Prevent Security Breaches by Protecting Information Proactively

Similar documents
Anatomy of a Data Breach: Why Breaches Happen and What to Do About It

Anatomy of a Data Breach Why Breaches Happen and What to Do About It

Impact of Data Breaches

Addressing Evolving Threats & Responses in a MITA 3.0 World Robert Myles, CISSP, CISM

Symantec DLP Overview. Jonathan Jesse ITS Partners

Franchise Data Compromise Trends and Cardholder. December, 2010

ITAR Compliance Best Practices Guide

AB 1149 Compliance: Data Security Best Practices

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Using Data Loss Prevention for Financial Institutions Banks, Credit Unions, Payments

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Incident Response. Proactive Incident Management. Sean Curran Director

The Top Web Application Attacks: Are you vulnerable?

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

How-To Guide: Cyber Security. Content Provided by

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

PCI Compliance for Healthcare

SecurityMetrics Vision whitepaper

Passing PCI Compliance How to Address the Application Security Mandates

Common Data Breach Threats Facing Financial Institutions

How To Protect Yourself From Cyber Threats

Computer Security at Columbia College. Barak Zahavy April 2010

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

A Proposal of Employee Benefits. Innovations in IDENTITY THEFT

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Payment Card Industry - Achieving PCI Compliance Steps Steps

Don't Be The Next Data Loss Story

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009

PCI Data Security Standards

Why The Security You Bought Yesterday, Won t Save You Today

Is the PCI Data Security Standard Enough?

Agenda , Palo Alto Networks. Confidential and Proprietary.

Top tips for improved network security

Global Partner Management Notice

How To Stop A Cybercriminal From Stealing A Credit Card Data From A Business Network

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Data Breach Strikes - Nerds & Geeks Unite: Effective Cooperation Between Privacy and Technical Experts Presented by: Paul H. Luehr, Managing Dir.

Protecting personally identifiable information: What data is at risk and what you can do about it

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Are You Ready for PCI 3.1?

plantemoran.com What School Personnel Administrators Need to know

IS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper

Data Security: Fight Insider Threats & Protect Your Sensitive Data

SecureAge SecureDs Data Breach Prevention Solution

Take Control of Identities & Data Loss. Vipul Kumra

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Data Loss Prevention: Data-at-Rest vs. Data-in-Motion

Security.cloud Configuring DLP on to your flow and applying security to your hosted deployment

Payment Card Industry Data Security Standard

Data Security for the Hospitality

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

Sample Data Security Policies

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

White Paper. Guide to PCI Application Security Compliance for Merchants and Service Providers

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

Kaspersky Lab s Full Disk Encryption Technology

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

A Buyer's Guide to Data Loss Protection Solutions

2012 Data Breach Investigations Report

Managing IT Security with Penetration Testing

September 20, 2013 Senior IT Examiner Gene Lilienthal

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Transcription:

Prevent Security Breaches by Protecting Information Proactively John Reichard, Senior Systems Engineer New York, NY November 17 th, 2011 1

Agenda 1 Causes of a Data Breaches 2 Breaches are Preventable 3 Symantec DLP Demonstration 4 Getting Started 5 Q&A 2

Do you know 285 Million records were stolen in 20081 $225 is the average cost per record breached due to malicious acts 2 67% of data breaches happen because of the mistakes of well meaning insiders 3 1. Verizon Business Risk Team, 2009 Data Breach Investigations Report 2. Ponemon Institute, Cost of a Data Breach Study, 2008 3. Verizon Business Risk Team, 2009 Data Breach Investigations Report 3

Causes of a Breaches 4

Root Causes of Data Breaches Well Meaning Insiders Malicious Insiders Targeted Attacks 5

Root Causes of Data Breaches Well Meaning Insiders Malicious Insiders Targeted Attacks 6

Well Meaning Insider Hacker Employee Desktop Server Firewall Well-Meaning Insider Breach Sources 1. Data on servers & desktops 2. Lost/stolen laptops, mobile devices 3. Email, Web mail, removable devices 4. Third party data loss incidents 5. Business processes 7

Well Meaning Insider Employee Desktop Server Firewall Well-Meaning Insider Breach Sources 1. Data on servers & desktops 2. Lost/stolen laptops, mobile devices 3. Email, Web mail, removable devices 4. Third party data loss incidents 5. Business processes 8

Well Meaning Insider Firewall Email Web mail Well-Meaning Insider Breach Sources 1. Data on servers & desktops 2. Lost/stolen laptops, mobile devices Mobile Device 3. Email, Web mail, removable devices Employee CD/DVD USB 4. Third party data loss incidents 5. Business processes 9

Well Meaning Insider Well-Meaning Insider Breach Sources Database Servers Desktop Sharepoint 3 rd Party Outsourcers/partners Payroll processing Credit card payment processing Call centers, support centers Supply chain order management 1. Data on servers & desktops 2. Lost/stolen laptops, mobile devices 3. Email, Web mail, removable devices 4. Third party data loss incidents 5. Business processes 10

Well Meaning Insider Cron job automatically sending data in the clear Firewall Well-Meaning Insider Breach Sources 1. Data on servers & desktops 2. Lost/stolen laptops, mobile devices 3. Email, Web mail, removable devices 4. Third party data loss incidents 5. Business processes FTP Server 11

Root Causes of Data Breaches Well Meaning Insiders Malicious Insiders Targeted Attacks 12

Targeted Attacks 1 2 3 4 INCURSION DISCOVERY CAPTURE EXFILTRATION Attacker breaks in via targeted malware, improper credentials or SQL injection Map organization s systems Automatically find confidential data Access data on unprotected systems Install root kits to capture network data Confidential data sent to hacker team in the clear, wrapped in encrypted packets or in zipped files with passwords 13

Root Causes of Data Breaches Well Meaning Insiders Malicious Insiders Targeted Attacks 14

Malicious Insiders Home Computer Unhappy Employee IM Webmail Firewall Malicious Insider: Four Types 1. White collar criminals Email 2. Terminated employees Mobile Device 3. Career builders 4. Industrial spies CD/DVD USB Unhappy Employee 15

Breaches are Preventable 16

Symantec Can Help Well Meaning Insider Targeted Attack Malicious Insider US Federal Agency Situation Employee data leaving via the network Needed to determine scale of breach Tech Company Situation Network overtaken by hackers Carder ring on corporate machines Financial Services Situation Planning a reduction in force Rumors circulate Employees tried stealing data Results Results Results Data on servers for application Investigations team flown out Blocked emails containing testing confidential data Aided by local law enforcement Cleaned up exposed data Prevented loss of thousands of Prosecuted perpetrators p customer records Fixed broken business process 17

Broken Business Processes Well meaning insider and West Coast Bank SETUP Employee sent Gmail with confidential data to wrong address Email contained customer names, addresses, tax ID, and loan info Recipient ignored repeated requests to delete confidential information Bankfiled lawsuit againstgoogletorevealrecipient to recipient identity IMPLICATIONS Bank kis required dto engage in costly breach hdisclosure process Risk includes serious fines and significant brand damage Similar cases have resulted in ongoing FTC audit for two decades 18

Well Meaning Insiders Help Hackers Insiders and Hackers vs. Major Federal Agency SETUP Security team detected data theft incident. Knew they were in trouble Crucial missing information: From where did the hackers steal data? Called Symantec to help them answer this question WHAT WE DID Symantec found the original target of the hacker s efforts A software development team had copies of this employee data RESULT Internal data spill event is now under control Symantec instrumental in the cleanup 19 19

Data Breach By Hackers Hackers vs. Payment Processor SETUP Extensive fraudpatterns detected byvisa andmastercard Investigations revealed complex attack resulting in data theft WHAT HAPPENED Hackers broke into system to install sniffer rootkits on key systems Large quantities of cardholder data covertly transported to home base RESULT Large scale brand damage plus compliance fines Quick recovery to PCI compliance facilitated by Symantec DLP 20 20

ID Theft Ring Brought Down Malicious insiders vs. National Consumer Cable Co. SETUP Payment center desk clerk ran cc# fraud ring from work Her legitimate access to cc# s turned into a big problem WHAT WE DID Symantec detected credit card numbers sent via email Perpetrator terminated using evidence from our software RESULT Later, clerk s accomplice came to the worksite with a gun Both suspects have been arrested and are now serving time 21 21

Data Breaches During Hard Times Malicious insiders vs. Leading Savings and Loan SETUP After RIF rumors, employees decided to start stealing data Over 12 sales people tried to email customer data out the door WHAT WE DID Symantec was there for a big diving catch that day RESULT We stopped a dozen theft attempts cold DLP is now considered mission critical with this customer 22 22

Symantec DLP Demonstration 23

Getting Started 24

How to Stop Data Breaches Protect information proactively Automate review of entitlements Identify threats in real time Integrate security Prevent data Stop targeted operations exfiltration ti attacks 25 25

Next Steps 1 Are there signs of incursion into your perimeter? 2 Where isyour data and where isitgoing? it 3 Are your critical systems well protected? 26

Thank You! Q & A? John Reichard John_Reichard@symantec.com 917.392.0976 John graduated dfrom Ohio University it in 1997 Pre Med Mdwith a Bachelor Degree in Si Science, a Bachelor Degree in Business Administration (Management Information Systems) and a Minor in Spanish. After graduation, John was hired by Compuware Corporation as a Sales Engineer for software development and testing technologies in the Chicago area. Later, John was promoted to a Global Subject Matter Expert in Application Production Monitoring and Application Security. Following Compuware, John made the leap in to the start up world when he joined Vontu, the leader in Data Loss Prevention. Since joining Vontu, John has been primarily focus on the financial sector. In December 2007, Vontu was acquired by Symantec. Currently, John is an Information and Identity Protection ti Senior Systems Engineer for Symantec in New York City. 27

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information