Jesse Liao
Criminal Financial Gain Phishing Zero Day Exploits & Threats Fame Motivation Bots & Botnets Spyware Spam Crimeware Curiosity / Technical Interest Worms Vulnerabilities Viruses 1985 1995 2008 Time 2
3 # of threats 900,000-800,000-700,000-600,000-500,000-400,000-300,000-200,000-100,000-0 - 449,569 78,381 2006 271,197 798,260 2007 2008 (Expected) 246% growth from 06 to 07 300% growth projected from 07 to 08 YTD greater than 06 and 07 combined Over 3500 updates added to DAT file per day Source: McAfee Avert Labs 3
Patch Tuesday & Cybercrime Behavior Microsoft vulnerabilities increased ~80% YOY Rise in Known Zero-day Attacks July-Dec 05 Jan-June 06 July-Dec 06 4
McAfee 18 10,, 76% 2000 McAfee, 40M+ mobile 50M+ web 100 & 120 McAfee 26,,, 250, 250 5
Security Risk Management 3 4 6 1 2 epo 5 6 Network Endpoint Web & Email 10 7 9 8 Internal Policy Industry Regulations Data Protection 6
McAfee Network VM epo Management Console epo Agent Network IPS Host Compliance Data Loss Prevention Anti-Virus Anti-Spyware Desktop FW Host IPS NAC Total Protection Host Compliance Host DLP Remediation future technologies Secure Gateway Remediation Compliance Reporting 7
epolicy Orchestrator? epo Security Risk Management epo, epo,, 8
epo 3 Am I Secure? epo Am I at Risk? Am I Compliant? 9
VirusScan Enterprise 8.7i McAfee Active Protection,,,, IPS, ( ) Anti-Spyware rootkit 10
11 Protection gap of 24-72 hours with current solutions t0 Malware t1 Malware t2 t3 t4 11
McAfee Active Protection Internet 1 Web 2 DATs, suspicious 12 7 epo Active Protectio n 3 6 VirusScan Collective Threat Intelligence 4 5 12
13 Protection delivered in real-time t0 Malware t1 Malware, 13
14 Active Protection In VSE 8.7 14
McAfee Host IPS IPS (shielding & enveloping) Web (SQL injection) Connection-aware Connection Isolation Quarantine mode / 15
McAfee Host IPS # CVEs linked to MS-0X announcements McAfee Host IPS 200 150 100 50 153 Announced 45 104 Announced YTD 34 90 68 98% vs. epo McAfee McAfee 16 0 2006 2007 Vulnerability Shield YTD = August Generic Protection 16
Protecting Web Server Data Streams 17
Protecting SQL Server Databases 18
McAfee SiteAdvisor http://www.siteadvisor.com 19
SiteAdvisor 20
21
22
epo Drill down 23
epo 24
epo 25
epo 80% Web-based Actionable Report Active Directory AD epo Role-based Permission sets 26
Actionable Report epo ; epo, : HTML XML CSV PDF 27
Active Directory Active Directory Organization Unit (OU) epo (mirror) Active Directory AD OU, epo AD, epo 28
Role-Based epolicy Orchestrator epo Permission Sets : Permission Sets epo,,,,,, 29
2008 IBM 科技加值 中小企業 逆勢崛起 論壇 重要特點與效益 不明機器偵測 (Rogue System Detection) 判別不明機器連接至網路 部署不明機器偵測器以偵測不明機器 偵測所有系統連接至網路 30 PC, routers, printers, 等
(Rogue System Detection) 31
epo epo 1,, 2,? epo, Web, 3 epo,,,, 32
epo epo 4, 1-3, Active Directory, (tag), 5 epo, Role Based Permission Sets 33
epo CSO CIO Business Challenges IT Operations Audit 34
McAfee Anti-virus Anti-spyware Host Intrusion Prevention AV & Anti-Spam for email servers Web safe search Network Access Control Endpoint & USB Encryption Data Loss Prevention & Device Control Data Loss Prevention Device Control Endpoint Encryption Encrypted USB 35
2008 IBM 科技加值 中小企業 逆勢崛起 論壇 36 Total Protection 獎項及認證 2006 & 2007 Readers Choice Award for AV & Anti-Spyware 2007 Readers Choice Award for AV & AntiSpyware McAfee AV & AntiSpyware Beat out Competitors in Review McAfee Best SaaS Host IPS Outperforms Competitors in Q3 2006 Review 36 Winner Best Anti-Malware Solution & Best SME Security Solution Leader in 07 Endpoint Protection MQ Leader in 2006 Forrester Wave Report Enterprise AntiSpyware Anti-Virus & AntiSpyware Certifications
McAfee Gartner End Point Protection Magic Quadrant Leader quadrant three consecutive years McAfee is a consistent leader in the antivirus market, with a high desktop penetration rate and a solid international threat research capability. Its advanced HIPS solution is comprehensive. Native rootkit detection and removal are also very good. epo has historically been the standard for centralized administration consoles, and the latest version (v.4) has significant improvements This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from McAfee, Inc. 37
URL filtering and web reputation Host IPS/ Firewall/NAC Strong Weak / None 38
39 3 rd Party Review: AV Comparatives 100% 99.2% 99% 98% Detection Rate 97% 96% 95% 94% 93% 92% 91% Source: AV Comparatives, February 2008 39
40 3 rd Party Review: West Coast Labs 100% 99.84% 100% 99% Detection Rate 99% 98% 98% 97% 97% 96% 96% 95% Source: West Coast Security Labs Report, July 2008 40
75% of Forbes 2000 companies use epo Over 35,000 customers worldwide across all segments 41
Q & A Jesse@mail.saysing.com.tw