Data Leakage Prevention - K. K. Mookhey
Upcoming SlideShare
Loading in...5
×
 

Data Leakage Prevention - K. K. Mookhey

on

  • 3,750 views

 

Statistics

Views

Total Views
3,750
Views on SlideShare
2,252
Embed Views
1,498

Actions

Likes
0
Downloads
70
Comments
0

4 Embeds 1,498

http://www.niiconsulting.com 1491
http://translate.googleusercontent.com 3
http://niiconsulting.com 3
http://webcache.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Data Leakage Prevention - K. K. Mookhey Data Leakage Prevention - K. K. Mookhey Presentation Transcript

  • Data LeakagePrevention Interop 2010 w w w .niiconsulting.com
  • Agenda Introduction Data Leakage Scenario  Cases  Real-world impacts  Vulnerabilities Building the Business Case Demystifying DLP Solutions Implementation Challenges w w w .niiconsulting.com
  • Speaker Introduction Founder & Principal Consultant, Network Intelligence Certified as CISA, CISSP and CISM Speaker at Blackhat 2004, Interop 2005, IT Underground 2005, OWASP Asia 2008,2009 Co-author of book on Metasploit Framework (Syngress), Linux Security & Controls (ISACA) Author of numerous articles on SecurityFocus, IT Audit, IS Controls (ISACA) Conducted numerous pen-tests, application security assessments, forensics, etc. w w w .niiconsulting.com
  • THE BIGGEST HACK INHISTORY w w w .niiconsulting.com
  • Gonzalez, TJX and Heart-break-land >200 million credit card number stolen Heartland Payment Systems, 7-Eleven, and 2 US national retailers hacked Modus operandi  Visit retail stores to understand workings  Analyze websites for vulnerabilities  Hack in using SQL injection  Inject malware  Sniff for card numbers and details  Hide tracks w w w .niiconsulting.com
  • The hacker underground Albert Gonzalez  a/k/a “segvec,”  a/k/a “soupnazi,”  a/k/a “j4guar17” Malware, scripts and hacked data hosted on servers in:  Latvia Ukraine New Jersey  Netherlands California IRC chats  March 2007: Gonzalez “planning my second phase against Hannaford”  December 2007: Hacker P.T. “that’s how [HACKER 2] hacked Hannaford.” w w w .niiconsulting.com
  • Where does all this end up? IRC Channels #cc #ccards #ccinfo #ccpower #ccs #masterccs #thacc #thecc #virgincc Commands used on IRC  !cardable  !cc, !cclimit, !chk, !cvv2, !exploit, !order.log, !proxychk w w w .niiconsulting.com
  • TJX direct costs $200 million in fines/penalties $41 million to Visa$24 million to MasterCard w w w .niiconsulting.com
  • Who’s been affected? w w w .niiconsulting.com
  • BUILDING THE BUSINESSCASE w w w .niiconsulting.com
  • Profitability in hacking – 2009 w w w .niiconsulting.com
  • Sectors hacked – Q1 2009 w w w .niiconsulting.com
  • Back of the envelopeSECURITY ROI w w w .niiconsulting.com
  • Cost of an incident $6.6 million average cost of a data breach From this, cost of lost business is $4.6 million More than $200 per compromised recordOn the other hand: Fixing a bug costs $400 to $4000 Cost increases exponentially as time lapses w w w .niiconsulting.com
  • Direct Costs Fees for legal recourse to address and forensics Short-term impact to R&D cost recuperation Long-term impact to profitability/revenue projections System and process audits Fines Regulatory audit fees Strategy consulting fees w w w .niiconsulting.com
  • Numbers on the table w w w .niiconsulting.com
  • Indirect Cost $1 billion business 20% new customer base lost 10% of repeat customers lost w w w .niiconsulting.com
  • Impact to profit margin w w w .niiconsulting.com
  • The Legal Angle Computer Crimes Act, 1997 Electronic Commerce Act, 2006 PCI DSS Central Bank of Malaysia Act, 2009 Personal Data Protection Bill, ?? Guidelines on Internet Insurance Other regulations w w w .niiconsulting.com
  • DEMYSTIFYING DLPSOLUTIONS w w w .niiconsulting.com
  • What does it stand for? Data Leakage Prevention Data Loss Protection Information Loss Protection Extrusion Prevention Content Monitoring and Filtering Content Monitoring and Protection w w w .niiconsulting.com
  • DLP Solutions Options Vendors Network End-point Content-aware Context-aware w w w .niiconsulting.com
  • FEATURES TO LOOK OUTFOR w w w .niiconsulting.com
  • Comprehensive Coverage w w w .niiconsulting.com
  • Pre-defined policies w w w .niiconsulting.com
  • Blocking & Alerting w w w .niiconsulting.com
  • Management Console & Dashboards w w w .niiconsulting.com
  • Under the hood1. Rule-based Regular Expressions2. Database Fingerprinting3. Exact File Matching4. Partial Document Matching5. Statistical Analysis6. Conceptual/Lexicon7. Categories w w w .niiconsulting.com
  • Protecting Data Data in motion  Network monitor  Email integration  Filtering/blocking and proxy integration  Internal networks  Distributed and Hierarchical deployments Data at rest  Content discovery techniques  Remote scanning / Agent-Based Scanning / Memory-Resident Agent Scanning Data in use  Endpoint protection w w w .niiconsulting.com
  • Coverage Network End-point Bluetooth Blackberry/iPhones/Smartphones Operating systems Virtualized servers Integration with AD/LDAP Integration with DRM w w w .niiconsulting.com
  • GETTING DOWN TOBRASS TACKS w w w .niiconsulting.com
  • Challenges User resistance – yet another solution Over-optimism – this is it! Under-estimation of effort involved Lack of trained resources Absence of policy and procedure framework Ownership resides with IT Expensive False positives Legal & regulatory framework w w w .niiconsulting.com
  • Implementation Plan What matters to you – listing of assets How important is it – classification of assets Where does it reside? Who should be able to do what with it – access rights policy Strategy  Network Focused  Endpoint Focused  Storage Focused Integration with existing infrastructure Monitoring and fine-tuning w w w .niiconsulting.com
  • Is it working? Number of people/business groups contacted about incidents -- tie in somehow with user awareness training. Remediation metrics to show trend results in reducing incidents Trend analysis over 3, 6, & 9 month periods to show how the number of events has reduced as remediation efforts kick in Reduction in the average severity of an event per user, business group, etc. Trend: number of broken business policies Trend: number of incidents related to automated business practices (automated emails) Trend: number of incidents that generated automatic email Trend: number of incidents that were generated from service accounts -- (emails, batch files, etc.)Reference : http://securosis.com/blog/some-dlp-metrics/, Rich Mogull w w w .niiconsulting.com
  • Questions? Thank you! kkmookhey@niiconsulting.comInformation Security Information SecurityConsulting Services Training Services w w w .niiconsulting.com