Vital Threat Management for

Enterprise / CarrierIn a Digitally Integrated World

Derek Manky

Project Manager, Cyber Security & Threat Research

CMMA: June 17th, 2009

Presentation Overview

Vital Threat Management For:

Enterprise & APAC

Malware Trends

Cost Effective, Next Generation Security

The Threatscape Today

Layered Security

Mobile Threats

Q&A

Fortinet Confidental 2

Enterprise & APAC

Targeted Attacks

Documents Favored

Various Exploits Used

PDF, XLS, DOC

Common Malware Dropped

Social Engineering 2.0

Location Based Services

Profiling

UPS / DHL Attacks

Salesforce Snow-Ball Effect January 31, 2007: 29,800 Customers

September 2007: Phishing attacks compromise sensitive data

November 2007: FTC spoofed attacks with compromised data

Fortinet Confidental 3

Enterprise & APAC

Targeted Attacks

GhostNet[1]

1,295 unique infections:103 countries

Ministry of Foreign Affairs, Embassies

Concentration in Asia

Spoofed Email (ie: campaigns@freetibet.org)

Malicious MS Word document – exploit

Drops trojan (Ghost RAT), and innocent document

HTTP Communication Used for C&C

Fortinet Confidental 4

GhostNet Source

1: Information Warfare: http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network

Enterprise & APAC

Targeted Attacks

Fortinet Confidental 5

XLS, DOC, PDF Exploits

January - May 2009

0

5,000

10,000

15,000

20,000

25,000

Jan-09 Feb-09 Mar-09 Apr-09 May-09

Det

ecte

d A

ctiv

ity

AMER APAC EMEA

Enterprise & APAC

Targeted Attacks

Fortinet Confidental 6

Enterprise & APAC

W32/Virut.A

Dominant in Asia

Prevalent for 1+ Years in Korea

Parasitic File Infector

Newly Discovered Hybrids

Especially Nasty to Clean

Hybrid Effect

Blended Threats

MyDoom, Netsky, Scareware

Botnets & Control

Polymorphic

Fortinet Confidental 7

Enterprise & APAC Volume & Infection Rate Increase Over 1.5 Years

Source: Fortinet’s FortiGate and Worldwide Intelligence Systems

Fortinet Confidental 8

Netsky vs. Virut

0

200,000

400,000

600,000

800,000

1,000,000

1,200,000

Oct

07

Nov

07

Dec

07

Jan

08

Feb

08

Mar

08

Apr

08

May

08

Jun

08

Jul

08

Aug

08

Sep

08

Oct

08

Nov

08

Dec

08

Jan

09

Feb

09

Mar

09

Apr

09

May

09

Dete

cte

d A

cti

vit

y

W32/Netsky!similar W32/Virut.A

Cost Effective

Next Generation Security

Vital Threat Management

Cost Effective, Next Gen Security Volume & Infection Rate Increase Over 2 Years

Source: Fortinet’s FortiGate and Worldwide Intelligence Systems

Malware Received (Annual)

Infected

Infected

Totals

Totals

2007 2008

Receiv

ed

Sam

ple

s

+52.6%

+31.8%

Fortinet Confidental 10

Cost Effective, Next Gen Security Volume & Infection Rate Increase Over 3 Quarters

Source: Fortinet’s FortiGate and Worldwide Intelligence Systems

Malware Received (Q1)

InfectedInfected

Infected

Totals

Totals

Totals

2007-Q1 2008-Q1 2009-Q1

Receiv

ed

Sam

ple

s

+54.9%

+92.0%

+54.0%

+54.9%

Fortinet Confidental 11

Cost Effective, Next Gen Security APAC Leading 2009 Malware Detections

Source: Fortinet’s FortiGate and Worldwide Intelligence Systems

Fortinet Confidental 12

Global Malware Volume

January - May 2009

0

1,000,000

2,000,000

3,000,000

4,000,000

5,000,000

6,000,000

2009/01 2009/02 2009/03 2009/04 2009/05

Dete

cte

d A

cti

vit

y

AMER APAC EMEA

Ringfence corporate security networks

Blended Threatscape curve

Y2 – Point solutions: costly, patchy security

Z1 – Perceived competitive gap over

time (when economy recovers) if

enterprises adopt UTM security

approach. Z1 can be reduced if IT

managers are trained and FortiGuard

updates are applied due diligence.

Z3 – Greatest perceived gap, if

enterprises are unfocused in

spending and approach. Worst case

scenario, big attack takes place and

enterprises’ assets are compromised.

Will need to play catch up game over

time to bridge the competitive gap.

Z2 – Perceived gap when companies

attempt to patch security holes with

costly point services. Creates a

greater gap for enterprises, which

indirectly causes enterprises to be

less competitive over time.

Protection versus

Threatscape

Competitive

Outcome overtime

Fortinet Confidental 13

Next Gen Threats

Public

Internet

Social

Networks

Koobface

Web

XSS

CSRF

SQL Injections

Exploit Kits

Telecomm

Bridge

SymbOs/Yxes

Platforms++ == Vulnerabilities

Bridged Threats

Search

EnginesCloud

ServicesSEO Attacks

Data Breaches

Legacy

Mass Mailers

File Infectors

Digital UndergroundPortable

USB

Bluetooth

MP3

Cameras

Laptops

Financial

/ Auction

Phishing

ScamsIM/Games

Fortinet Confidental 14

Layered Security

Solution A

AntiVirus

Public

Solution D

AntiSpam

UTM

Solution

Solution B

WCF

Solution C

IPS

UTM vs. End Point Approach

Fresh

Web

0-Day

Exploit

Variant #2

Hosted

Variant #1

AttachedMass Mail

12

3

4

5

1

1 2 3 4 5

2 5

3

4

Fortinet Confidental 15

Security

Function

The Big Picture

Layered Security

Gateway

End PointsServers

Web

Database

Mobile

Employees

Threatscape

Updates Monitoring Administration

IPS

AntiVirus

WebFiltering

AntiSpam

DLP

Mail

Firewall

Fortinet Confidental 16

Consolidated Approach (UTM)

Consolidates Management and Deployment

Operating Expenses Smoothed

Licenses--

Smaller Footprint

Capital Expenditures Reduced

Scalable to Address:

Threat Growth

Growing Operations

Manageable

Monitored View of all Threat Vectors

Increased Incident Response

Layered Security

Fortinet Confidental 17

In Summary

Modern Threats Require Layered Solution

Too Complex of a Challenge

Defense in Depth

UTM

Cost Effective; Security != $$

Provides Enhanced Security

Both Client & Server Side

Policies & Education

Scalable Solution Required for Threatscape

Security is Essential

Huge Losses Possible

Breaches Damage Reputation

Layered Security

Fortinet Confidental 18

Mobile Threats

Vital Threat Management

Mobile Threats on the Rise

Past and Present

2004:

• SymbOS/Cabir (PoC) Bluetooth

• SymbOS/Skulls (DoS)

2005:• SymbOS/CommWarrior

Bluetooth, MMS, MMC

2008/2009: • SymbOS/Flocker

• SymbOS/BeSeLo File Extension Tricks

• SymbOS/CurseSMS (DoS)

• SymbOS/YxesBeSeLo Propagation on S60 Phones

Destruction & Defacement Monetization

Mobile Threats on the Rise

A Growing Trend

Statistics from Fortinet’s network security appliances worldwide

Mobile Threat Detections

January 2008 - May 2009

20,000

40,000

60,000

80,000

100,000

120,000

Jan-08 Mar-08 May-08 Jul-08 Sep-08 Nov-08 Jan-09 Mar-09 May-09

Det

ecte

d M

ob

ile T

hre

ats

SymbOS Threats

Moving Forward: Securing The Future

Active Threat Ingredients

• Plethora of smart devices

• Increased complexity / functionality

Bridges created

Security holes introduced

• New platforms introduced

• Roaming insider threat

• Adoption of 3G Roadmap to 4G

Traffic == Cold Hard Cash

On The Horizon

• Increased integration

Smart devices & cloud services

• Digital underground invests

Custom malware / targeted attacks

Zero-days, roaming botnets

Moving Forward: Securing The Future

Protecting Against Attacks

• Enterprise Security

Endpoint Solution (Roaming)

Gateway Solution (Bridged)

Policies & Education

• Carrier Security

Gateway Solution (MMS)

Monitoring & Alerts

• Vendor Security

Safe Coding / R&D Practices

Responsible Disclosure

FortiCarrier

FortiClient Mobile

FortiGuard Global Security Research Team

Questions

Thank You!