Data Leakage Prevention - K. K. Mookhey

Data Leakage Prevention Interop 2010 w w w .niiconsulting.com

Agenda  Introduction  Data Leakage Scenario  Cases  Real-world impacts  Vulnerabilities  Building the Business Case  Demystifying DLP Solutions  Implementation Challenges w w w .niiconsulting.com

Speaker Introduction  Founder & Principal Consultant, Network Intelligence  Certified as CISA, CISSP and CISM  Speaker at Blackhat 2004, Interop 2005, IT Underground 2005, OWASP Asia 2008,2009  Co-author of book on Metasploit Framework (Syngress), Linux Security & Controls (ISACA)  Author of numerous articles on SecurityFocus, IT Audit, IS Controls (ISACA)  Conducted numerous pen-tests, application security assessments, forensics, etc. w w w .niiconsulting.com

THE BIGGEST HACK IN HISTORY w w w .niiconsulting.com

Gonzalez, TJX and Heart-break-land  >200 million credit card number stolen  Heartland Payment Systems, 7-Eleven, and 2 US national retailers hacked  Modus operandi  Visit retail stores to understand workings  Analyze websites for vulnerabilities  Hack in using SQL injection  Inject malware  Sniff for card numbers and details  Hide tracks w w w .niiconsulting.com

The hacker underground  Albert Gonzalez  a/k/a “segvec,”  a/k/a “soupnazi,”  a/k/a “j4guar17”  Malware, scripts and hacked data hosted on servers in:  Latvia Ukraine New Jersey  Netherlands California  IRC chats  March 2007: Gonzalez “planning my second phase against Hannaford”  December 2007: Hacker P.T. “that’s how [HACKER 2] hacked Hannaford.” w w w .niiconsulting.com

Where does all this end up? IRC Channels #cc #ccards #ccinfo #ccpower #ccs #masterccs #thacc #thecc #virgincc  Commands used on IRC  !cardable  !cc, !cclimit, !chk, !cvv2, !exploit, !order.log, !proxychk w w w .niiconsulting.com

TJX direct costs $200 million in fines/penalties $41 million to Visa $24 million to Mastercard w w w .niiconsulting.com

Who’s been affected? w w w .niiconsulting.com

BUILDING THE BUSINESS CASE w w w .niiconsulting.com

Profitability in hacking – 2009 w w w .niiconsulting.com

Sectors hacked – Q1 2009 w w w .niiconsulting.com

Back of the envelope SECURITY ROI w w w .niiconsulting.com

Cost of an incident  $6.6 million average cost of a data breach  From this, cost of lost business is $4.6 million  More than $200 per compromised record On the other hand:  Fixing a bug costs $400 to $4000  Cost increases exponentially as time lapses w w w .niiconsulting.com

Direct Costs  Fees for legal recourse to address and forensics  Short-term impact to R&D cost recuperation  Long-term impact to profitability/revenue projections  System and process audits  Fines  Regulatory audit fees  Strategy consulting fees w w w .niiconsulting.com

Numbers on the table w w w .niiconsulting.com

Indirect Cost  $1 billion business  20% new customer base lost  10% of repeat customers lost w w w .niiconsulting.com

Impact to profit margin w w w .niiconsulting.com

The Legal Angle  Computer Crimes Act, 1997  Electronic Commerce Act, 2006  PCI DSS  Central Bank of Malaysia Act, 2009  Personal Data Protection Bill, ??  Guidelines on Internet Insurance  Other regulations w w w .niiconsulting.com

DEMYSTIFYING DLP SOLUTIONS w w w .niiconsulting.com

What does it stand for?  Data Leakage Prevention  Data Loss Protection  Information Loss Protection  Extrusion Prevention  Content Monitoring and Filtering  Content Monitoring and Protection w w w .niiconsulting.com

DLP Solutions  Options  Vendors  Network  End-point  Content-aware  Context-aware w w w .niiconsulting.com

FEATURES TO LOOK OUT FOR w w w .niiconsulting.com

Comprehensive Coverage w w w .niiconsulting.com

Pre-defined policies w w w .niiconsulting.com

Blocking & Alerting w w w .niiconsulting.com

Management Console & Dashboards w w w .niiconsulting.com

Under the hood 1. Rule-based Regular Expressions 2. Database Fingerprinting 3. Exact File Matching 4. Partial Document Matching 5. Statistical Analysis 6. Conceptual/Lexicon 7. Categories w w w .niiconsulting.com

Protecting Data  Data in motion  Network monitor  Email integration  Filtering/blocking and proxy integration  Internal networks  Distributed and Hierarchical deployments  Data at rest  Content discovery techniques  Remote scanning / Agent-Based Scanning / Memory-Resident Agent Scanning  Data in use  Endpoint protection w w w .niiconsulting.com

Coverage  Network  End-point  Bluetooth  Blackberry/iPhones/Smartphones  Operating systems  Virtualized servers  Integration with AD/LDAP  Integration with DRM w w w .niiconsulting.com

GETTING DOWN TO BRASS TACKS w w w .niiconsulting.com

Challenges  User resistance – yet another solution  Over-optimism – this is it!  Under-estimation of effort involved  Lack of trained resources  Absence of policy and procedure framework  Ownership resides with IT  Expensive  False positives  Legal & regulatory framework w w w .niiconsulting.com

Implementation Plan  What matters to you – listing of assets  How important is it – classification of assets  Where does it reside?  Who should be able to do what with it – access rights policy  Strategy  Network Focused  Endpoint Focused  Storage Focused  Integration with existing infrastructure  Monitoring and fine-tuning w w w .niiconsulting.com

Is it working?  Number of people/business groups contacted about incidents -- tie in somehow with user awareness training.  Remediation metrics to show trend results in reducing incidents  Trend analysis over 3, 6, & 9 month periods to show how the number of events has reduced as remediation efforts kick in  Reduction in the average severity of an event per user, business group, etc.  Trend: number of broken business policies  Trend: number of incidents related to automated business practices (automated emails)  Trend: number of incidents that generated automatic email  Trend: number of incidents that were generated from service accounts -- (emails, batch files, etc.) w w w .niiconsulting.com

Questions? Thank you! kkmookhey@niiconsulting.com Information Security Information Security Consulting Services Training Services w w w .niiconsulting.com

http://www.niiconsulting.com	755
http://webcache.googleusercontent.com	1
http://translate.googleusercontent.com	1

Data Leakage Prevention - K. K. Mookhey

by Network Intelligence on Aug 18, 2010

Accessibility

Categories

Tags

Upload Details

Usage Rights

3 Embeds 757

Statistics

Data Leakage Prevention - K. K. Mookhey — Presentation Transcript