Umbrella Con!dential
1_Title (1)
UMBRELLA FOR MSPs Enterprise Grade Malware Protection and Containment Dima Kumets MSP Product Manager
#2 #2 � 18-Nov-13 � Umbrella Con!dential
Agenda
! BACKGROUND
! CHANGING THREAT LANDSCAPE ! INFORMATION TO PRESENT TO CUSTOMERS
! CLOUD SECURITY WITH OPENDNS
! UMBRELLA FOR MSPs PROGRAM
UMBRELLA FOR MSPs: Enterprise-Grade Malware Protection That Lowers Your Costs and Pays For Itself Dima Kumets, MSP Product Manager
#3
1_Light Title Only
#3 � 18-Nov-13 � Umbrella Con!dential
ASIA-PACIFIC
EUROPE, MIDDLE EAST & AFRICA
AMERICAS
COMPANY BACKGROUND
! 50M+ ACTIVE USERS DAILY
! 19 DATA CENTER LOCATIONS
! ZERO DOWNTIME, SINCE 2006
! 50B+ REQUESTS DAILY
! 160+ COUNTRIES W/USERS
! ZERO NET NEW LATENCY
GLOBAL SECURITY NETWORK 208.67.220.220 208.67.222.222
#4
1_Light Title Only
#4 � 18-Nov-13 � Umbrella Con!dential
CLOUD SECURITY SERVICE
With Reporting Integration into
#5
CHANGING THREAT LANDSCAPE
VELOCITY & PACE
#6 #6 � 18-Nov-13 � Umbrella Con!dential
TODAY
MALWARE HAS EXPLODED ! PROFIT MOTIVE + LIQUIDITY
CYBERCRIME AS A SERVICE ! DISTRIBUTED CRIMINAL ORGANIZATIONS ! SPECIALIZED TALENT ! MORE EFFICIENT + MORE DANGEROUS
#7 #7 � 18-Nov-13 � Umbrella Con!dential
NO NEED FOR “UBER HACKER” GROUP
#8 #8 � 18-Nov-13 � Umbrella Con!dential
NO NEED FOR “UBER HACKER” GROUP
#9 #9 � 18-Nov-13 � Umbrella Con!dential
DISTRIBUTION VECTORS
#10
1_Light Title Only
#10 � 18-Nov-13 � Umbrella Con!dential
DIY EXPLOIT KIT
#11
1_Light Title Only
#11 � 18-Nov-13 � Umbrella Con!dential
DIY EXPLOIT KIT
#12
1_Light Title Only
#12 � 18-Nov-13 � Umbrella Con!dential
EXPLOIT KIT REPORTING!
#13 #13 � 18-Nov-13 � Umbrella Con!dential
MALWARE PAYLOAD
#14 #14 � 18-Nov-13 � Umbrella Con!dential
MALWARE SEIZES COMPUTERS
FAKE ANTI-VIRUS EARLY RANSOMWARE
#15 #15 � 18-Nov-13 � Umbrella Con!dential
MALWARE HAS BECOME MORE DANGEROUS
CRYPTOLOCKER CURRENT RANSOMWARE
#16 #16 � 18-Nov-13 � Umbrella Con!dential
MALWARE HAS BECOME MORE DANGEROUS
CRYPTOLOCKER CURRENT RANSOMWARE
1. 12,13,14 or 15 random characters, TLDs rotating among .info, .com, .ru, .biz, . co.uk, .org and .net
2. Frequent requests made in very short intervals to about 1000 unique domains following the above string patterns.
3. 24 hour life span
#17
1_Light Title Only
#17 � 18-Nov-13 � Umbrella Con!dential
IP Address Changes
DNS Changes: IP Addresses per Cryptolocker Domain
#18
1_Light Title Only
#18 � 18-Nov-13 � Umbrella Con!dential
EXPLODING VOLUME: 75M - 450M QUERIES PER DAY
#19 #19 � 18-Nov-13 � Umbrella Con!dential
! Goal: try to tell if a domain has been machine generated ! Look at name: bigrams, trigrams, length, entropy, etc.
! Look at timing: concentrated DNS queries with short life spans (temporal progression)
! High level of activity at the time of domain generation -> fades over time
Instance 1 cso0vm2q6g86owao.thepohzi.su 5qloxxe.tohk5ja.cc k2s0euuz.oogagh.su Instance 2 v8ylm8e.thepohzi.su 2g24ar4vu8ay6.tohk5ja.cc d6vh5x1cic1yyz1i.oogagh.su Instance 3 t2250p29079m6oq8.thepohzi.su ngb0ef99.tohk5ja.cc nxdhetohak91794.oogagh.su
BIG DATA EXAMPLE – DGA ALGORITHM
#20 #20 � 18-Nov-13 � Umbrella Con!dential
MALWARE CAN DESTROY SMBs
KEYLOGGERS AND BACKDOORS
#21
1_Light Title Only
#21 � 18-Nov-13 � Umbrella Con!dential
KEYLOGGERS AND BACKDOORS THEFT AND SPREAD
#22
1_Light Title Only
#22 � 18-Nov-13 � Umbrella Con!dential
KEYLOGGERS AND BACKDOORS THEFT AND SPREAD
#23 #23 � 18-Nov-13 � Umbrella Con!dential
ATTACKS INCREASINGLY TARGET SMBs UNDER 250 USERS
PROPORTION OF BREACHES BY ORG SIZE
15x
1x
ORGS WITH 11-100 EMPLOYEES
ORGS WITH <11 or >100 EMPLOYEES
TARGETED ATTACKS AGAINST SMBS
36%
18%
2011 JUNE 2012
HAVE NO FORMAL WRITTEN INTERNET SECURITY POLICY FOR EMPLOYEES
HAVE NO INFORMAL INTERNET SECURITY POLICY FOR EMPLOYEES
THINK THEIR COMPANY IS SAFE FROM HACKERS, VIRUSES AND MALWARE
83%
77%
69%
SMBs NEED MANAGED ENTERPRISE-GRADE
SECURITY
#24 #24 � 18-Nov-13 � Umbrella Con!dential
HOW DO YOU PROTECT CUSTOMERS?
ANTI-VIRUS IS JUST
A SINGLE LAYER
IN A DEFENSE IN DEPTH STRATEGY “SIGNATURE-BASED TOOLS (AV, FW & IPS) ARE ONLY EFFECTIVE AGAINST 30-50% OF CURRENT SECURITY THREATS”
“CLOUD-BASED PROVIDERS SHOULD HAVE BETTER REAL-TIME TELEMETRY OF GLOBAL EVENTS AND THE ABILITY TO RESPOND TO THESE EVENTS RAPIDLY BY MODIFYING THE SOLUTION.”
#25
CLOUD SECURITY TO REDUCE
COMPLEXITY, TIME AND COST
#26
1_Light Title Only
#26 � 18-Nov-13 � Umbrella Con!dential
FOR MSPs
introducing…
#27 #27 � 18-Nov-13 � Umbrella Con!dential
#28 #28 � 18-Nov-13 � Umbrella Con!dential
#29 #29 � 18-Nov-13 � Umbrella Con!dential
INFECTED DEVICES IMPACT MSP MARGINS
YOUR ENGINEER’S
TIME
CLIENTS’ EMPLOYEE DOWNTIME
MALWARE COSTS
#30
1_Light Title Only
#30 � 18-Nov-13 � Umbrella Con!dential
DECREASE MALWARE CLEAN UP EXPENSES
BLOCKS PHISHING ATTEMPTS & INAPPROPRIATE USAGE
PREVENTS MALWARE
CONTAINS BOTNETS
WEB
WEB (PORTS ???)
WEB & NON-WEB
ANY APP
ANY PROTOCOL
ANY PORT
ç THE INTERNET YOUR CUSTOMERSè
CLOUD SERVICE WITH ZERO ADDED LATENCY
#31 #31 � 18-Nov-13 � Umbrella Con!dential
SECURE EVERYWHERE
! COVERAGE FOR WORKERS ON AND OFF THE NETWORK
! COVERAGE FOR BYOD AND UNMANAGED DEVICES
#32
1_Light Title Only
#32 � 18-Nov-13 � Umbrella Con!dential
UMBRELLA BY OPENDNS
80M+ REQUESTS TO ADVANCED MALWARE, BOTNET & PHISHING THREATS BLOCKED DAILY
NEW THREAT ORIGINS DISCOVERED OR PREDICTED DAILY 100K+
THE ONLY CLOUD-DELIVERED AND DNS-BASED WEB SECURITY SOLUTION
#33 #33 � 18-Nov-13 � Umbrella Con!dential
#34 #34 � 18-Nov-13 � Umbrella Con!dential
PROFITABLE WEB FILTER
WEB FILTER AS A VALUE ADDED SERVICE ! 60 CATEGORIES ! GRANULAR WHITELIST/BLACKLIST ! CUSTOM BLOCK PAGE
FEATURES TO CHARGE A PREMIUM PRICE ! PER-COMPUTER POLICY ! BYOD AND GUEST FILTERING ! BLOCK PAGE BYPASS CODES
REPORTING AND MONITORING ! REAL-TIME ACTIVITY REPORT ! TOP DOMAINS/TOP CATEGORIES/TOP USERS ! SAVED REPORTS WITH EXPORT
#35 #35 � 18-Nov-13 � Umbrella Con!dential
PROFITABLE WEB FILTER
FAST AND EASY TO MANAGE ! SPEND LESS TIME MANAGING FILTERING
! EASY TO USE AND UNDERSTAND
! CENTRALIZED WEB DASHBOARD ! REMOTE MANAGEMENT ! ALL IN THE BACKGROUND
! MULTI-TENANT ! MULTIPLE CUSTOMER ORGANIZATIONS ! MSP ADMINS HAVE ACCESS TO ALL CUSTOMERS ! CUSTOMERS ARE ISOLATED TO THEIR OWN
ORGANIZATION
#36 #36 � 18-Nov-13 � Umbrella Con!dential
#37
1_Light Title Only
#37 � 18-Nov-13 � Umbrella Con!dential
IMPROVE RENEWALS AND RETENTION
IMPROVED UPTIME ! PROACTIVE SECURITY PROTECTION ! FEWER INFECTIONS = ALWAYS ON TECHNOLOGY
VALUE REPORTS ! INFECTIONS PREVENTED ! MALWARE CONTAINED ! PHISHING BLOCKED
VIRTUAL CIO ! ASSIST HR AND STAFFING DECISIONS ! ASSESS AND PLAN NETWORK USAGE
#38
1_Light Title Only
#38 � 18-Nov-13 � Umbrella Con!dential
ConnectWise Integration
#39 #39 � 18-Nov-13 � Umbrella Con!dential
ENTERPRISE-CLASS MANAGEMENT WITHOUT THE ENTERPRISE COMPLEXITY
LIGHTWEIGHT AGENT WITH AUTOMATION POLICY TO DEPLOY
NETWORK-LEVEL PROVISIONING
(ALL DEVICES ON NETWORK INCLUDING BYOD AND UNMANAGED)
23.4.2.4/32 214.41.3.1/32 155.21.1.1/28
CLIENT-A:155.21.1.1/28 CLIENT-B: 214.41.3.1/32 CLIENT-C: 23.4.2.4/32
#40 #40 � 18-Nov-13 � Umbrella Con!dential
EASY TO DO BUSINESS WITH
VOLUME PRICING
MONTHLY BILLING
MULTI-TENANT DASHBOARD
MANAGE SEATS ON-DEMAND
BUSINESS PRACTICES ALIGNED WITH MONTHLY
RECURRING REVENUE MODELS
#41 #41 � 18-Nov-13 � Umbrella Con!dential
MANAGEMENT CONSOLE
#42 #42 � 18-Nov-13 � Umbrella Con!dential
THANK YOU! ANY QUESTIONS?...
FIND US AT Umbrella.com/msp
FOR TECHNICAL PRODUCT
QUESTIONS, EMAIL ME [email protected]
OR JUST TWEET @GETUMBRELLA