0

presenter

Emmanuel OnwubikoKaspersky Technical Head Palette Business Solutions

Kaspersky Technical Training

June, 2016

1

Agenda1. What Changed?

2. New Rules.

3. A new world.

4. Gartner’s 2016 Magic Quadrant for Endpoint Protection Platforms.

5. The Rise of Ransomware.

6. Kaspersky with UTMs.

7. Threat Research.

8. Conclusion.

9. Q & A.

2

OUR MISSION TO PROTECT EVERYONE FROM CYBERCRIME

“Cybercrime today knows no borders, and its

technical capabilities are improving fast; we’re

seeing how attacks are becoming increasingly

sophisticated. Our mission is to combat all types

of cyberthreats, to make using internet safe and

secure”.@ IDC conference 2014 FourPoint Lagos Nigeria.

Stanisalus Mezu

Chief Executive Officer and Chairman

Palette Business Solution

3

4

HOME HAS CHANGED

I fear the day that technology will surpass our human interaction. -Albert Einstein

5

Knowledge workers will spend only

5%of the day in the same space and

time as their colleagues by 2017.

WORK HAS CHANGED

82%of companies allow use of employee-owned devices

84%of organizations have remote workers

2020Year

Millennials will comprise

50% of the global

workforce

6

SECURITY HAS CHANGED

3.2BILLIONINTERNET

USERS 1.3BILLIONSMARTPHONES SHIPPED WORLDWIDE 3

BILLIONNEW DEVICES

PER YEAR

THROUGH

2020

INCREASE IN CYBER THREATS

10,000xPUBLIC CLOUD MARKET IS ESTIMATED TO REACH

$191BILLION

7

SO HAVE THE RISKS

$11.56 $12.69

$15.42

2013 2014 2015

Average Cost of Cybercrime in the U.S.Dollars (Millions), per incident

Sony security spends $22M per year. Sony Breach…direct cost of $35M for one year….cost to reputation $100B+

Kowsik Guruswamy, CTO of Menlo Security

“ “

8

TODAY’S STANDARD APPROACHES

NO LONGER WORK

TOO MUCH

FOCUS ON

COMPLIANCEEnterprises spend too much on

checking boxes down a list.

TOO RISK BASED

Taking a reactive approach only

addresses known threats, not the

new unknowns.

TOO MANY POINT

SOLUTIONSToo many different security

vendors whose products do not

communicate with one another.

9

NEW RULES

10

RULE #1

COMPLEXITYIS THE ENEMYOF SECURITY

11

WORK PLACE IS INCREASINGLY CHANGING

12

Pervasive UsersUsers expect to be able to work in any location and have access to all their work resources. Users expect work to be lifestyle-agnostic.

Devices ExplosionThe explosion of devices is eroding the standard-basedapproach to

corporateIT. BYOD is re-definingworkplace standard.

Ubiquitous AppsDeploying and managing plethora of applications across different platforms is becoming more difficult. Rouge Apps easily compromise BYOD devices.

Corporate Data on all DevicesAs yearning for productivity requires users to have access to corporate data on all devices, this presents new challenges of data loss, espionage and compliance/regulator violation.

HOW PERVASIVE IS TODAY’S WORKPLACE?

13

HOW BUSINESS CAN TAKE CONTROL?

Today's workplace culture is fast-evolving. Productivity now continues to

demand that Users use different lifestyle-fit Devices to run Ubiquitous

Apps and access Business Data. More business data are shifting from on-

premise repositories to cloud and devices. Users have increasing liberty to

access corporate data from any device, anywhere and anytime. This new

"workplace culture" requires new tool to secure endpoints, manage

identity and protect organization data asset.

Enterprise Software Mobility Suite is a comprehensive cloud-based

solution to address consumerization of IT, BYOD and ubiquitous

Apps/Data challenges.

14

COMPLEXITY IS THE ENEMY OF SECURITY

SDN

15

RULE #2

TODAY’S SECURITY IS BORDERLESS

16

Borderless Attack Surface

Branch Office HQ

Data Center

Remote Office

Mobile

PoS

IoT

There’s more ways in

More ways out

17

RULE #3

SLOW ISBROKEN

18

Rule number 3.

Slowing down the network to

implement security is not, never

has been nor will it ever be a

satisfactory strategy.

19

Slow is Broken

Infrastructure SpeedBusiness Security

20

The enterprise IT staff is faced with what has been an

unsolvable problem. The enterprise depends on the network to

ensure the continuity of the business and depending upon the

business model, the network may be at the center of its strategy.

Injecting security into this model has traditionally meant slow

downing the network, sometimes to the point of affecting

application performance resulting in complaints. The

organization is then forced to find a middle ground between the

two, a compromise that pleases no one. But until now, this has

been compromise that enterprises have been forced to make.

21

A NEW WORLD CALLS FOR ANEW APPROACH

Today’s world demands security

without compromise.

22

Advanced Security

Network Performance

SECURITY FOR A NEW WORLD IS SECURITY WITHOUT COMPROMISE

Kaspersky Security

Center

23

KEY FOCUS AREAS FOR CIOS

MOBILITYDATA

SECURITY

BUSINESS

CONTINUITY

24

Data Protection

DATA

LOSS

DATA

LEAKAGE

CYBER

THREATS

The average cost of a serious

breach may be up to $1.6 mln

of organizations lost

business-sensitive data28%

Source: Corporate IT Security Risks Survey 2014,

25

BUSINESS CONTINUITY

65% 35% malware attack

60%

<4h.

22%

4-24h.

18%

>24h.

• Software errors

• SCADA failure

• Operator mistakes

• Other

Source: Repository of Industrial Security Incidents (RISI)

26

Business Continuity – Risk Factors

EXTERNAL

FACTORS

INTERNAL

FACTORS

BUSINESS CRITICAL

INFRASTRUCTURE

ONLINE

SERVICES

MALWARE

OUTBREAK

EMPLOYEE

AWARENESS

27

DARK HOTEL

A story of unusual hospitality

28

MOBILITY

Sources: 1 - Forrester Research, 2 – Gartner, 3 - Corporate IT Security Risks Survey 2014,

of the world’s

workforce is mobile1

Today,

~37%of all companies

worldwide are

expected to adopt

the BYOD model2

By 2017,

50%devices is among

the top priorities for

the corporate IT

security function3

Security of

mobile/portable

29

REPUTATIONAL IMPACT

30

SECURITY INTELLIGENCE:

DOES IT MAKE A DIFFERENCE?

KNOWNTHREATS

UNKNOWN &ADVANCED THREATS

70% 30%

31

Kaspersky Lab Threat IntelligenceInsight and Expertise Gained Through a history of Discoveries

2014

REGIN

THE MASK

TURLA

ENERGETIC BEAR/

CROUCHING YETI

DARKHOTEL

2013

RED

OCTOBER

WINNTI

NETTRAVELER

ICEFOG

KIMSUKI

2012

FLAME

GAUSS

MINIFLAME

2011

DUQU

Q1 2015

DESERT

FALCONS

EQUATION

CARBANAK

HELLSING

32

IT’S TIME TO RETHINK YOUR IT SECURITY

MOBILITY DATA

SECURITY

BUSINESS

CONTINUITY

SECURITY

INTELLIGENCETRUSTED

PARTNER

COMPREHENSIVE

PROTECTION

TO PREPARE FOR THE INEVITABLE!

33

Kaspersky Lab’S ENTERPRISE SOLUTIONS PORTFOLIOBuilt to Address key Customer Needs

ENDPOINT

SECURITY

MOBILE

SECURITY

VIRTUALIZATION

SECURITY

SECURITY

INTELLIGENCE

DDOS

PROTECTION

SOLUTIONS FOR

DATA CENTERS

INDUSTRIAL

SECURITY

FRAUD

PREVENTION

ANTI-APT

MOBILITY DATA

SECURITY

BUSINESS

CONTINUITY

34

Here's Who Made Gartner's 2016 Magic Quadrant For

Endpoint Protection Platforms

35

Strengths: In particular, Gartner praised the range

of malware protection options from OfficeScan, the

company's endpoint detection and response solution

(which many others do not offer), its malware

detection sandbox and its "very complete" Endpoint

Application Control solution. Gartner also said the

company's relationship with VMware has proven

beneficial for anti-malware scanning, intrusion

prevention and file integrity monitoring capabilities.

Weaknesses: Most of Gartner's cautions about Trend

Micro concerned a list of integration it wished the vendor

offered, including bringing anti-malware scanning

capabilities to OfficeScan, policy-level integration and

more variety of OS offerings for application control,

encryption, DLP and device control. Gartner said Trend

Micro could benefit from more granular product

management of its Control Manager and a central database

for its Endpoint Sensor alerts.mmmmm

Trend Micro: Leader

Trend Micro, based in Tokyo, is one of the largest enterprise

protection platform vendors on the Gartner list. Gartner also

praised Trend Micro's investment in application control,

vulnerability detection and shielding, malware sandboxing, and

endpoint detection and response. The company also has made

investments in next-generation IPS and network security with its

October acquisition of HP TippingPoint.

Trend Micro: Strengths And Weaknesses 1st Place in the Gartner’s rating

36

Strengths: Gartner praised Intel Security's

wide range of solutions, as well as EPP

integration with the company's ePO

administrative platform, Global Threat

Intelligence and Threat Intelligence

Exchange. Benefits also included Intel

Security's Advanced Threat Defense

sandboxing solution as well as its

Management for Optimized Virtual

Environments anti-malware scanning.

Weaknesses: Intel Security is plagued by

customer complaints based on its legacy

multiple agent architecture, Gartner said.

Gartner said the company shows slow

evolution around its integration framework,

upgrades required for detection and

administration improvements as well as the

requirement of Intel-based chipsets for some

advanced capabilities.

Intel Security: Leader

The second-largest EPP vendor on Gartner's list is Intel Security, which was named a

"leader" on this year's Magic Quadrant list. Gartner praised the Santa Clara, Calif.-

based vendor's extensive portfolio of security solutions, as well as its integration with

its ePolicy Orchestrator (ePO) solution. The company has been shedding multiple

product lines in recent months to accommodate its new strategy, but EPP is one area

that has remained relatively untouched.

2nd Place in the Gartner’s rating Intel Security

37

Strengths: Gartner praised Kaspersky for its

malware research team and wide variety of

integration client management tools. It also

had particular praise for Kaspersky's

Automatic Exploit Prevention, Zero-Day

Exploit and Targeted Attack Shield and

Security for Virtualization technologies.

Weaknesses: Some fallings for Kaspersky included

the company's lack of endpoint detection and

response or malware sandboxing, as well as the

long replacement cycle that will likely come with

its upcoming Endpoint Security For Business 10

SP2 edition. Gartner said the company's client

management tool is more ideal for SMBs and

operations validation, rather than for the enterprise.

3nd Place in the Gartner’s rating Kaspersky Lab

38

39

30 Sept, 2009

12 Oct, 2011

30 Sept, 2015

KASPERSKY LAB BRINGS TO YOU OUR TRANSITION…

40

PRODUCT LIFE CYCLE

41

KSC INSTALLATION PROCESS

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

KSC GUI

57

THE RISE OF RANSOMWARE

58

URGENT DETECTION SYSTEM 2 (UDS2)

Advantages:

The shingle lists are updated in real time, no database updates

Far more efficient at filtering unsolicited mail

Works in combination with “conventional” technologies

UDS – Cloud-based spam filtering system. Checks certain characteristics of email (not

content!) against cloud database to produce verdict. Relies on full message “signature”, not

able to detect slightly modified messages.

UDS2 – dissects emails to tokens and combines tokens “signatures” to create a “shingle”- new

type of signature not vulnerable to slight spam alternations.

59

AUTOMATIC EXPLOIT PREVENTION The purpose of any exploit is to trigger certain vulnerabilities in software in order to launch various types

of malicious code.

Signature/heuristic scan

Vulnerability scan

Patch management

Raised alert level to attempts of most frequently targeted software to execute

code

Application actions history to see the context

Matching against templates of actions performed by know exploits

Code origin tracking, detecting code execution without user’s consent

Forced Address Space Layout Randomization to break exploit behavior

Known exploits:

Unknown (zero-day) exploits:

60

PROTECTION QUALITYPROVEN BY INDEPENDENT TESTS

N of independent

tests/reviews

Score

of TOP

3

places

*Notes:

• According to summary

results of independent tests

in 2014 for corporate,

consumer and mobile

products.

• Summary includes tests

conducted by the

following independent

test labs and

magazines:

Test labs: AV-

Comparatives, AV-Test,

Dennis;

Technology Labs, MRG E

tas, NNS Labs, PC;

Security Labs, VirusBulletin.

• The size of the bubble

reflects the number of 1st

places achieved.

* Top overall test rating for 2014. For details, seehttp://www.kaspersky.com/about/news/product/2015/kaspersky-lab-products-achieve-outstanding-results-in-independent-tests-throughout-2014

61

KSV TEST RESULTS

61

Tolly Group (KSV | Agentless v.2.0)

Tolly found that Kaspersky Security for Virtualization 2.0 blends efficient hypervisor resource usage with solid protection abilities by

delivering lower response time and disk usage than the other products tested. Kaspersky also defended against threats better than the

other agentless offerings under tests.

62

KSV Test results

62

AV-Test (KSV | Light Agent v.3.0)

While all measured products show similar protection levels their performance impacts differed significantly. Kaspersky Security for

Virtualization | Light Agent has shown the least impact on the virtual infrastructure which results in better efficiency of the virtual

environment empowered by this solution.

63

KASPERSKY ENDPOINT SECURITY INTEGRATION WITH UTMS

64

LEADING THREAT RESEARCH

EXPERTSTHREAT DISCOVERY

CULTURE

ACCUMULATED

KNOWLEDGE

AUTOMATED

SYSTEMS

65

SECURITY INTELLIGENCE IS IN OUR DNA

Expertise from the TOP down. Our CEO/MD Stanislus Mezu is the foremost,

respected, influential security expert.

Respected among TOP security organizations. We are trusted

by and have partnerships with the world’s fastest-growing

cybersecurity companies and the largest one that is privately-

owned.

Independent recognition of our leadership.

Kaspersky Lab is consistently awarded top scores

in more independent tests than any other vendor.

We have been identified as a Leader in the three

most prominent and influential global analyst

vendor assessments

Leading global threat intelligence. Threat

Research and Global Research and Analysis

Teams are strategically located all around

the globe, providing unparalleled depth of

analysis and understanding of all kinds of

threatsLeading discovery of the most complicated threats. We

have a long-standing reputation of making the first and

most relevant security discoveriesSee and predict security incidents. The

Kaspersky Security Network gives us the

broadest view of millions of threats from every

corner of the world

Technology driven. We are the world’s largest privately held

IT security company whose R&D teams are solely focused on

technology quality and innovation, rather than being

constrained only by short-term, market-driven profit

expectations

66

SECURITY EXPERTISE FROM THE TOP DOWN

•More than 200 Partners locally

•More than 1/3 of the

company’s employees are

R&D experts

•We are a VAD company, our

R&D resources are quick

and flexible

67

THANK YOU!

Emmanuel Onwubiko

Tel: +234 803-808-7742

68

Palette Business Solution HQ

9 Adebola Street (Entrance on Alhaji Masha),

Surulere, Lagos, Nigeria.

www.paletteng.com

LET'S TALK?

69

a. Using Vmware tools

How can an administrator manage Kaspersky for virtulization?

b. Using Kaspersky Security Center.

c. Using the web interface of Kaspersky security for virtualization.

d. using the command line interface of Kaspersky security for virtualization

Question