Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009

  • 930 views
Uploaded on

In a period of economic downturn, the fear and uncertainty of layoffs are strong precursors to enhanced threats as they make employees easy victims for attackers, or prompt them to cause data leakage …

In a period of economic downturn, the fear and uncertainty of layoffs are strong precursors to enhanced threats as they make employees easy victims for attackers, or prompt them to cause data leakage or network crashes due to malicious intent. Employees with internal knowledge of a company’s data, processes and vulnerabilities pose the single largest threat to organizations. In a downturn-related context, security leadership has to be redefined by a Layer 8 approach where CIOs focus on the individual user, and work closely with functional departments to create security risk profiles of all employees.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
930
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
53
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Security Leadership in an Era of Economic Downturn By Abhilash Sonwane, Cyberoam
  • 2. Presentation Sketch Security Issues During a Downturn Methods of Data Leakage CIOs and Security Leadership Identity-based Security on Layer 8
  • 3. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management Security Issues During a Downturn www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 4. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management Scaling back on IT Security Expenses during downturn lay-offs? Bad Idea 59% of laid-off employees admitted to stealing In a survey of 200 organizations, 32% reduced confidential data information security budgets in 2008. 67% used their former firm information in a new job CONSEQUENCE: 60% admit increasing vulnerability to new, emerging security threats (SURVEY: Pokemon Institute, January 2009) (SURVEY: Global Security Survey for the Technology, Media and Telecommunications Industry, May 2009 ) Cost-cutting means companies are less Yesterday’s insiders are today’s outsiders confident in addressing newly emerging threats www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 5. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management Causal Factors behind Data Leakage by Employees User withUser Ignorant Malicious Intent Apathetic employee attacks by Vulnerable to Targeted Hackers, Phishing, Spam Ignores system alerts and virus warnings Social Engineering attacks by ex-employees “Why should I care about this company?” Angry, disgruntled exploits: Facebook, Myspace Social Network employee Lack of awareness about company security policies Sabotages, schemes, teams up with competitor E.g. By survey, 63% employees believed there are “I’ll destroy these people, serves them right!” no restrictions in using USB memory sticks at work Opportunistic, cunning employee (SURVEY: Prefix Security Report, UK) Motivated by personal and financial gain “I’ll steal this data for use in my next job.” www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 6. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management An Example of Data Leakage www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 7. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management Ex-employee extracting data from current employees www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 8. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management Ex-employee extracting data from current employees -The Twist in the Tale Yahoo! Messenger is a standard mode of support communication for the corporation www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 9. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management Ex-employee extracting data from current employees Dan_m24 ********* A disgruntled former employee sends a chat message on Yahoo! casually Asking his ex-colleague to look at his new photos on his Geocities Website The attacker now had the ability to log on at will under the guise of his former colleagues Misguides customers and put the organization at risk www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 10. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management How has this become easier? Hackers on easy street Publicly available vulnerability information The Toolkit business Research – Easy access to information from public and internal resources Today’s network scenario Fluidity of the network perimeter which opens it to partners, customers and more Employees have access to business critical information One cannot help not being (i)n the “Net” www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 11. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management CIOs and Security Leadership www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 12. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management CIO Strategy during Downturn 1 Seeking balance Secure corporate information while supporting business agility www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 13. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management CIOs must step out of The Traditional Security Approach The Current Scenario Problem: Viruses, Worms, DoS attacks, Spyware • Increasing Network complexity Solution: Firewall, IPS, Anti-Virus, Anti-Spam • Departments pose differing levels/types of data security concerns • Increasingly mobile environments in enterprises • Regulatory Compliance www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 14. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management Whatever the Security Solution, Does it have Identity? • Enterprise Security – Firewall / VPN / IPS – AV / AS – Content Filtering, Bandwidth Head Office Management, Multiple Link Management – Endpoint Security • Branch Office and Remote User Security • The 2 questions to ask are – – Does it recognize the user? – Can it control the user – anytime, anywhere in the network (or outside)? Branch Branch Road Office Office Warrior www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 15. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management Summary of Measures to be taken Protecting Data & Securing the enterprise - Managing Remote Access - Remote Offices and Partners Network - Managing the user - The Employee & the Partner Identity-based Security Secure Remote Access Basic Security • Secure the Desktop • Secure the Network www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 16. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management Identity-based Security www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 17. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management Evolving Towards Identity-Based Heuristics User identity – An additional parameter to aid decision making Who is doing what? Who is the attacker? Who are the likely targets? Which applications are prone to attack – who accesses them? Who inside the organization is opening up the network? How? Building patterns of activity profiles – User Threat Quotient www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 18. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management User Threat Quotient - UTQ Calculating the UTQ Rating users on susceptibility to attack Nature of user activity History of activity – normal record access – number and type (customer data / research reports/..) Current status – new employee, terminated , etc. Analyze Who is doing What and When Use of anonymous proxy Downloading Hacker Tools Accessing data off-hours Amount of data accessed www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 19. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management Technical Preventive Measures Use Network Activity coupled with user identity information to: Identify deviations from the normal acceptable user behavior Red flag malicious activity based on UTQ Context of activity – repeated wrong password attempts by new vs. old employee Get Intrusion alerts with user identity information To Ease the data interpretation To Determine how to fine tune the security policies Correlate data, e.g. using Bayesian inference network www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 20. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management Use UTQ for Soft Measures Individualized education based on UTQ information Educating to Key persons – having access to business critical information Educating the employees as their role evolves – joiner, moving up, quitter www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 21. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management Questions?!? www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy
  • 22. Cyberoam Cyberoam - Management Unified Threat Unified Threat Management Thank You! For further info, please contact abhilash@cyberoam.com To Know more about Cyberoam visit www.cyberoam.com www.cyberoam.com Copyright C 2007 Elitecore Technologies Ltd. All rights reserved. Privacy Policy