Securing the Human (人を守るセキュリティ)

  • Published on

  • View

  • Download

Embed Size (px)


2012125RSA Hugh Thompson


<ul><li> 1. Securing the Human: Challenges and Success StoriesDr. Hugh ThompsonChief Security Strategist andSenior Vice President Blue Coat Systems, Inc. 2012.</li></ul> <p> 2. Blue Coat Systems, Inc. 2012. 3. Blue Coat Systems, Inc. 2012. 4. The Shifting ITEnvironment Blue Coat Systems, Inc. 2012. 5. Shift: Attackers Attackers are becoming organized and profit-driven Attackers are turning to a blend of technical andhuman attacks An entire underground economy has been created: Meeting place for buyers and sellers (chat rooms, auctionsites, etc.) What they are trading: vulnerabilities, botnet time, creditcard numbers, PII, New ways to exchange of value anonymously and in non-sovereign currency Blue Coat Systems, Inc. 2012. 6. Shift: Consumerization Shift in technology power from the enterprise to the individual Employee-owned devices are now more powerful than company-provided devices Rogue/shadow IT is large and growing as individuals now have greater choices with technology Blue Coat Systems, Inc. 2012. 7. Shift: Growing complexity/credibility of attacks It is becoming harder for users to make goodsecurity/risk choices Bad neighborhoods online are looking like good neighborhoods online Phishing emails use shortened URLS and are increasingly credible Bad URLs coming in from trusted sources Safety nets are eroding Desktop AV often not present or unreliable on BYOD New malware being generated quickly, reducing the effectiveness of AV signatures Blue Coat Systems, Inc. 2012. 8. Blue Coat Systems, Inc. 2012. 9. WARNING!SHARKMAGEDDON!! Blue Coat Systems, Inc. 2012. 10. Behind the numbers Worldwide shark attacks rose from63 to 79 in 2010. Much of the increase was due to twovery angry sharks in Egypt! Blue Coat Systems, Inc. 2012. 11. Hackernomics In the absence of security education orexperience, people (customers, managers, developers, testers, designers)naturally make poor security decisions with technologyCorollary: Systems need to be easy to use securely and difficult to useinsecurely Blue Coat Systems, Inc. 2012. 12. Blue Coat Systems, Inc. 2012. 13. Blue Coat Systems, Inc. 2012.17 14. Haccident (hacking accident) An undesirable or unfortunate happening that occurs unintentionally by users making security mistakes when using technology. Blue Coat Systems, Inc. 2012. 15. Blue Coat Systems, Inc. 2012. 16. Blue Coat Systems, Inc. 2012. 17. Bob door slide Blue Coat Systems, Inc. 2012. 18. Blue Coat Systems, Inc. 2012. 19. Blue Coat Systems, Inc. 2012. 20. WebPulse Collaborative DefenseProxy Cloud Proxy Packet Cache K9 Third SGService AV ShaperFlowParty AwareIntelligent Proactive 75 Million Users New &amp; Emerging Malware Malnet Tracking Worldwide Negative Day Defense Multi-dimensional Ratings One Billion Daily for Different Content Types Web &amp; Mobile Application Requests Controls Real-time Web Filtering in Consumer &amp; Enterprise 21 Languages Blocks 3.3M Threats Daily Blue Coat Systems, Inc. 2012 24 21. Negative Day Defense Negative Day Defense IdentifiesNegative Day Defense Continues to Block Malnet Infrastructureand Blocks New ComponentsUTMAV Engines Begin DetectionPolicy applied ActiveThreat Phase -30 Days 0 Day +1 Days+30 DaysInfrastructurePhase New Subnet,Exploit AttackDynamic Payload AttackIP AddressServerBeginsChanges DomainEndsand Host Name Blue Coat Systems, Inc. 2012 25 22. Enabling the Real-Time Enterprise Single DeviceMultiple Devices Owned by IT Devices Owned by Employee Office-Based Users Always-on Remote &amp; Users &amp; on Private WAN Mobile Workers,Networks Controlled by ITPublic AccessEnterprise Apps Store &amp; Enterprise Apps ApplicationsConsumer Style Apps Sanctioned by ITMandated by UsersSecuring the Securing the PerimeterSecurityUser Blue Coat Systems, Inc. 201226 23. No IntranetAccessChoppyVideo VPNErrorInaudibleVoice MultipleLoginsRequired Malware Exposure Blue Coat Systems, Inc. 2012. 24. FastResponse Time StreamingVideo &amp; Voice Seamless Accessto AppsMalware ProtectedOne,Secure LoginGreaterProductivity Blue Coat Systems, Inc. 2012. 25. Blue Coat Systems, Inc. 2012. 26. Summary The threat landscape is changing attackers are going after bothtechnical vulnerabilities and humanvulnerabilities We must be proactive in stoppingthreats Preventing bad user choices is a keycomponent of a comprehensivesecurity solution Blue Coat Systems, Inc. 2012.</p>