Embed Size (px)
DESCRIPTION
Citation preview
www.niiconsulting.com
Agenda
Introduction Data Leakage Scenario Cases Real-world impacts Vulnerabilities
Building the Business Case Demystifying DLP Solutions Implementation Challenges
www.niiconsulting.com
Speaker Introduction
Founder & Principal Consultant, Network Intelligence
Certified as CISA, CISSP and CISM Speaker at Blackhat 2004, Interop 2005, IT
Underground 2005, OWASP Asia 2008,2009 Co-author of book on Metasploit Framework
(Syngress), Linux Security & Controls (ISACA) Author of numerous articles on SecurityFocus,
IT Audit, IS Controls (ISACA) Conducted numerous pen-tests, application
security assessments, forensics, etc.
www.niiconsulting.com
Gonzalez, TJX and Heart-break-land
>200 million credit card number stolen Heartland Payment Systems, 7-Eleven, and
2 US national retailers hacked Modus operandi Visit retail stores to understand workings Analyze websites for vulnerabilities Hack in using SQL injection Inject malware Sniff for card numbers and details Hide tracks
www.niiconsulting.com
The hacker underground
Albert Gonzalez a/k/a “segvec,” a/k/a “soupnazi,” a/k/a “j4guar17”
Malware, scripts and hacked data hosted on servers in: Latvia Netherlands
IRC chats March 2007: Gonzalez “planning my second phase against
Hannaford” December 2007: Hacker P.T. “that’s how [HACKER 2]
hacked Hannaford.”
UkraineNew JerseyCalifornia
www.niiconsulting.com
Where does all this end up?
Commands used on IRC !cardable !cc, !cclimit, !chk, !cvv2, !exploit, !order.log,
!proxychk
IRC Channels#cc#ccards#ccinfo#ccpower#ccs#masterccs#thacc#thecc#virgincc
www.niiconsulting.com
TJX direct costs
$24 million to MasterCard
$41 million to Visa
$200 million in fines/penalties
www.niiconsulting.com
Cost of an incident
$6.6 million average cost of a data breach From this, cost of lost business is $4.6
million More than $200 per compromised record
On the other hand: Fixing a bug costs $400 to $4000 Cost increases exponentially as time lapses
www.niiconsulting.com
Direct Costs
Fees for legal recourse to address and forensics
Short-term impact to R&D cost recuperation
Long-term impact to profitability/revenue projections
System and process audits Fines Regulatory audit fees Strategy consulting fees
www.niiconsulting.com
Indirect Cost
$1 billion business 20% new customer base lost 10% of repeat customers lost
www.niiconsulting.com
The Legal Angle
Computer Crimes Act, 1997 Electronic Commerce Act, 2006 PCI DSS Central Bank of Malaysia Act, 2009 Personal Data Protection Bill, ?? Guidelines on Internet Insurance Other regulations
www.niiconsulting.com
What does it stand for?
Data Leakage Prevention Data Loss Protection Information Loss Protection Extrusion Prevention Content Monitoring and Filtering Content Monitoring and Protection
www.niiconsulting.com
DLP Solutions
Options Vendors Network End-point Content-aware Context-aware
www.niiconsulting.com
Under the hood
1. Rule-based Regular Expressions
2. Database Fingerprinting3. Exact File Matching4. Partial Document
Matching5. Statistical Analysis6. Conceptual/Lexicon7. Categories
www.niiconsulting.com
Protecting Data
Data in motion Network monitor Email integration Filtering/blocking and proxy integration Internal networks Distributed and Hierarchical deployments
Data at rest Content discovery techniques Remote scanning / Agent-Based Scanning /
Memory-Resident Agent Scanning Data in use Endpoint protection
www.niiconsulting.com
Coverage
Network End-point Bluetooth Blackberry/iPhones/Smartphones Operating systems Virtualized servers Integration with AD/LDAP Integration with DRM
www.niiconsulting.com
Challenges
User resistance – yet another solution Over-optimism – this is it! Under-estimation of effort involved Lack of trained resources Absence of policy and procedure framework Ownership resides with IT Expensive False positives Legal & regulatory framework
www.niiconsulting.com
Implementation Plan
What matters to you – listing of assets How important is it – classification of assets Where does it reside? Who should be able to do what with it – access
rights policy Strategy
Network Focused Endpoint Focused Storage Focused
Integration with existing infrastructure Monitoring and fine-tuning
www.niiconsulting.com
Is it working?
Number of people/business groups contacted about incidents --tie in somehow with user awareness training.
Remediation metrics to show trend results in reducing incidents
Trend analysis over 3, 6, & 9 month periods to show how the number of events has reduced as remediation efforts kick in
Reduction in the average severity of an event per user, business group, etc.
Trend: number of broken business policies Trend: number of incidents related to automated business
practices (automated emails) Trend: number of incidents that generated automatic email Trend: number of incidents that were generated from service
accounts -- (emails, batch files, etc.)Reference : http://securosis.com/blog/some-dlp-metrics/, Rich Mogull
www.niiconsulting.com
Thank [email protected]
Information Security Consulting Services
Information Security Training Services
![Encrypted Search: Leakage Suppression - Brown University · 2019. 10. 4. · How Should we Handle Leakage? • Approach #3: Rebuild [K.14] • Rebuild encrypted structure after t](https://img.pdfslide.net/doc/110x75/61424cd255c1d11d1b341b71/encrypted-search-leakage-suppression-brown-university-2019-10-4-how-should.jpg)
