全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks

Transcription

1 全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks

2 Agenda Challenges and PCI DSS 3.0 Updates Personal Information Protection Act Strategy to Protect against leak of Confidential Personal and Corporate Data Security Strategy Web Security Strategy Summary

3 Losses due to Card Fraud

4 Why latest PCI DSS Updates? Perimeter Breaches Penetration Tests Vulnerabilities PCI DSS Updates Lack of Network Segmentation

5 PCI DSS 3.0 Updates Section Secure Development Guidelines are applicable to Internal and Bespoke Software 6.5 Updated Developer Training on common coding vulnerabilities, understand Sensitive Data handling in Memory Broken Authentication and Session Management

6 Personal Information Protection Act 名 稱 個 人 資 料 保 護 法 修 正 日 期 民 國 99 年 05 月 26 日 一 個 人 資 料 : 指 自 然 人 之 姓 名 出 生 年 月 日 國 民 身 分 證 統 一 編 號 護 照 號 碼 四 處 理 : 指 為 建 立 或 利 用 個 人 資 料 檔 案 所 為 資 料 之 記 錄 輸 入 儲 存 編 輯 更 正 複 製 檢 索 刪 除 輸 出 連 結 或 內 部 傳 送

7 Enterprise Policy Compliance Enterprise Policy enforcement Organization s security policy Protect Confidential information Intellectual property, privacy regulatory compliance Provide proper access to Compliance Officer

8 Strategies to Protect against Sensitive Data

9 Manage Content

10 The GRC Role G R C Governance Risk Management Compliance

11 Payment Industry Use Case Requirements Filter Virus, Spam, Volume Attack Address Credit Card, ID number leaking On-premises and Cloud-Based Office 365 ediscovery and Compliance through Message Archiving 7-Year Retention Policy, Start Small and Scale-out

12 Outbound DLP and Message Encryption Barracuda Spam Firewall Cloud Relay DLP GRC Barracuda Message Archiver

13 Data Loss Prevention Data Loss Prevention Subject Body Attachment Credit Cards Encrypt Block Encrypt Block Encrypt Block Social Security Personal ID Numbers Numbers Block Block Block Privacy Quarantine Block Quarantine Block Quarantine Block HIPAA Encrypt Block Encrypt Block Encrypt Block

14 Encryption

15 Incoming Encrypted Message

16 Viewing and Replying to Messages

17 Content Filtering Pattern Comment Inbound Outbound Subject Header Body Bulk Edit Encrypt Encrypt Subject Off Encrypt Confidential Block Some Content Block Block

18 ediscovery and Compliance Role-based access and search Role-based AD/LDAP access for auditors String-based searches on userselected fields Detailed audit logs of all operations Policy-driven alerts and retention rules Compliance through policy definitions Global policies Granular policies Legal holds

19 Strengthen Web Security

20 Layer 7 Web Application Attacks DDoS SQL Injection Cookie Manipulation Web Application Vulnerabilities...etc Inbound inspection (protect against layer 7 attacks) Outbound inspection (protect against data theft)

21 Customer Background Compliant with PCI DSS Requires AAA, Strong Authentication, SSO Multi-tier Security Design: Web, Application, DB Protection against SQL Inject, XSS, DDoS, CSRF... Protect as well as Outbound Concern: Redundancy, Security, Scalability, TCO

22 Web Portal Architecture Web DLP App XSS, CSRF, SQL Inject, DDoS, Load Balance Application Visibility Network Visibility User Identity Remote VPN Access IPS, AV, QoS, DDoS DB Database Security

23 Summary

24 Summary Security has multiple attack vectors and surfaces Compliance with the right tool and solution Need to simplify your network and security design, and solution Think about Central Management Capability

25 Comprehensive Portfolio Security Storage Barracuda Web Security Barracuda SSL VPN Barracuda Backup Barracuda Security Barracuda Web Application Firewall Barracuda Message Archiver Barracuda NG Firewall Barracuda Load Balancer ADC Barracuda Copy Barracuda Firewall Barracuda Link Balancer Barracuda SignNow

26 Thank You