Threat Report (ISTR), Volume 16                                                     11
ISTR 16: Key Facts and Figures



Symantec Internet Security Threat Report (ISTR), Volume 16   12
Symantec™ Global Intelligence Network
  Identifies more threats, takes action faster & prevents impact


                  Calgary, Alberta                               Dublin, Ireland



                                                                                                                                                      Tokyo, Japan
     San Francisco, CA
      Mountain View, CA              Austin, TX                                                                            Chengdu, China
           Culver City, CA
                                                                                                                                            Taipei, Taiwan
                                                                                                                      Chennai, India
                                                                                                        Pune, India




               Worldwide Coverage                            Global Scope and Scale                              24x7 Event Logging

                                                                  Rapid Detection

Attack Activity                                   Malware Intelligence                 Vulnerabilities                                 Spam/Phishing
• 240,000 sensors                             • 133M client, server,               • 40,000+ vulnerabilities               • 5M decoy accounts
• 200+ countries                                gateways monitored                 • 14,000 vendors                        • 8B+ email messages/day
                                              • Global coverage                    • 105,000 technologies                  • 1B+ web requests/day

           Preemptive Security Alerts                         Information Protection                           Threat Triggered Actions

  Symantec Internet Security Threat Report (ISTR), Volume 16                                                                                                 13
Key Facts and Figures
 Malicious code, which is anyof
  programming code capable
     causing harm to legitimate
     code or data, or that can
     compromise confidentiality in a
     computing system…



 …takes advantageoperating
  vulnerabilities in
                     of

     systems, programs,
     applications, etc….



 …which canlaptop,tomobile
  computer,
              lead your

     phone, or other Internet-
     connected device being
     infected with threats like
     viruses, worms, or Trojans…



 …It may also leadoftofraud.
  and other forms
                         ID theft




   Symantec Internet Security Threat Report (ISTR), Volume 16   14
Malicious Code Trends
Threats to confidential information
• 64% of potential infections by the top 50 malicious code
  samples were threats to confidential information




Symantec Internet Security Threat Report (ISTR), Volume 16   15
Vulnerability Trends
Web Browser Plug-In Vulnerabilities
• Number of Flash and Reader vulnerabilities continued to grow




Symantec Internet Security Threat Report (ISTR), Volume 16       16
Threat Activity Trends
Malicious Activity by Country




Symantec Internet Security Threat Report (ISTR), Volume 16   17
Threat Activity Trends
Data Breaches by Sector
• The average cost to resolve a data breach
  in 2010 was $7.2 million USD
• 85% of identities exposed were customers




                                                             Average Number of Identities Exposed per Data Breach by Cause




                                                             Average Number of Identities Exposed per Data Breach by Sector

Symantec Internet Security Threat Report (ISTR), Volume 16                                                            18
Threat Activity Trends
Web-based Attacks
• 93% increase in Web-based attacks from 2009 to 2010
• Spikes related to specific activities (release of new attack kits, current events, etc.)




Symantec Internet Security Threat Report (ISTR), Volume 16                                   19
Fraud Activity Trends
Phishing categories
Def: “Phishing” is a derivative of “fishing” and alludes to the use of “bait” to “catch” personally identifiable information

• 56% of phishing attacks imitated banks
• Many email-based fraud attempts referred to major sporting, news
  and pop-culture events in 2010




Symantec Internet Security Threat Report (ISTR), Volume 16                                                                     20
Fraud Activity Trends
Underground economy servers
• Credit cards and bank account credentials continue to be the
  top two advertised items on the black market
• Bulk rates for credit cards range from 10 cards for $17 to 1000
  cards for $300




Symantec Internet Security Threat Report (ISTR), Volume 16          21
Consumer and Enterprise Best Practices
    For protection defending against latest threats




Symantec Internet Security Threat Report (ISTR), Volume 16   22
Consumer Best Practices
       Protect yourself
       • Use a modern Internet security solution for maximum protection against online threats that
         includes:
         • Antivirus protection
         • Intrusion prevention to protect against Web-attack toolkits, unpatched vulnerabilities, and
           socially engineered attacks
         • Browser protection to protect against Web-based attacks
         • Reputation-based tools that check the reputation and trust of a file before downloading
         • Behavioral prevention that keeps malicious threats from executing even if they get onto your
           computer
         • URL reputation and safety ratings for websites found through online searches

       Keep up-to-date
       • Keep virus definitions and security content updated at least daily - if not hourly – to protect your
         computer against the latest viruses and malicious software (“malware”)

       Use an effective password policy
       • Ensure that passwords are a mix of letters and numbers, and change them often. Passwords
         should not consist of words from the dictionary, since these are easier for cybercriminals to hack
       • Do not use the same password for multiple applications or websites
       • Use complex passwords (upper/lowercase, punctuation and symbols) or passphrases. (e.g., “I
         want to go to Paris for my birthday” becomes, “I1t2g2P4mb”

Symantec Internet Security Threat Report (ISTR), Volume 16                                                      23
Consumer Best Practices
       Know what you are doing
       • “Free,” “cracked,” or “pirated” versions of software can contain malware or social engineering
         attacks
       • Read end-user license agreements (EULAs) carefully and understand all terms before agreeing to
         them. Some security risks can be installed because of that acceptance

       Guard your personal data
       • Limit the amount of personal information you make publicly available on the Internet (including
         and especially social networks) as it may be harvested by cybercriminals and used in targeted
         attacks, phishing scams, or other malicious activities
       • Never disclose any confidential personal or financial information unless and until you can confirm
         that any request for such information is legitimate
       • Avoid banking or shopping online from public computers (such as libraries, Internet cafes, etc.) or
         from unencrypted Wi-Fi connections

       Think before you click
       • Never view, open, or execute any email attachment or click on a URL, unless you expect it and
         trust the sender.; even if it’s coming from trusted users, be suspicious
       • Do not click on shortened URLs without expanding them first using “preview” tools
       • Do not click on links in social media applications with catchy titles or phrases; you may end up
         “liking it” and sending it to all of your friends – just by clicking anywhere on the page
       • Be suspicious of warnings that pop-up asking you to install media players, document viewers and
         security updates; only download software directly from the vendor’s website

Symantec Internet Security Threat Report (ISTR), Volume 16                                                     24
Enterprise Defenses Against Social Engineering
        Web Gateway Security
        • Scan all potentially malicious downloads regardless of how the download is initiated
        • Prevent users from being redirected to malicious Websites

        Data Loss Prevention
        • Discover concentrations of confidential information downloaded to an employee’s PC

        Network and Host Based Intrusion Prevention
        • Monitor and protect critical systems from exploitation
        • Protect against misleading applications like fake antivirus
        • Prevent drive-by download web attacks

        Strong Authentication
        • Protect against unauthorized access to confidential data beyond just username and password

        Security Awareness Training
        • Ensure employees become the first line of defense


Symantec Internet Security Threat Report (ISTR), Volume 16                                             25
Defenses Against Mobile Threats

        Device Management
        • Remotely wipe devices in case of theft or loss
        • Update devices with applications as needed without physical access
        • Get visibility and control of devices, users and applications

        Device Security
        • Guard mobile device against malware and spam
        • Prevent the device from becoming a vulnerability

        Content Security
        • Identify confidential data on mobile devices
        • Encrypt mobile devices to prevent lost devices from turning into lost confidential data

        Identity and Access
        • Strong authentication and authorization for access to enterprise applications and resources
        • Allow access to right resources from right devices with right postures


Symantec Internet Security Threat Report (ISTR), Volume 16                                              26
Enterprise Defenses Against Targeted Attacks
        Advanced Reputation Security
        • Detect and block new and unknown threats based on reputation and ranking

        Host Intrusion Prevention
        • Implement host lock-down as a means of hardening against malware infiltration

        Removable Media Device Control
        • Restrict removable devices and functions to prevent malware infection

        Email & Web Gateway Filtering
        • Scan for infected files and block accordingly

        Data Loss Prevention
        • Discover data spills of confidential information that are targeted by attackers

        Encryption
        • Create and enforce security policy so all confidential information is encrypted

        Network Threat and Vulnerability Monitoring
        • Monitor for network intrusions, propagation attempts and other suspicious traffic patterns

Symantec Internet Security Threat Report (ISTR), Volume 16                                             27
Defenses Against Attack Toolkits
        Advanced Reputation Security
        • Detect and block new and unknown threats based on reputation and ranking

        Fraud Detection Services
        • Monitor and analyze specific transaction types for known scams and evolving threats

        Asset and Patch Management
        • Identify what and where your high value assets are
        • Ensure latest patches are deployed and up-to-date across all platforms and applications

        Threat and Vulnerability Management
        • Monitor for network intrusions, propagation attempts & suspicious traffic patterns
        • Receive alerts for new vulnerabilities and threats across vendor platforms

        Host Intrusion Detection and Prevention
        • Monitor and protect critical systems from being exploited


Symantec Internet Security Threat Report (ISTR), Volume 16                                          28
Enterprise Defenses Against Hide and Seek

        Advanced Reputation Security
        • Detect and block new and unknown threats based on reputation and ranking

        Security Incident and Event Management
        • Detect and correlate suspicious patterns of behavior

        Network Threat and Vulnerability Monitoring
        • Monitor environment for excessive log-ins or privileged escalation

        Vulnerability Assessment
        • Ensure network devices, OS, databases and web applications systems are properly configured
        • Determine whether or not a vulnerability is truly exploitable

        Host Intrusion Prevention
        • Implement host lock-down as a means of hardening against malware infiltration



Symantec Internet Security Threat Report (ISTR), Volume 16                                             29
Stay Informed: Additional Resources

                                                             Build Your Own ISTR
                                                             go.symantec.com/istr




      Daily measure of cybercrime risks
                          nortoncybercrimeindex.com


                                                             Follow Us:
                                                             Twitter.com/threatintel
                                                             Twitter.com/nortononline
Symantec Internet Security Threat Report (ISTR), Volume 16                              30
Thank you!
    For more information, please visit:
    go.symantec.com/istr


    Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in
    the U.S. and other countries. Other names may be trademarks of their respective owners.

    This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied,
    are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.


Symantec Internet Security Threat Report (ISTR), Volume 16                                                                                                                                  31

More Related Content

More from Symantec

Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar |  Tips for Successful CASB ProjectsSymantec Webinar |  Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec
 
GDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantGDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantSymantec
 
Symantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec
 

More from Symantec (20)

Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar |  Tips for Successful CASB ProjectsSymantec Webinar |  Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 
GDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantGDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators Want
 
Symantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 Webinar
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
 

Recently uploaded

Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 

Recently uploaded (20)

Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 

Internet Security Threat Report, Volume 16

  • 1. Internet Security Threat Report (ISTR) 16 Highlights and Recommended Defenses April 2011 Symantec Internet Security Threat Report (ISTR), Volume 16 1
  • 2. Threat Landscape Symantec Internet Security Threat Report (ISTR), Volume 16 2
  • 3. Threat Landscape 2010 Trends  Social Networking + Social Engineering = Security Nightmare Whether targeting a CEO or the family next door, the Internet and social networks provide cybercriminals rich research for tailoring an attack. By sneaking in among our friends, hackers can learn our interests, gain our trust, and convincingly masquerade as friends. A well-executed, socially engineered attack has become almost impossible to spot.  Mobile Threats increase More people than ever are using smartphones and tablets, and cybercriminals are taking notice. Because most malicious code now is designed to generate revenue, there are likely to be more threats created for these devices as people increasingly use them for sensitive transactions such as online shopping and banking.  Targeted Attacks continue to evolve Targeted attacks, while not new, gained notoriety from high-profile attacks against major organizations (Hydraq) and significant targets (Stuxnet). These attacks raised awareness of Advanced Persistent Threats (APTs) . Symantec Internet Security Threat Report (ISTR), Volume 16 3
  • 4. Threat Landscape 2010 Trends  Attack Kits get a caffeine boost While targeted attacks are focused on compromising specific organizations or individuals, attack toolkits are the opposite side of the coin, using broadcast blanket attacks that attempt to exploit anyone unfortunate enough to visit a compromised website. Innovations from targeted attacks will make their way into massive attacks, most likely via toolkits.  Hide and Seek zero-day vulnerabilities and rootkits The primary goal of malicious code that employs rootkit techniques is to evade detection. This allows the threat to remain running on a compromised computer longer and, as a result, increases the potential harm it can do. Targeted attacks depend on their ability to get inside an organization and stay hidden in plain sight. Zero-day vulnerabilities and rootkits have made this possible. Symantec Internet Security Threat Report (ISTR), Volume 16 4
  • 5. Threat Landscape  Social networking + social engineering = security nightmare More Info: Detailed review of Social Media threats available in The Risks of Social Networking • Hackers have adopted social networking sites to: – Use profile information to create targeted social engineering attacks – Impersonate friends to launch attacks – Leverage news feeds to spread spam, scams and massive attacks Symantec Internet Security Threat Report (ISTR), Volume 16 5
  • 6. Threat Landscape  Social networking + social engineering = security nightmare • Shortened URLs can hide malicious links, increasing infections • 73% of the shortened URLs observed on social networks (that led to malicious websites) were clicked 11 times or more Symantec Internet Security Threat Report (ISTR), Volume 16 6
  • 7. Threat Landscape  Mobile threats • Currently most malicious code for mobile devices consists of Trojans that pose as legitimate applications 163 115 vulnerabilities vulnerabilities 2009 2010 • Will be increasingly targeted as they are used for financial transactions Symantec Internet Security Threat Report (ISTR), Volume 16 7
  • 8. Threat Landscape  Targeted attacks continue to evolve • High-profile targeted attacks in 2010 raised awareness of Advanced Persistent Threats (APTs) Stuxnet signaled a leap in the sophistication of these types of attacks: – Four zero-day vulnerabilities (vulnerabilities that were More Info: previously unknown) – Stolen digital signatures helped mask it from security systems – Ability to leap the “air gap” (Used USB keys to spread Stuxnet to computers not connected to a network) – Potential damage to infrastructure including power grids, water supplies and nuclear power plants Detailed review in the: W32.Stuxnet Dossier & W32.Stuxnet Symantec Internet Security Threat Report (ISTR), Volume 16 8
  • 9. Threat Landscape  Targeted attacks continue to evolve • Less sophisticated attacks also cause significant damage Average Number of Identities Exposed per Data Breach by Cause • Average cost to resolve a data breach in 2010: $7.2 mm USD Symantec Internet Security Threat Report (ISTR), Volume 16 9
  • 10. Threat Landscape  Attack kits get a caffeine boost with Java Def: Bundles of malicious code tools used to facilitate the launch of concerted and widespread attacks on networked computers • Attack kits continue to see widespread use • Java exploits added to many existing kits • Kits exclusively exploiting Java vulnerabilities appeared for the first time More Info: Detailed information available in ISTR Mid- Term: Attack Toolkits and Malicious Websites Symantec Internet Security Threat Report (ISTR), Volume 16 10
  • 11. Threat Landscape  Hide and seek (zero-day vulnerabilities and attack rootkits) • A rootkit is a collection of tools that allow an attacker to hide traces of a computer compromise from the operating system and also the user • Zero-days are being used in a more aggressive way and featured heavily in Hydraq/Stuxnet • Attack toolkits help to spread knowledge of exploits that leverage vulnerabilities Number of documented ‘zero-day’ vulnerabilities Symantec Internet Security Threat Report (ISTR), Volume 16 11
  • 12. ISTR 16: Key Facts and Figures Symantec Internet Security Threat Report (ISTR), Volume 16 12
  • 13. Symantec™ Global Intelligence Network Identifies more threats, takes action faster & prevents impact Calgary, Alberta Dublin, Ireland Tokyo, Japan San Francisco, CA Mountain View, CA Austin, TX Chengdu, China Culver City, CA Taipei, Taiwan Chennai, India Pune, India Worldwide Coverage Global Scope and Scale 24x7 Event Logging Rapid Detection Attack Activity Malware Intelligence Vulnerabilities Spam/Phishing • 240,000 sensors • 133M client, server, • 40,000+ vulnerabilities • 5M decoy accounts • 200+ countries gateways monitored • 14,000 vendors • 8B+ email messages/day • Global coverage • 105,000 technologies • 1B+ web requests/day Preemptive Security Alerts Information Protection Threat Triggered Actions Symantec Internet Security Threat Report (ISTR), Volume 16 13
  • 14. Key Facts and Figures  Malicious code, which is anyof programming code capable causing harm to legitimate code or data, or that can compromise confidentiality in a computing system…  …takes advantageoperating vulnerabilities in of systems, programs, applications, etc….  …which canlaptop,tomobile computer, lead your phone, or other Internet- connected device being infected with threats like viruses, worms, or Trojans…  …It may also leadoftofraud. and other forms ID theft Symantec Internet Security Threat Report (ISTR), Volume 16 14
  • 15. Malicious Code Trends Threats to confidential information • 64% of potential infections by the top 50 malicious code samples were threats to confidential information Symantec Internet Security Threat Report (ISTR), Volume 16 15
  • 16. Vulnerability Trends Web Browser Plug-In Vulnerabilities • Number of Flash and Reader vulnerabilities continued to grow Symantec Internet Security Threat Report (ISTR), Volume 16 16
  • 17. Threat Activity Trends Malicious Activity by Country Symantec Internet Security Threat Report (ISTR), Volume 16 17
  • 18. Threat Activity Trends Data Breaches by Sector • The average cost to resolve a data breach in 2010 was $7.2 million USD • 85% of identities exposed were customers Average Number of Identities Exposed per Data Breach by Cause Average Number of Identities Exposed per Data Breach by Sector Symantec Internet Security Threat Report (ISTR), Volume 16 18
  • 19. Threat Activity Trends Web-based Attacks • 93% increase in Web-based attacks from 2009 to 2010 • Spikes related to specific activities (release of new attack kits, current events, etc.) Symantec Internet Security Threat Report (ISTR), Volume 16 19
  • 20. Fraud Activity Trends Phishing categories Def: “Phishing” is a derivative of “fishing” and alludes to the use of “bait” to “catch” personally identifiable information • 56% of phishing attacks imitated banks • Many email-based fraud attempts referred to major sporting, news and pop-culture events in 2010 Symantec Internet Security Threat Report (ISTR), Volume 16 20
  • 21. Fraud Activity Trends Underground economy servers • Credit cards and bank account credentials continue to be the top two advertised items on the black market • Bulk rates for credit cards range from 10 cards for $17 to 1000 cards for $300 Symantec Internet Security Threat Report (ISTR), Volume 16 21
  • 22. Consumer and Enterprise Best Practices For protection defending against latest threats Symantec Internet Security Threat Report (ISTR), Volume 16 22
  • 23. Consumer Best Practices Protect yourself • Use a modern Internet security solution for maximum protection against online threats that includes: • Antivirus protection • Intrusion prevention to protect against Web-attack toolkits, unpatched vulnerabilities, and socially engineered attacks • Browser protection to protect against Web-based attacks • Reputation-based tools that check the reputation and trust of a file before downloading • Behavioral prevention that keeps malicious threats from executing even if they get onto your computer • URL reputation and safety ratings for websites found through online searches Keep up-to-date • Keep virus definitions and security content updated at least daily - if not hourly – to protect your computer against the latest viruses and malicious software (“malware”) Use an effective password policy • Ensure that passwords are a mix of letters and numbers, and change them often. Passwords should not consist of words from the dictionary, since these are easier for cybercriminals to hack • Do not use the same password for multiple applications or websites • Use complex passwords (upper/lowercase, punctuation and symbols) or passphrases. (e.g., “I want to go to Paris for my birthday” becomes, “I1t2g2P4mb” Symantec Internet Security Threat Report (ISTR), Volume 16 23
  • 24. Consumer Best Practices Know what you are doing • “Free,” “cracked,” or “pirated” versions of software can contain malware or social engineering attacks • Read end-user license agreements (EULAs) carefully and understand all terms before agreeing to them. Some security risks can be installed because of that acceptance Guard your personal data • Limit the amount of personal information you make publicly available on the Internet (including and especially social networks) as it may be harvested by cybercriminals and used in targeted attacks, phishing scams, or other malicious activities • Never disclose any confidential personal or financial information unless and until you can confirm that any request for such information is legitimate • Avoid banking or shopping online from public computers (such as libraries, Internet cafes, etc.) or from unencrypted Wi-Fi connections Think before you click • Never view, open, or execute any email attachment or click on a URL, unless you expect it and trust the sender.; even if it’s coming from trusted users, be suspicious • Do not click on shortened URLs without expanding them first using “preview” tools • Do not click on links in social media applications with catchy titles or phrases; you may end up “liking it” and sending it to all of your friends – just by clicking anywhere on the page • Be suspicious of warnings that pop-up asking you to install media players, document viewers and security updates; only download software directly from the vendor’s website Symantec Internet Security Threat Report (ISTR), Volume 16 24
  • 25. Enterprise Defenses Against Social Engineering Web Gateway Security • Scan all potentially malicious downloads regardless of how the download is initiated • Prevent users from being redirected to malicious Websites Data Loss Prevention • Discover concentrations of confidential information downloaded to an employee’s PC Network and Host Based Intrusion Prevention • Monitor and protect critical systems from exploitation • Protect against misleading applications like fake antivirus • Prevent drive-by download web attacks Strong Authentication • Protect against unauthorized access to confidential data beyond just username and password Security Awareness Training • Ensure employees become the first line of defense Symantec Internet Security Threat Report (ISTR), Volume 16 25
  • 26. Defenses Against Mobile Threats Device Management • Remotely wipe devices in case of theft or loss • Update devices with applications as needed without physical access • Get visibility and control of devices, users and applications Device Security • Guard mobile device against malware and spam • Prevent the device from becoming a vulnerability Content Security • Identify confidential data on mobile devices • Encrypt mobile devices to prevent lost devices from turning into lost confidential data Identity and Access • Strong authentication and authorization for access to enterprise applications and resources • Allow access to right resources from right devices with right postures Symantec Internet Security Threat Report (ISTR), Volume 16 26
  • 27. Enterprise Defenses Against Targeted Attacks Advanced Reputation Security • Detect and block new and unknown threats based on reputation and ranking Host Intrusion Prevention • Implement host lock-down as a means of hardening against malware infiltration Removable Media Device Control • Restrict removable devices and functions to prevent malware infection Email & Web Gateway Filtering • Scan for infected files and block accordingly Data Loss Prevention • Discover data spills of confidential information that are targeted by attackers Encryption • Create and enforce security policy so all confidential information is encrypted Network Threat and Vulnerability Monitoring • Monitor for network intrusions, propagation attempts and other suspicious traffic patterns Symantec Internet Security Threat Report (ISTR), Volume 16 27
  • 28. Defenses Against Attack Toolkits Advanced Reputation Security • Detect and block new and unknown threats based on reputation and ranking Fraud Detection Services • Monitor and analyze specific transaction types for known scams and evolving threats Asset and Patch Management • Identify what and where your high value assets are • Ensure latest patches are deployed and up-to-date across all platforms and applications Threat and Vulnerability Management • Monitor for network intrusions, propagation attempts & suspicious traffic patterns • Receive alerts for new vulnerabilities and threats across vendor platforms Host Intrusion Detection and Prevention • Monitor and protect critical systems from being exploited Symantec Internet Security Threat Report (ISTR), Volume 16 28
  • 29. Enterprise Defenses Against Hide and Seek Advanced Reputation Security • Detect and block new and unknown threats based on reputation and ranking Security Incident and Event Management • Detect and correlate suspicious patterns of behavior Network Threat and Vulnerability Monitoring • Monitor environment for excessive log-ins or privileged escalation Vulnerability Assessment • Ensure network devices, OS, databases and web applications systems are properly configured • Determine whether or not a vulnerability is truly exploitable Host Intrusion Prevention • Implement host lock-down as a means of hardening against malware infiltration Symantec Internet Security Threat Report (ISTR), Volume 16 29
  • 30. Stay Informed: Additional Resources Build Your Own ISTR go.symantec.com/istr Daily measure of cybercrime risks nortoncybercrimeindex.com Follow Us: Twitter.com/threatintel Twitter.com/nortononline Symantec Internet Security Threat Report (ISTR), Volume 16 30
  • 31. Thank you! For more information, please visit: go.symantec.com/istr Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Symantec Internet Security Threat Report (ISTR), Volume 16 31