What Keeps Security Leaders Up At Night John Peterson
VP of Enterprise Technology
Five Innovations That Created Security Risks
• One new domain each second• 196 million domain names• 47 million new sites last year
1. Rapid Growth
Source:Verisign
Rich site-to-browser interaction
Browser is the new operating system
Browser is active in the application, not simply a passive display tool
2. Dynamic Web Apps: AJAX
3. User-Generated Content• Half of Top 100 sites based on UGC
• 500 million users on Facebook
• 100 million accounts on Twitter
• 2.5 billion photos uploaded each month to Facebook
• 30 million new ads per day on Craigslist
• 20% of the workforce works remotely
• 1 in 11 organizations had remote workers infected
• 46% of remote infections come from infected Web sites
4. Remote Employees
Smartphone and tablet computing blur the line between personal and business computing
Companies must reconsider policies for devices that are not owned by the company
5. New Devices
How Does This Affect Us?
9
#1 Time Usage On Web:Social Networks
Source: Nielsen
11
1 in 100 posts on
are spam/malicious
12
1 in 60 posts on
are spam/malicious
Malicious Social Network-branded
Email Lures
15
Malicious Facebook and LinkedIn Messages
Twitter-based Attacks
17
Redirects1. Bit.ly2. Infodsi.com
19
20
21
FTC Judgment for ScareWare
23
85,860 machines a day pretend to Facebook
Facebook Social Attacks
Photo ‘Tags’ Up To 50 People
Website Selling Fake Illegal Shoes
27
Affiliate campaigns
28
Affiliate campaigns: Hit Rates
Snapshot: Oct 18-20, 2011Domain #Share #comment
www.dealdrop.me 15K 5Kwww.insideoutback.com 11K 3.7Koutbacknews.me 8.3K 3.1Kall.pizzalovers.me 3.5K 1.2Kwww.steakvouchertoday.com 2.2K 0.7Kwww.freepizzaoffer.net 1.9K 0.7Kwww.giveolivegardento.me 1.4K 0.5Kwww.steakgiftcards.com 1.0K 0.4KTotal 44.3K 15.3K impact (~130 friends) 600,000
Commissions
Credit Card - $5-$20Exercise equip - up to %10Hotel booking - $1-$3Software– up to 75%
Rogue Facebook Apps
Barracuda Labs Technology:Profile Protector System
• Process Twitter and Facebook Streams• Query Attributes and Features• Analyze Users’ Activities• Analyze Web Links• Track Malicious URLs and Users
ProfileProtector.com
Barracuda Labs Threat Intelligence
Maltrace: Malware Analysis w. Virtualization
• Collect thousands of malware samples daily from honeypot network
• Load samples into Maltrace• Maltrace allows the malware to run on a virtual PC• Maltrace collects the network traffic generated• Maltrace creates signatures based on malicious traffic• Adds the signatures to URL, IP and fingerprint databases
Barracuda Labs Resources• Web Sites and Reports
– www.BarracudaLabs.com– www.BarracudaCentral.org– www.TweetBrawl.com– www.TweetGrade.com– Barracuda Labs Annual Threat Report
• Contact– Barracuda Labs on Twitter: @BarracudaLabs– Kris Salas, [email protected]
Branch Office
Headquarters
Mobile Worker
Cloud Filtering
Content Security
Content FilteringMalware ProtectionApplication ControlRegulate Social
Media
Allow
Filter
Block Archive
Barracuda Dynamic Content Security
Barracuda Networks Product Overview
Barracuda Networks 49
SECURITY