SURVEY REPORT SPON. Identifying Critical Gaps in Database Security. Published April An Osterman Research Survey Report.
|
|
- Norma Joseph
- 8 years ago
- Views:
Transcription
1 SURVEY REPORT Gaps in Database An Osterman Research Survey Report sponsored by Published April 2016 SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington USA Tel: Tel: twitter.com/mosterman
2 EXECUTIVE SUMMARY Osterman Research conducted a survey with members of its survey panel to determine how well positioned organizations are to address issues surrounding database security, their ability to prevent data breaches, and their preparedness to address the security of critical data assets and databases, among other issues. The survey was conducted during February and March 2016 with 209 members of the Osterman Research survey panel responding and identifying as a qualified respondent. In order to qualify for the survey, respondents were required to confirm general knowledge about databases and database security practices in their organization, and their organization had to have at least 300 employees. The mean number of employees at the organizations surveyed was 22,142. The research for this report was underwritten by DB Networks. KEY TAKEAWAYS Here are the key takeaways from the research conducted for this report: Only 19% of organizations currently have what they consider to be excellent visibility into their data and database assets. Many organizations have limited insight into the existence of all databases in the company. Because unknown and unmanaged databases may contain sensitive information and compromises of them may render peer databases susceptible to attack, this lack of visibility makes organizations significantly more vulnerable to data breaches. Forty-seven percent of those surveyed have not assigned an individual and/or a team to oversee database security. The ramifications of this are significant. Unmanaged and unpatched database systems pose a large attack surface that can be exploited by cyber criminals. In the context of data breaches, respondents are most concerned about the threat of compromised credentials as the primary cause of a data breach. Many high profile database breaches have resulted from the abuse of legitimate logon credentials. Once an attacker has obtained the proper credentials, they can pose as a privileged insider and breach databases. At that point they can potentially access sensitive assets and set up a channel to exfiltrate an entire data set to an off-site server. Only 62% of the organizations surveyed have the mechanisms and controls in place that would allow them to continuously monitor their organization s databases in real time. This lack of continuous monitoring can make infiltration by cyber criminals easier and more effective because of the excessive dwell time that the average intruder enjoys. Our research revealed that a data breach caused by the use of compromised or abused credentials could not be immediately discovered. This is a critical problem given that the Mean Time to Identify (MTTI or dwell time) a breach can be measured in months, not hours or days. This gives intruders the opportunity to spend significant amounts of time exploring the types and locations of an organization s data assets, identifying the high value targets for exfiltration, and stealing them in ways that are less likely to be detected. SURVEY FINDINGS VISIBILITY INTO DATA ASSETS Our research found that 81% of organizations currently do not have what they consider to be excellent visibility into their data and database assets, as shown in Figure 1. However, the vast 2016 Osterman Research, Inc. 1
3 majority more than three in five believes that their organization has good visibility into these assets, while nearly one in five has only limited or little/no visibility. Figure 1 Level of Visibility Into Data and Database Assets 2016 Osterman Research, Inc. 2
4 LACK OF SPECIFIC RESPONSIBILITY FOR DATABASE SECURITY As shown in Figure 2, (47%) of organizations do not have an individual and/or a team that is directly responsible for database security (a small number of survey respondents were not sure if their organization had such an individual or team). This demonstrates that many organizations are not treating data and database security as importantly as they should be. Figure 2 Is there an individual and/or team directly responsible for database security in your organization? (Among survey respondents who could answer the question definitively) We wanted to determine if there were significant differences among the organization sizes that had versus had not assigned specific responsibility for database security to an individual and/or a team. We discovered that 30% of organizations with 1,000 or more employees had not assigned database security to an individual or team, rendering them significantly more vulnerable to threat infiltration and data breaches Osterman Research, Inc. 3
5 SIGNIFICANT CONCERN OVER DATA BREACHES As shown in Figure 3, when asked what database security issues concern you, compromised credentials was the top concern. Of nearly as much concern was the potential for the organization to experience a major data breach, as well as the inability to identify data breaches before they have occurred. Figure 3 Concerns About Key Data-Related Issues Percent Responding Concerned or Very Concerned 2016 Osterman Research, Inc. 4
6 MANY DO NOT HAVE DATA BREACH DETECTION TOOLS IN PLACE One of the more serious and troubling issues we uncovered in our research is shown in Figure 4: 39% of organizations surveyed lack the necessary tools to allow them to identify a database breach resulting from compromised or abused credentials. Figure 4 Does your organization have the tools to become aware of a database breach if it would happen using legitimate, but compromised/abused credentials? 2016 Osterman Research, Inc. 5
7 RELATIVELY LOW CERTAINTY ABOUT KEY DATABASE ISSUES Respondents were asked to rate their degree of certainty about a variety of key issues related to their database assets. As shown in Figure 5, 59% of survey respondents lack a high degree of certainty about which applications, users and clients are access their databases. Figure 5 Certainty About Key Database Issues 2016 Osterman Research, Inc. 6
8 MANY ORGANIZATIONS CANNOT READILY DETECT DATA BREACHES Our research also revealed that a data breach resulting from compromised or abused credentials could not be discovered quickly. As shown in Figure 6, while 21% of survey respondents indicated that they could discover such a data breach almost immediately, most could not. Figure 6 Speed With Which a Data Breach Using Compromised/Abused Credentials Would be Discovered 2016 Osterman Research, Inc. 7
9 MANY DO NOT HAVE REAL-TIME DATABASE SECURITY MONITORING As shown in Figure 7, 38% of the organizations surveyed do not have the mechanisms and controls in place that would allow them to continuously monitor their organizations databases in real time. Figure 7 Does your organization have mechanisms and satisfactory controls to continuously monitor your organization s databases in real time? 2016 Osterman Research, Inc. 8
10 GROWING EMPHASIS ON DATABASE SECURITY is becoming increasingly important over time. As shown in Figure 8, perimeter security receives a significant or a great deal of emphasis by 70% of the organizations surveyed, and this will increase to 77% over the next 12 months. However, while database security receives somewhat less emphasis than perimeter security today, the proportion of organizations giving it a significant or a great deal of emphasis will increase at a much faster pace over the next 12 months. The emphasis paid to database security is closing the gap versus the emphasis paid to perimeter security. Figure 8 Emphasis Placed on Perimeter and Database, 2016 and 2017 Percent Responding Significant Emphasis or a Great Deal of Emphasis 2016 Osterman Research, Inc. 9
11 FREQUENCY OF DATABASE ACTIVITY ASSESSMENTS Our research revealed that only 20% of organizations surveyed conduct database activity assessments on a more or less continuous basis, as shown in Figure 9. In fact, slightly more than one-half of respondents conduct these assessments very infrequently only once per quarter or less often; 6% of organizations never conduct these assessments. Figure 9 Frequency of Database Activity Assessments 2016 Osterman Research, Inc. 10
12 DATA BREACHES WOULD CAUSE SERIOUS PROBLEMS Fifty-eight percent of those surveyed believe that the breach of data from a critical corporate database would cause serious or catastrophic problems for their organizations, as shown in Figure 10. Only one in 25 survey respondents believe that the impact of data breach from a critical database would cause only minimal problems, while another 38% believe the issue would cause problems that the organization could manage. Figure 10 Perceived Damage from the Breach of a Critical Database OBSERVATIONS ABOUT THE DATA Osterman Research offers a few high-level observations about the data presented in this survey report: Successful organizations run on, and are dependent on, the creation and consumption of information. But information is valuable to an organization only if decision makers and others that need it know where it is, what s in it, what is shareable and by whom it is shareable in other words, the need is for managed information, and information that is protected from data breaches and other potential infiltrations as a result of hacking, malware and insider theft. Most organizations are struggling with the problem of too much electronic data how much of it there is, what it contains, who has access to it, where it is currently stored, and how long it should be kept. In other words, how to govern it more effectively. The sheer volume of information, combined with the speed of its accumulation and the lack of effective management is at the root of the problem. This surplus of electronically stored information is, in reality, driving up the cost of storage, raising the cost and risk of ediscovery and regulatory compliance, negatively impacting employee productivity, and raising the prospect of intellectual property theft and breaches of sensitive and confidential corporate data Osterman Research, Inc. 11
13 To get a better handle on this data management problem, organizations should take a long, hard look at the main problem: a lack of any effective enterprise-wide information governance. After recognizing the importance of this issue, organizations can then take action, such as creating an enterprise-wide information strategy, developing use policies and an information retention schedule, and adopting information management automation. These will enable the organization to systematically find, categorize, manage and defensibly dispose of data stored in its databases in a timely, cost-effective manner. Organizations need to conduct a thorough audit to understand where all of their data is located, who has access to this data, the specific legal and regulatory obligations to which this data is subject, the identity of the data stakeholders, and other relevant information. This is essential in order to build a map of sorts that will help decision makers understand the security risks they face and how to prioritize their resources in closing the security gaps that exist. Organizations must monitor the risk levels associated with their data assets, corporate systems and other tools that users may employ in response to regulatory requirements, advice from legal counsel, recent data breaches, cybercriminal activity and other factors. For example, a database might contain non-sensitive data that can safely be accessed using only a username and password. However, a change in an organization s offerings or a new industry regulation may mean that sensitive data will be added to the database, thereby increasing the risk of inappropriate access of that content store. If organizations cannot identify a successful security compromise, decision makers may never know that a particular event took place until it s too late. As a result, while decision makers have correctly acknowledged the security compromises of which they are aware, those about which they are not aware pose a more significant problem. It is likely that the actual rate of successful infiltrations or other leakage events is much higher than discussed in this report because of poor organizational systems for tracking successful threats Osterman Research, Inc. All rights reserved. No part of this document may be reproduced in any form by any means, nor may it be distributed without the permission of Osterman Research, Inc., nor may it be resold or distributed by any entity other than Osterman Research, Inc., without prior written authorization of Osterman Research, Inc. Osterman Research, Inc. does not provide legal advice. Nothing in this document constitutes legal advice, nor shall this document or any software product or other offering referenced herein serve as a substitute for the reader s compliance with any laws (including but not limited to any act, statue, regulation, rule, directive, administrative order, executive order, etc. (collectively, Laws )) referenced in this document. If necessary, the reader should consult with competent legal counsel regarding any Laws referenced herein. Osterman Research, Inc. makes no representation or warranty regarding the completeness or accuracy of the information contained in this document. THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE ILLEGAL Osterman Research, Inc. 12
SURVEY REPORT SPON. Security Awareness Training Effectiveness Report. Results of a Survey of KnowBe4 Customers and Non-Customers. Published July 2013
SURVEY REPORT Security Awareness Training Effectiveness Report Results of a Survey of An Osterman Research Survey Report sponsored by Published July 2013 SPON sponsored by Osterman Research, Inc. P.O.
More informationEXECUTIVE BRIEF PON SPON. The Cloud Application Explosion. Published April 2013. An Osterman Research Executive Brief. sponsored by.
EXECUTIVE BRIEF PON Explosion An Osterman Research Executive Brief Published April 2013 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA Tel:
More informationWHITE PAPER SPON. Do Ex-Employees Still Have Access to Your Corporate Data? Published August 2014 SPONSORED BY. An Osterman Research White Paper
WHITE PAPER N Do Ex-Employees Still Have Access to Your Corporate Data? An Osterman Research White Paper Published August 2014 SPONSORED BY SPON sponsored by sponsored by Osterman Research, Inc. P.O. Box
More informationThe Growing Problem of Outbound Spam
y The Growing Problem of Outbound Spam An Osterman Research Survey Report Published June 2010 SPONSORED BY! #$!#%&'()*(!!!!"#$!#%&'()*( Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationSURVEY REPORT SPON. Small and Medium Business: IT/Security Priorities and Preferences. Published September 2015. An Osterman Research Survey Report
SURVEY REPORT N sponsored by An Osterman Research Survey Report Published September 2015 SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA Tel: +1 253 630
More informationCloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost
y Cloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost An Osterman Research White Paper Published January 2009 SPONSORED BY onsored by Phone: +1 877-21-TREND www.trendmicro.com/go/smartprotection
More informationSURVEY REPORT PON SPON. Results of a Survey Conducted for Electric Cloud. Published January 2011. An Osterman Research Survey Report.
SURVEY REPORT PON sponsored by Results of a Survey Conducted for Electric Cloud An Osterman Research Survey Report Published January 2011 SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond,
More informationWHITE PAPER SPON. Achieving Rapid Payback With Mobile Device Management. Published November 2012. An Osterman Research White Paper.
WHITE PAPER N Achieving Rapid Payback With An Osterman Research White Paper Published November 2012 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationEXECUTIVE BRIEF SPON. File Synchronization and Sharing Market Forecast, 2012-2017. Published May 2013. An Osterman Research Executive Brief
EXECUTIVE BRIEF N Sharing Market Forecast, sponsored by An Osterman Research Executive Brief Published May 2013 SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationTotal Cost of Ownership - SharePoint Security
y Comparing Leading Email and SharePoint Security Solutions An Osterman Research White Paper Published January 2009 SPONSORED BY onsored by sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond,
More informationWHITE PAPER SPON. Information Security Best Practices: Why Classification is Key. Published November 2011 SPONSORED BY
WHITE PAPER N Information Security Best Practices: Why Classification is Key An Osterman Research White Paper Published November 2011 sponsored by SPONSORED BY SPON sponsored by Osterman Research, Inc.
More informationEXECUTIVE BRIEF SPON. Third-Party Archiving Solutions Are Still Needed in Exchange 2013 Environments. Published April 2015
EXECUTIVE BRIEF Third-Party Archiving Solutions Are Still Needed in Exchange Environments An Osterman Research Executive Brief sponsored by Published April 2015 SPON sponsored by Osterman Research, Inc.
More informationWHITE PAPER SPON. Dealing with Data Breaches and Data Loss Prevention. Published March 2015. An Osterman Research White Paper.
WHITE PAPER N Dealing with Data Breaches and An Osterman Research White Paper Published March 2015 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationWHITE PAPER SPON. Email Archive Migration: Opportunities and Risks. Published February 2014. An Osterman Research White Paper.
WHITE PAPER N Email Archive Migration: An Osterman Research White Paper Published February 2014 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationWHITE PAPER SPON. The Benefits of Vendor Consolidation and Centralized IT Management. Published June 2014 SPONSORED BY
WHITE PAPER N An Osterman Research White Paper Published June 2014 SPONSORED BY SPON sponsored by sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA Tel: +1 253
More informationUsing SaaS to Reduce the Costs of Email Security
Using SaaS to Reduce the Costs of Email Security y An Osterman Research White Paper Published February 2009 SPONSORED BY onsored by sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationCurrent Email and Archiving Practices in the Enterprise an Osterman Research research summary
Current Email and Archiving Practices in the Enterprise an Osterman Research research summary Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 Phone: +1 253 630 5839 Fax: +1 253
More informationMicrosoft Lync Server 2010 and the Unified Communications Market Key Considerations for Adoption, Deployment and Ongoing Management
y Microsoft Lync Server 2010 and the Unified Communications Market Key Considerations for Adoption, Deployment and Ongoing Management An Osterman Research White Paper Published October 2010 SPONSORED BY!
More informationThe Cost Effective Migration to Integrated Hybrid SaaS Email Security
y The Cost Effective Migration to Integrated SaaS Email Security An Osterman Research White Paper Published July 2010 SPONSORED BY #$!#%&'()*(!!!!"#$!#%&'()*( Osterman Research, Inc. P.O. Box 1058 Black
More informationSkybox Security Survey: Next-Generation Firewall Management
Skybox Security Survey: Next-Generation Firewall Management November 2012 Worldwide Results Notice: This document contains a summary of the responses to a November 2012 survey of medium- to largesize organizations
More informationSolving.PST Management Problems in Microsoft Exchange Environments
Solving.PST Management Problems in Microsoft Exchange Environments An Osterman Research White Paper sponsored by Published April 2007 sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationSolving Key Management Problems in Lotus Notes/Domino Environments
Solving Key Management Problems in Lotus Notes/Domino Environments An Osterman Research White Paper sponsored by Published April 2007 sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationShould You Install Messaging Security Software on Your Exchange Server?
Should You Install Messaging Security Software on Your Exchange Server? An Osterman Research White Paper Published July 2008 SPONSORED BY Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationWHITE PAPER. Using DNS RPZ to Protect Against Web Threats SPON. Published June 2015 SPONSORED BY. An Osterman Research White Paper.
WHITE PAPER Using DNS RPZ to Protect An Osterman Research White Paper Published June 2015 SPONSORED BY SPON sponsored by sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationWHITE PAPER SPON. Making File Transfer Easier, Compliant and More Secure. Published February 2012 SPONSORED BY!!! An Osterman Research White Paper
WHITE PAPER N Making File Transfer Easier, Compliant and More Secure An Osterman Research White Paper Published February 2012 SPONSORED BY sponsored by sponsored by SPON sponsored by Osterman Research,
More informationHow To Calculate Total Cost Of Ownership (Tco) For Email Systems
WHITE PAPER N The TCO of Enterprise Email An Osterman Research White Paper Published June 2012 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationWHITE PAPER SPON. A Cloud-Client Architecture Provides Increased Security at Lower Cost. Published January 2012 SPONSORED BY
WHITE PAPER N A Cloud-Client Architecture Provides Increased Security at Lower Cost An Osterman Research White Paper Published January 2012 SPONSORED BY sponsored by! SPON sponsored by Osterman Research,
More informationThe 5 Best Practices For Archiving Email
y Messaging Best Practices for 2011 An Osterman Research White Paper Published December 2010 SPONSORED BY ( "#$#%&'()*( Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 Tel: +1
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationSolving the Security Puzzle
Solving the Security Puzzle How Government Agencies Can Mitigate Today s Threats Abstract The federal government is in the midst of a massive IT revolution. The rapid adoption of mobile, cloud and Big
More informationWhy You Need to Consider Virtualization
! An Osterman Research White Paper Published September 2008 SPONSORED BY!! Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 Phone: +1 253 630 5839 Fax: +1 866 842 3274 info@ostermanresearch.com
More informationEXECUTIVE BRIEF SPON. Third-Party Archiving Solutions Are Still Needed in Exchange 2010 Environments. Published March 2012
EXECUTIVE BRIEF Third-Party Archiving Solutions Are Still Needed in Exchange 2010 Environments An Osterman Research Executive Brief sponsored by Published March 2012 SPON sponsored by Osterman Research,
More informationRealizing the Cost Savings and Other Benefits from SaaS Email Archiving
y Realizing the Cost Savings and Other Benefits from SaaS Email Archiving An Osterman Research White Paper Published January 2009 SPONSORED BY onsored by sponsored by Osterman Research, Inc. P.O. Box 1058
More informationWHITE PAPER SPON. Making File Transfer Easier, Compliant and More Secure. Published February 2012 SPONSORED BY!!! An Osterman Research White Paper
WHITE PAPER N Making File Transfer Easier, Compliant and More Secure An Osterman Research White Paper Published February 2012 SPONSORED BY sponsored by SPON sponsored by sponsored by Osterman Research,
More informationWHITE PAPER SPON. Considerations for Archiving in Exchange Environments. Published July 2013 SPONSORED BY. An Osterman Research White Paper
WHITE PAPER N Considerations for Archiving in An Osterman Research White Paper Published July 2013 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationProtect Your Connected Business Systems by Identifying and Analyzing Threats
SAP Brief SAP Technology SAP Enterprise Threat Detection Objectives Protect Your Connected Business Systems by Identifying and Analyzing Threats Prevent security breaches Prevent security breaches Are
More informationWHITE PAPER SPON. What is the Total Value of Ownership for a Hosted PBX? Published September 2012. An Osterman Research White Paper.
WHITE PAPER N What is the Total Value of An Osterman Research White Paper Published September 2012 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationLeveraging Privileged Identity Governance to Improve Security Posture
Leveraging Privileged Identity Governance to Improve Security Posture Understanding the Privileged Insider Threat It s no secret that attacks on IT systems and information breaches have increased in both
More informationWhy You Need to Focus on Social Networking in Your Company
y Why You Need to Focus on Social Networking in Your Company An Osterman Research White Paper Published July 2010 SPONSORED BY #$!#%&'()*(!!!!!"#$!#%&'()*( Osterman Research, Inc. P.O. Box 1058 Black Diamond,
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationWHITE PAPER SPON. Business-Class File Sharing Best Practices SPONSORED BY. An Osterman Research White Paper. sponsored by.
WHITE PAPER N sponsored by Business-Class File Sharing An Osterman Research White Paper SPONSORED BY SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA Tel:
More informationManaging the Unpredictable Human Element of Cybersecurity
CONTINUOUS MONITORING Managing the Unpredictable Human Element of Cybersecurity A WHITE PAPER PRESENTED BY: May 2014 PREPARED BY MARKET CONNECTIONS, INC. 14555 AVION PARKWAY, SUITE 125 CHANTILLY, VA 20151
More information10 Steps to Establishing an Effective Email Retention Policy
WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 10 Steps to Establishing an Effective Email Retention Policy JANUARY 2009 Eric Lundgren INFORMATION GOVERNANCE Table of Contents Executive Summary SECTION
More informationWHITE PAPER. Taking a Strategic Approach to Unified Communications: Best of Breed vs. Single Vendor Solutions SPON. Published February 2013
WHITE PAPER sponsored by Unified Communications: Best of Breed vs. Single Vendor An Osterman Research White Paper Published February 2013 SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond,
More informationFor more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.
Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility
More informationHow Do Threat Actors Move Deeper Into Your Network?
SECURITY IN CONTEXT LATERAL MOVEMENT: How Do Threat Actors Move Deeper Into Your Network? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationWHITE PAPER SPON. Pain Free Unified Communications and Collaboration. Published May 2011 SPONSORED BY. An Osterman Research White Paper.
WHITE PAPER N Pain Free Unified Communications and Collaboration An Osterman Research White Paper Published May 2011 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black
More informationA Comparative Analysis of Leading Anti-Spam Solutions
A Comparative Analysis of Leading Anti-Spam Solutions an Osterman Research white paper Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 Phone: +1 253 630 5839 Fax: +1 253 630
More informationCyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity
Cyber threat intelligence and the lessons from law enforcement kpmg.com/cybersecurity Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many
More informationWHITE PAPER SPON. The Cost and ROI Advantages of IronKey Workspace W300 for Windows to Go. Published May 2013 SPONSORED BY
WHITE PAPER N of IronKey Workspace W300 An Osterman Research White Paper Published May 2013 SPONSORED BY SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA
More informationWHITE PAPER SPON. Managing Content in Enterprise Social Networks. Published August 2014 SPONSORED BY. An Osterman Research White Paper.
WHITE PAPER N Managing Content in Enterprise An Osterman Research White Paper Published August 2014 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationWHITE PAPER SPON. The Cloud Advantage: Increased Security and Lower Costs for SMBs. Published August 2012 SPONSORED BY
WHITE PAPER N Increased Security and Lower Costs for SMBs An Osterman Research White Paper Published August 2012 sponsored by SPONSORED BY! SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black
More informationWHITE PAPER SPON. Email Encryption is an Essential Best Practice. Published August 2014 SPONSORED BY. An Osterman Research White Paper.
WHITE PAPER N Email Encryption is an Essential An Osterman Research White Paper Published August 2014 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationThe Benefits of Unified Communications
y The Benefits of Unified Communications for SMBs An Osterman Research White Paper Published February 2010 SPONSORED BY! #$!#%&'()*(!!!"#$!#%&'()*( Osterman Research, Inc. P.O. Box 1058 Black Diamond,
More informationWHITE PAPER SPON. The Need for Improved Software Quality. Published January 2015 SPONSORED BY. An Osterman Research White Paper.
WHITE PAPER N The Need for Improved An Osterman Research White Paper Published January 2015 SPONSORED BY SPON sponsored by sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More information43% Figure 1: Targeted Attack Campaign Diagram
TrendLabs Data exfiltration is the final stage of a targeted attack campaign where threat actors steal valuable corporate information while remaining undetected. 1 43% of most serious threats to the company
More informationTop 10 Webinar Best Practices
An Osterman Research White Paper sponsored by sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 Phone: +1 253 630 5839 Fax: +1 866 842 3274 info@ostermanresearch.com
More informationHow Boards of Directors Really Feel About Cyber Security Reports. Based on an Osterman Research survey
How Boards of Directors Really Feel About Cyber Security Reports Based on an Osterman Research survey Executive Summary 89% of board members said they are very involved in making cyber risk decisions Bay
More informationFostering Incident Response and Digital Forensics Research
Fostering Incident Response and Digital Forensics Research Bruce J. Nikkel bruce.nikkel@ubs.com September 8, 2014 Abstract This article highlights different incident response topics with a focus on digital
More informationHigh Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe
2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information
More informationIs your business at risk? DO YOU NEED TO KNOW?
Is your business at risk? DO YOU NEED TO KNOW? Do you need Penetration Testing? The main issues our clients have faced in the operational running of the business Client-side attacks Another growing security
More informationEnterprise Email Archiving: Market Problems, Needs and Trends
1 Osterman Research Executive Summary Enterprise Email Archiving: Market Needs and Trends Archiving is to email as record-keeping is to accounting. Enterprises of all sizes are becoming increasingly dependent
More informationHP ArcSight User Behavior Analytics
Insider Threat HP ArcSight User Behavior Analytics Application Misuse Sensitive Data Access Hakan Durgut ArcSight Specialist Nordics/Baltics 1 The insider threat challenge IT Security focus in on the external
More informationExposing the Cybersecurity Cracks: A Global Perspective
Exposing the Cybersecurity Cracks: A Global Perspective Part I: Deficient, Disconnected & in the Dark Sponsored by Websense, Inc. Independently conducted by Ponemon Institute LLC Publication Date: April
More informationPCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com
PCI DSS Overview and Solutions Anwar McEntee Anwar_McEntee@rapid7.com Agenda Threat environment and risk PCI DSS overview Who we are Solutions and where we can help Market presence High Profile Hacks in
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationDISCLAIMER AND NOTICES
DISCLAIMER AND NOTICES The opinions expressed in this presentation are those of the author and presenter alone. They do not represent the views of any other entity. Nothing in this presentation should
More informationAs threat actors target various types of networks, companies with improperly configured network infrastructures risk the following repercussions:
TrendLabs Targeted attacks often employ tools and routines that can bypass traditional security and allow threat actors to move deeper into the enterprise network. Threat actors do this to access data
More informationWHITE PAPER PON SPON. Comparing the Cost of Alt-N MDaemon and Exchange. Published July 2013 SPONSORED BY. An Osterman Research White Paper
WHITE PAPER PON MDaemon and An Osterman Research White Paper Published July 2013 SPONSORED BY SPON sponsored by sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA
More informationThe Cost Benefits of a Hybrid Approach to Security
ed by The Cost Benefits of a Hybrid Approach to Security An Osterman Research White Paper Published February 2010 SPONSORED BY! #$!#%&'()*(!!!!!"#$!#%&'()*( Osterman Research, Inc. P.O. Box 1058 Black
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationBeyond the Hype: Advanced Persistent Threats
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationAchieving Greater TCO Benefits Using a Secure Workspace Solution: Comparing TCO for Three Telework Approaches
WHITE PAPER N Using a Secure : Comparing TCO for An Osterman Research White Paper Published May 2012 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationAccess is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com
Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for
More informationCloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?
A Cloud Security Primer : WHAT ARE YOU OVERLOOKING? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed
More informationPACB One-Day Cybersecurity Workshop
PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance
More informationInternal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015
Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are
More informationOsterman Research Executive Summary
Osterman Research Executive Summary The UK Messaging Market, 2006-2009 Report Focus This report focuses on the messaging market in the United Kingdom. Osterman Research conducted two separate surveys specifically
More informationCyber Governance Preparing for the Inevitable Perimeter Breach
SAP Brief SAP Extensions SAP Regulation Management by Greenlight, Cyber Governance Edition Objectives Cyber Governance Preparing for the Inevitable Perimeter Breach Augment your preventive cybersecurity
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
More informationInformation Security Incident Management Guidelines
Information Security Incident Management Guidelines INFORMATION TECHNOLOGY SECURITY SERVICES http://safecomputing.umich.edu Version #1.0, June 21, 2006 Copyright 2006 by The Regents of The University of
More informationBest Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper
Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationNew York State Department of Financial Services. Report on Cyber Security in the Insurance Sector
New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial
More informationWHITE PAPER SPON. Addressing Information Governance Challenges. Published March 2014 SPONSORED BY. An Osterman Research White Paper.
WHITE PAPER N Addressing Information An Osterman Research White Paper Published March 2014 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
More informationWHITE PAPER SPON. The Need for IT to Get in Front of the BYOD Problem. Published October 2012 SPONSORED BY. An Osterman Research White Paper
WHITE PAPER N The Need for IT to Get in Front An Osterman Research White Paper Published October 2012 sponsored by SPONSORED BY SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington
More informationThree significant risks of FTP use and how to overcome them
Three significant risks of FTP use and how to overcome them Management, security and automation Contents: 1 Make sure your file transfer infrastructure keeps pace with your business strategy 1 The nature
More informationICTN 4040. Enterprise Database Security Issues and Solutions
Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationSecurity Intelligence
IBM Security Security Intelligence Security for a New Era of Computing Erno Doorenspleet Consulting Security Executive 1 PARADIGM SHIFT in crime Sophistication is INCREASING Attacks are More Targeted Attackers
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationActive Directory was compromised, now what?
Need to know details for Administrators Active Directory was compromised, now what? Author Bob Bobel C a y o S o f t w a r e N e e d 2 K n o w. P a g e 2 About the Author As a Product Management Director,
More information