Prevent Security Breaches by Protecting Information Proactively

Transcription

1 Prevent Security Breaches by Protecting Information Proactively John Reichard, Senior Systems Engineer New York, NY November 17 th,

2 Agenda 1 Causes of a Data Breaches 2 Breaches are Preventable 3 Symantec DLP Demonstration 4 Getting Started 5 Q&A 2

3 Do you know 285 Million records were stolen in $225 is the average cost per record breached due to malicious acts 2 67% of data breaches happen because of the mistakes of well meaning insiders 3 1. Verizon Business Risk Team, 2009 Data Breach Investigations Report 2. Ponemon Institute, Cost of a Data Breach Study, Verizon Business Risk Team, 2009 Data Breach Investigations Report 3

4 Causes of a Breaches 4

5 Root Causes of Data Breaches Well Meaning Insiders Malicious Insiders Targeted Attacks 5

6 Root Causes of Data Breaches Well Meaning Insiders Malicious Insiders Targeted Attacks 6

7 Well Meaning Insider Hacker Employee Desktop Server Firewall Well-Meaning Insider Breach Sources 1. Data on servers & desktops 2. Lost/stolen laptops, mobile devices 3. , Web mail, removable devices 4. Third party data loss incidents 5. Business processes 7

8 Well Meaning Insider Employee Desktop Server Firewall Well-Meaning Insider Breach Sources 1. Data on servers & desktops 2. Lost/stolen laptops, mobile devices 3. , Web mail, removable devices 4. Third party data loss incidents 5. Business processes 8

9 Well Meaning Insider Firewall Web mail Well-Meaning Insider Breach Sources 1. Data on servers & desktops 2. Lost/stolen laptops, mobile devices Mobile Device 3. , Web mail, removable devices Employee CD/DVD USB 4. Third party data loss incidents 5. Business processes 9

10 Well Meaning Insider Well-Meaning Insider Breach Sources Database Servers Desktop Sharepoint 3 rd Party Outsourcers/partners Payroll processing Credit card payment processing Call centers, support centers Supply chain order management 1. Data on servers & desktops 2. Lost/stolen laptops, mobile devices 3. , Web mail, removable devices 4. Third party data loss incidents 5. Business processes 10

11 Well Meaning Insider Cron job automatically sending data in the clear Firewall Well-Meaning Insider Breach Sources 1. Data on servers & desktops 2. Lost/stolen laptops, mobile devices 3. , Web mail, removable devices 4. Third party data loss incidents 5. Business processes FTP Server 11

12 Root Causes of Data Breaches Well Meaning Insiders Malicious Insiders Targeted Attacks 12

13 Targeted Attacks INCURSION DISCOVERY CAPTURE EXFILTRATION Attacker breaks in via targeted malware, improper credentials or SQL injection Map organization s systems Automatically find confidential data Access data on unprotected systems Install root kits to capture network data Confidential data sent to hacker team in the clear, wrapped in encrypted packets or in zipped files with passwords 13

14 Root Causes of Data Breaches Well Meaning Insiders Malicious Insiders Targeted Attacks 14

15 Malicious Insiders Home Computer Unhappy Employee IM Webmail Firewall Malicious Insider: Four Types 1. White collar criminals 2. Terminated employees Mobile Device 3. Career builders 4. Industrial spies CD/DVD USB Unhappy Employee 15

16 Breaches are Preventable 16

17 Symantec Can Help Well Meaning Insider Targeted Attack Malicious Insider US Federal Agency Situation Employee data leaving via the network Needed to determine scale of breach Tech Company Situation Network overtaken by hackers Carder ring on corporate machines Financial Services Situation Planning a reduction in force Rumors circulate Employees tried stealing data Results Results Results Data on servers for application Investigations team flown out Blocked s containing testing confidential data Aided by local law enforcement Cleaned up exposed data Prevented loss of thousands of Prosecuted perpetrators p customer records Fixed broken business process 17

18 Broken Business Processes Well meaning insider and West Coast Bank SETUP Employee sent Gmail with confidential data to wrong address contained customer names, addresses, tax ID, and loan info Recipient ignored repeated requests to delete confidential information Bankfiled lawsuit againstgoogletorevealrecipient to recipient identity IMPLICATIONS Bank kis required dto engage in costly breach hdisclosure process Risk includes serious fines and significant brand damage Similar cases have resulted in ongoing FTC audit for two decades 18

19 Well Meaning Insiders Help Hackers Insiders and Hackers vs. Major Federal Agency SETUP Security team detected data theft incident. Knew they were in trouble Crucial missing information: From where did the hackers steal data? Called Symantec to help them answer this question WHAT WE DID Symantec found the original target of the hacker s efforts A software development team had copies of this employee data RESULT Internal data spill event is now under control Symantec instrumental in the cleanup 19 19

20 Data Breach By Hackers Hackers vs. Payment Processor SETUP Extensive fraudpatterns detected byvisa andmastercard Investigations revealed complex attack resulting in data theft WHAT HAPPENED Hackers broke into system to install sniffer rootkits on key systems Large quantities of cardholder data covertly transported to home base RESULT Large scale brand damage plus compliance fines Quick recovery to PCI compliance facilitated by Symantec DLP 20 20

21 ID Theft Ring Brought Down Malicious insiders vs. National Consumer Cable Co. SETUP Payment center desk clerk ran cc# fraud ring from work Her legitimate access to cc# s turned into a big problem WHAT WE DID Symantec detected credit card numbers sent via Perpetrator terminated using evidence from our software RESULT Later, clerk s accomplice came to the worksite with a gun Both suspects have been arrested and are now serving time 21 21

22 Data Breaches During Hard Times Malicious insiders vs. Leading Savings and Loan SETUP After RIF rumors, employees decided to start stealing data Over 12 sales people tried to customer data out the door WHAT WE DID Symantec was there for a big diving catch that day RESULT We stopped a dozen theft attempts cold DLP is now considered mission critical with this customer 22 22

23 Symantec DLP Demonstration 23

24 Getting Started 24

25 How to Stop Data Breaches Protect information proactively Automate review of entitlements Identify threats in real time Integrate security Prevent data Stop targeted operations exfiltration ti attacks 25 25

26 Next Steps 1 Are there signs of incursion into your perimeter? 2 Where isyour data and where isitgoing? it 3 Are your critical systems well protected? 26

27 Thank You! Q & A? John Reichard [email protected] John graduated dfrom Ohio University it in 1997 Pre Med Mdwith a Bachelor Degree in Si Science, a Bachelor Degree in Business Administration (Management Information Systems) and a Minor in Spanish. After graduation, John was hired by Compuware Corporation as a Sales Engineer for software development and testing technologies in the Chicago area. Later, John was promoted to a Global Subject Matter Expert in Application Production Monitoring and Application Security. Following Compuware, John made the leap in to the start up world when he joined Vontu, the leader in Data Loss Prevention. Since joining Vontu, John has been primarily focus on the financial sector. In December 2007, Vontu was acquired by Symantec. Currently, John is an Information and Identity Protection ti Senior Systems Engineer for Symantec in New York City. 27