Andreas Wagner Presentation

44 %
56 %
Information about Andreas Wagner Presentation
Education

Published on February 28, 2008

Author: Jancis

Source: authorstream.com

Insider Threats, Anomalies and wrong behavior in Networks eTrust™ Solutions and Techniques to cope with CyberCrime and IT/Communication Fraud :  Insider Threats, Anomalies and wrong behavior in Networks eTrust™ Solutions and Techniques to cope with CyberCrime and IT/Communication Fraud Presented to you by Andreas Wagner Principal Consultant (Chief Security Advisor) - MEA Agenda:  Agenda Introduction Andreas Wagner CSI/FBI 2005 Cyber Crime & Security Study Nightmares for CSO’s, CEO’s and Shareholders Live presentation of CyberCrime Analysis eTrust Security Solutions to ease Nightmares The different point of view (Summary) Questions & Answers Introduction Andreas Wagner:  Introduction Andreas Wagner Andreas Wagner Security Expert & Consultant, Author, Chief Security Advisor 46 yrs., married, 2 Kids 26 yrs. in IT 11 yrs. in Security IBM/370, PC, Networks, Internet, Security, Computer & Network Forensics, Lawful Interception, CyberCrime andreas.wagner@ca.com Introduction Andreas Wagner:  Introduction Andreas Wagner Customers requested either / or Presentations Consulting Reorganization / Reconstruction GAP Analysis Trainings Executive Coaching Investigations Man Hunt Search for Evidence Anomaly & Behavior Analysis Securing of Evidences IT-Forensic (Network and Computer) Network Interception Context Analysis Security Motivation Penetration test (Logical / Physical) Human Hacking (Social Engineering) Assessments Finance: 1. Bank Austria Bank Austria Post Austria Swiss Life Swiss Re HUK Coburg Insurances Polish National Bank Greek National Bank Government: Ministry of Finance (Austria) Ministry of Interior (Germany) Ministry of Interior (Macedonia) Security (Secret Service, Police & Defence): Austria Slovakia Czech Republic Macedonia Croatia Sultanate of Oman Sultanate of Brunei Dubai Royal Air Force GB – Global Security Command & Control German Army Bulgarian Army NATO FBI Germany Customs Control Germany Several State Polices in Germany Manufacturing: BMW Krones AG Spinner Adva Optical Balfour Beatty Rail Systems Telecom: BT Northern Ireland T-Mobile Germany Vodafone UK O2 Germany Saudi Telecom Corp. CSI/FBI 2005 CyberCrime & Security Study:  CSI/FBI 2005 CyberCrime & Security Study CSI/FBI 2005 Cyber Crime & Security Study:  CSI/FBI 2005 Cyber Crime & Security Study The Reason for Nightmares:  The Reason for Nightmares The “Big / Bad” Internet Your Network (Micro Internet) IP-Based Dangerous Criminals Worldwide Medium fast Connect only with restrictions No ownership IP-Based Trusted Employees Local to Worldwide Fast No restrictions Your ownership Workspace of Hackers etc. Perfect Workspace for Hackers, Insider etc. Nightmares for Companies and Shareholders:  Nightmares for Companies and Shareholders Insider Threats (Info Leakage, Eco Spy‘s, Social Engineering) BotNet Attacks to eCommerce and eBanking Viruses, Worms, Trojans, Spyware, Spytools Illegal installed WLAN‘s Lost / Stolen / Misused Laptops Unknown Communication Behaviour Unacceptable use of the Internet N*N-1 Communication between Windows-Machines Too many vulnerabilities eCommerce Apps. quite easy to hack ! Infrastructure helps Attackers/Insiders to hide No internal Security Perimeters / Firewalls No Desktop / Server Firewalls Too many Logfiles to analyze Weak capability of correlation „in the brain“ Not well trained Security Personnel Too many „false positives“ No Security Awareness Training for Employees Ignorance Proprietary information theft resulted in the greatest financial loss ($70,195,900 was lost among 530 surveyed companies, with the average reported loss being approximately $2.7 million), which are mostly coming from internal unauthorized access. (CSI/FBI 2003) What “Bad Guys” use !!:  What “Bad Guys” use !! Memory Stick’s, Gadgets & Co.:  Memory Stick’s, Gadgets & Co. For the Cracks:  For the Cracks For the lazy “Cracks”:  For the lazy “Cracks” Enough with Theory, lets become live !:  Enough with Theory, lets become live ! Analysis Technologies by Visualizing data Context Analysis on eMail Profiling of Network Objects for Man Hunt Outperforming CyberCrime by thinking like your Enemy Precautions in Networks to prevent CyberCrime Tips, Tricks and Cases already happened !! Consequence = Lesson learnt !:  Consequence = Lesson learnt ! You need endpoint Security to get Triggers Triggers have to be correlated into an Information System, to recognize alarms Become ahead of CyberCrime by thinking like your Enemy Logical penetration tests are usefull as they involve human factors There is no such thing as ROI on Security, or is there a ROI of an unused Fire Extinguisher ? eTrust™ Security Solutions:  eTrust™ Security Solutions eTrust™ Security Who has access to what? What is happening in your environment? Who / What causes it? How can you address it? Perfect overall protection ! In depth investigation of cases ! Enabled by a world-class research team ! Tailored to your needs with a world class consultant team ! Integration with network and systems management tools ! On-demand security management ! Real Time Protection !! Evolution of Security:  1st Generation Gates, Guns, Guards Evolution of Security Complexity/Management Time 2nd Generation Reactive 3rd Generation Enablement 4th Generation Proactive The Vulnerability Problem is Growing:  * Gartner “CIO Alert: Follow Gartner’s Guidelines for Updating Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003 ** As of 2004, CERT/CC no longer tracks Security Incident statistics. “Through 2008, 90 percent of successful hacker attacks will exploit well-known software vulnerabilities.” - Gartner* The Vulnerability Problem is Growing Managing Your Asset’s Vulnerabilities:  Internet Router Switch Firewall VPN IDS Load Balancer Switch Server Web Server Server Switch Firewall Hub Database Server PC Managing Your Asset’s Vulnerabilities On average, it will take 43 staff hours to manually address 170 vulnerabilities for 4 technologies.* * Source: Based on a study conducted by a third-party consultant. Security is a Process: IAM:  WORK FLOW PROCESS Enterprise Critical Reliability Unlimited Scalability and more Security is a Process: IAM Access & Accounts Created Marge Greene Director, Human Resources Robert Stone EVP, Sales New Division New Hire Department Manager Gives - OK eTrust Security Management :  Partners Customers Contractors Hackers Malware Spam eTrust Security Management Security Data…:  Security Data… Challenges Too much security data Unable to prioritize events Costly to control incidents Unable to meet auditing and compliance requirements Security Information Management:  Security Information Management Solutions Turning data into information that can be used to take action Help ensure incidents don’t impact business Providing security views that enable compliance Comply with Basel II, HIPAA, Sarbanes-Oxley, internal standards or others Security Event Management:  Deploys Technician Lists Assets Vulnerable to Exploit Requests Assets Affected by Exploit Vulnerability Alerts eTrust™ Security Command Center of Security Events Deploys Patch or Configuration via Embedded or External Unicenter® Software Delivery for Implementation on Assets Security Event Management 1. 2. 3. 4. 5. eTrust Security Solutions to ease Nightmares:  eTrust Security Solutions to ease Nightmares Insider Threats (Info Leakage, Eco Spy‘s,) Viruses, Worms, Trojans, Spyware, Spytools Illegal installed WLAN‘s Misused Laptops Unknown Communication Behaviour Unacceptable use of the Internet N*N-1 Communication between Windows-Machines Too many vulnerabilities eCommerce Apps. quite easy to hack Infrastructure helps Attackers/Insiders to hide No internal Security Perimeters / Firewalls No Desktop & Server Firewalls Too many Logfiles to analyze Weak capability of correlation „in the brain“ Not enough well trained Security Personnel Too many „false positives“ No Security Awareness at “C” Level Network Forensic, Tiny Firewall Suite, IAM Anti Virus, Pest Patrol, Secure Content Mgr. Wireless Site Manager (Unicenter) Tiny Firewall Suite Tiny Firewall Suite, Network Forensic, SIM Secure Content Mgr., Network Forensic, IAM Tiny Firewall Suite Vulnerability Manager, Tiny Firewall Suite Tiny Firewall Suite, Site- & Transaction Minder Tiny Firewall Suite Tiny Firewall Suite Tiny Firewall Suite Audit, SCC Audit, SCC, Network Forensic eTrust Security Products eTrust Security Products Better reporting from all products through SIM All Events have to be centralized by SCC or Audit The different point of View (Summary):  The different point of View (Summary) Security is a strategy & process, perfectly supported by the eTrust™ product suite ! Think like your enemy ! Reduce the possibility of Security breaches by the most comprehensive Suite: eTrust™ Products Reduce the Workload through eTrust™ SIM Expect the unexpected, strong Content, Border and Endpoint Security by Threat Management protects you from surprises ! I don’t know what I don’t know ! With Network Forensic you will !! Security is the ART to open systems in a way, that they are perfectly close ! IAM and the Tiny Firewall Suite are the Solution Security without enough sensors and SIM is like: Finding a needle in a haystack, without knowing which color the needle has and in which barn the haystack is ! Identify before you let someone Access anything!! Siteminder and IAM are the solution ! Do not secure or detect in the middle of your network, secure the endpoints with Tiny Firewall Suite and IAM CyberCrime already hit your company, but you were not able to detect it ! The complete solution with eTrust™ Products to prevent being a Victim !:  CyberCrime already hit your company, but you were not able to detect it ! The complete solution with eTrust™ Products to prevent being a Victim ! Presented to you by Andreas Wagner Principal Consultant (Chief Security Advisor) – MEA Andreas.Wagner@ca.com +966 500 107 693 KSA mobile Or +8821 6777 09769 Worldwide mobile

Add a comment

Related presentations

Related pages

Das bedingungslose Grundeinkommen - by Andreas Wagner on Prezi

Invited audience members will follow you as you navigate and present; People invited to a presentation do not need a Prezi account; This link expires 10 ...
Read more

Andreas Wagner on Prezi

Andreas Wagner Andreas Wagner is using Prezi to create and share presentations online.
Read more

⚡Presentation "Standards in the UAE Andreas Höfer IMEA ...

Presentation on theme: "Standards in the UAE Andreas Höfer IMEA Chief Regional Officer Valerie-Laura Wagner." — Presentation transcript:
Read more

Andreas Wagner, Mag. Dr. – University of Innsbruck

Andreas Wagner, Mag. Dr. ... Lins, Philipp; Malin, Cornelia; Wagner, Andreas O.; ... Presentations at Conferences, Symposia, etc.
Read more

Andreas Wagner · - Fotos & Bilder - Fotograf aus Hamburg ...

Profil von Andreas Wagner · - Fotograf Andreas Wagner · aus Hamburg, Deutschland [fc-user:15589] - Besucht auch meine Seite mit maritimen Fotos: http:
Read more

Andrea Wagner | LinkedIn

View Andrea Wagner’s professional profile on LinkedIn. LinkedIn is the world's largest business network, helping professionals like Andrea Wagner ...
Read more

Andreas Wagner | Golder Associates Ltd. | ZoomInfo.com

View Andreas Wagner's business profile as Managing Principal at Golder Associates Ltd. and see work history, affiliations and more.
Read more

telefon +372 55512302 CURRICULUM VITAE email andreas@ ...

email andreas@whyservices.eu ... CURRICULUM VITAE Andreas Wagner PROFILE IT administrator, urbanist, manager ... Presentation & Layout (Prezi, Scribus ...
Read more

Presseveröffentlichungen

Zu den bestandenen Prüfungen gratulierten Inhaber Rudi Kolb und Geschäftsführer Andreas Wagner den beiden sehr herzlich und freuen sich auf eine ...
Read more

EBC Workshops, Seminars and Conferences - Welcome to the ...

Andreas Eckmanns Presentation: Energy Efficiency in Buildings Results and Experiences from the German Research Program EnOB Andreas Wagner Presentation:
Read more