Applying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.

Transcription

1 Applying the 80/20 approach for Operational Excellence How to combat new age threats, optimize investments and increase security Vinod Vasudevan

2 Agenda Current Threat Landscape The 80/20 Approach Achieving Operational Excellence 2

3

4 Hackers breach NASDAQ OMX with Malware RSA suffers a breach of Data Security Financially Heartland Breach Exposes Motivated 130 Million credit & debit Threats cards Comodo hacker generates bogus SSL certificates for Google, Skype, Microsoft, Yahoo TJX retail breach exposes 45 million credit & debit cards Pentagon Hacker Compromises Personal Data Online Attack Puts 1.4 Million Records At Risk Hacker Faces Extradition Over 'Biggest Military Computer Hack Of All Time' High Level of Innovation Laptop Theft Puts Data Of 98,000 At Risk Medical Group: Data On 185,000 People Stolen Hackers Grab LexisNexis Info on People ChoicePoint Data Theft Widens To 145,000 People Severe PIN Scandal 'Worst Business Hack Ever'; Citibank Only Impact The Start ID Theft Hit 3.6 Million In U.S. Georgia Technology Authority Hack Exposes Confidential Information of 570,000 Members Scammers Access Data On 35,000 Californians Payroll Firm Pulls Web Services Citing Data Leak

5 Key Threat Categories Established Data Theft, Privacy Transaction Fraud Phishing Privileged ID Threats Malware & BOTNets Mobile Device Threats Application Security Wireless Threats Network Attacks Business Continuity Emerging Cloud Security Social Networking Threats Virtualization threats SCADA

6 RBS WorldPay From Stolen Data Card Cloning Within 30 Minutes 49 Cities 130 ATMs $ 9 Million

7 Automated Financial Malware Infection Exploits and Adds iframe Tag <iframe src = </iframe> in in page Accesses and finds out vulnerabilities Infected Home Home page Page gets infected Again Infected page served to user User Infected page Access request Connection made to external site and malware gets downloaded in background

8 Data Breach Incidents are on the rise TJX 45 million credit & debit cards exposed USD 40 million to cover lawsuits from banks DuPont After working for 10 years, an employee stole trade secrets worth USD 400 million. His mission? To sell the information to rival company, Victrex. Heartland Payment System 130 million credit cards were stolen. Leading to loss over $68 million. RSA Data Breach Certain Information being extracted from RSA systems. Some of that information is specifically linked to RSA s SecurID

9 Our battle is with organized crime syndicates Attack innovation, digital crime infrastructure

10 Crimeware As A Service (CAAS) model offered by crime Syndicates Advanced Financial Malware Botnets/Spyware/Scareware Torpig/Mebroot stealing the details of about 500,000 online bank accounts and credit and debit cards

11 Key Insights Threats are financially motivated Objective of stealing credentials, financial frauds, data theft Advanced techniques using a combination of technology, social engineering Focused on applications, data and transactions

12

13 Right investments leading to quantum increase in security posture (Data Security, Transaction Security) The 80/20 Approach Risk based approach for higher effectiveness, lower investment (Security Monitoring, Application Security) Gain better ROI with good governance and tracking the right metrics

14 Achieving Operational Excellence Focus on Data Security Focus on Transaction Security Risk based Security Monitoring Risk based Application Security Program Better Governance & Execution

15 Focus on Data Security

16 Conventional security revolves around Container security Firewall Anti Virus Data IDS Traditionally driven & managed by IT/IT security teams Is not effective in protecting Data in today s environment Authorized users may intentionally or accidently leak data Vendors or partners may misuse data

17 Approach Data Discovery Risks Design & Deployment Classificat ion policy

18 Focus on Transaction Security

19 Detecting RBS WorldPay fraud Implausible Fraud Velocity + Location + First Activity in Foreign Country = Fraud Detection

20 Which Areas Should We Monitor? -Access from multiple locations -Unusual transaction value for customer -Unusual activity from new phone no - Access from multiple new area codes -Excessive credits to Employee accounts -Activity in dormant accounts -Suspicious consecutive transactions -First activity in foreign country

21 Monitoring Should be Cross Channel Fraudster obtains netbanking login credentials through phishing Implausible / New Location + Unusual Activity from New No. + Fund Transfer + New Payee Logs in from his computing interface Requests for new credit card and gets personal data from harvested web forms Provides the personal data to call center and authenticates using personal data Initiates transfer to a new payee = Fraud Detection

22 3 Core Technologies Are

23 Increase Security Monitoring, Risk Based Approach

24 Security Monitoring Risk based approach Internet facing Internal Business Critical 24X7 monitoring SIEM based solution Outsourced 24X7 monitoring SIEM based solution Outsourced Medium Critical Once a day analysis Log Management solution Internal Review Once a day analysis Log Management solution Internal Review

25 Reduce cost with outsourcing Estimated 30-40% lower investment over 3 years 000 USD Assumed a corporate with 100 servers and 25 devices Pricing is taken over 3 years to account for technology lifecycle cost All operations assumed to be 24x7 DR and redundancy taken for both options

26 Do more with Monitoring Infrastructure Business Application Monitoring Security Policy Compliance Changes to critical application roles/groups Changes to account & password policies in the application Changes to critical application parameters Unauthorized server/service restarts Unauthorized changes to firewall rules Unauthorized vendor access to systems Operations Monitoring No of user additions/deletions No of device rule changes Bandwidth protocol utilization Top users Security Incident Detection Buffer Overflow attacks Password cracking Worm/virus outbreak File access failures Access to malicious URLs 26

27 Risk Based Application Security Program

28 The 80/20 Rule for Application Security Risk based testing program Group applications based on risk profile Risk profile is a combination of business value of application & exposure Design a testing program for each group Consolidate findings in to Kbase and train developers Distribute application security standards to vendors Better visibility with dashboards

29 Risk based Testing Program Internet facing Internal application Business Critical Monthly vulnerability scan Quarterly penetration test Annual code review Quarterly vulnerability scan Half yearly penetration test Annual code review Medium Critical Quarterly vulnerability scan Half yearly penetration test Quarterly vulnerability scan Annual penetration test

30 Better Governance & Execution

31 Security Organization Structure

32 Better Visibility with Dashboards

33 Q&A

34 Thank You