Upload
haris-tahir
View
237
Download
3
Tags:
Embed Size (px)
Citation preview
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
https://shaolininteger.blogspot.com
https://www.linkedin.com/in/shaolinint
@shaolinint
HarisTahir@ Slash The Underground
in
DATA LEAKAGE PREVENTION
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
¤ Challenges and Threat Landscape ¤ Why Data Breaches Happen ¤ Data Leakage Prevention
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to
the masses CHALLENGES AND THREAT LANDSCAPE 4
Challenges and Threat Landscape Evolution efficiency and effectiveness
Problems
² Modern attacks have moved up on the architectural layer, there are content based.
² Criminals have started to leverage online marketing as a tool to promote and sell their services on the black market.
² Modern malicious software (malware) is stealth and getting better, smarter, faster and stronger.
² The growing popularity of the “Internet of Things” makes the threat landscape a moving target.
² Abundant resources, data collection and mining unable to process millions or billions of data daily
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to
the masses
Data Breach Investigation Report past data breaches
CHALLENGES AND THREAT LANDSCAPE 5
2011 2012 2013 2014
Epsilon $4B, names/email
eBay $145M credentials
Saudi Aramco 30,000+ PCs infected
Adobe $152M (IDs, pwd, data)
Target $110M affected and CEO/CIO gone
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to
the masses
Data Breach Investigation Report impact on industries
² IP: 70% of value of public companies ² Annual losses: estimated over $300B ² China: +$107B sales and +2.1M jobs
² 43%: ITRC account of breaches ² 2013: 8.8M records stolen ² 1.8M: Victims of Identity Theft
² 2013: 856 reported breaches ² Q1 2014: 98.3% of data exposed ² 37%: Breaches affected the sector
CHALLENGES AND THREAT LANDSCAPE 6
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to
the masses
Data Breach Investigation Report transition from geopolitical to large-scale attacks
² 95 countries ² 64,347 confirmed security
incidents ² 1,367 confirmed data
breaches ² Others reports:
CHALLENGES AND THREAT LANDSCAPE 7
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to
the masses
Meet Your Whistleblower threat actors is about people
WHY DATA BREACHES HAPPEN 9
Criminals
Hacktivist
Insiders
59% of threat actors leave the organization with sensitive data
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to
the masses
Knowledge is Power enough time and equipped with offensive security tools
WHY DATA BREACHES HAPPEN 10
Threat actors spend most of their time understanding the target environment, operations and information system, and preparing attacking platform before the actual execution.
1
Define mission
2
Information gathering
3
Scoping
4
Scanning
5
Simulation
6
Exploit development
7
Execution
8
Rootkit and C2 cultivation
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to
the masses
Defense-in-Depth think about people, process and technology
DATA LEAKAGE PREVENTION 12
Defense-in-Depth is an Information Assurance (IA) concept to defend a system against attacks by placing multiple layers of security controls throughout an information technology system.
Data in use Data in transit Data at rest
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to
the masses
Critical Path decision should be based on acceptable risk treatment plan
DATA LEAKAGE PREVENTION 13
“In preparing for battle I have always found that plans are useless, but planning is indispensable.” ~Dwight D. Eisenhower
1 2 3 4 5 RA Results What is the mission statement and business objective?
People Who are the resources required to execute the plan?
Process What is the gap analysis results?
Technology Minimal disruption with greatest coverage
Leverage Utilize others for what they know
You are about to invest a substantial amount of the company's money, time and resources. Consult with research analysts such as Forrester or Gartner and gain a basic to intermediate understanding of the industry, the vendors and solutions available, and their particular strengths and weaknesses. DLP is solving different problem space to ensure data confidentiality.
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to
the masses
DLP Technology four simple explanation
DATA LEAKAGE PREVENTION 14
DLP is about preserving organization sensitive information from unauthorized access
DLP means different things to different people þ data loss prevention þ data loss protection þ data leakage prevention
1 2
3 4
DLP technology is content aware
Driven by significant insider threats and by rigorous privacy laws
Use rules to examine file content and classification tag
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to
the masses
Key DLP Questions what kind of animal is this?
DATA LEAKAGE PREVENTION 15
It’s about governance and compliance, what is the business objective?
What problem space? Unauthorized access of data due to an improper implementation, inadequacy of a technology, process and/or policy.
Do I have existing DLP protection? Surprisingly, firewalls, IDS and
encryption solutions are part of overall data security strategy.
Does the enterprise need DLP solution? Start with Risk Assessment and identify what are data type the enterprise processes and/or stores.
What problem DLP does not solve? DLP are not designed to address
data leakage issues resulting from external attacks.
FAQ
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to
the masses
Preliminary Risk Assessment risk mitigated by DLP
DATA LEAKAGE PREVENTION 16
1 Identifying insecure business processes 2 Accidental data
disclosure by employee
3 Intentional data leakage by employee
The problem space is not solved comprehensively by DLP solutions! Example: an employee can still take a picture of sensitive data
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
knowledge empowerment to
the masses
Benefits of DLP something to consider
DATA LEAKAGE PREVENTION 17
Benefits
² Visibility – visibility to data and information that leaves the organization and exposing bad business processes.
² Compliance – Helps demonstrate compliance with privacy regulations such as Data protection Act, PDPA, PCI-DSS and HIPAA-HITECH
² Flexible security environment – Provide an alternative by allowing the organizations to say “Yes” to social media and personal email and other channels, but with ability to control the content posted to those destinations.
² Malicious activity detection – Stops malicious insiders from stealing valuable intellectual property such as product designs and financial reports.
² Employee education and awareness – Educates well-meaning
employees of policy violations and prevents accidental data leaks.
² Reduce financial impact – By reducing the risk of data leaks,
the financial risk to the enterprise decrease.
Copyright of the presentation and its contents but limited to the information, text, images, graphics, sound files, video files and their arrangement, and material therein, is owned by the presenter unless otherwise indicated. No part or parts of this presentation may be modified, copied, distributed, retransmitted, broadcasted, displayed, reproduced, published, licensed, transferred, sold or commercially dealt with any manner without the express prior written consent of the presenter.
https://shaolininteger.blogspot.com
https://www.linkedin.com/in/shaolinint
@shaolinint
HarisTahir@ Slash The Underground
in
Thank You “no duty is more urgent than that of returning thanks” Q&A
This slide can be downloaded from: http://www.slideshare.net/shaolinint