Proven Practices to Protect Critical Data - DarkReading VTS Deck


Published on

NetIQ was a Platinum sponsor for “Plugging the Leaks: Finding and Fixing the IT Security Holes in Your Enterprise,” a virtual trade show (VTS) produced by Information Week Magazine and Dark Reading.

This was our presentation deck: "Proven Practices to Protect Critical Data" presented by Matt Mosley, Senior Product Manager, and Matt Ulery, Director of Product Management during a live presentation. They explored some of the most significant problems facing security teams tasked with protecting critical data. And, they will reveal some of the most effective approaches and technology that can be used to quickly identify real threats.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Proven Practices to Protect Critical Data - DarkReading VTS Deck

  1. 1. Proven Practices to Protect Critical Data<br />Matt Mosley<br />Sr. Product Manager<br />Matt Ulery<br />Director, Product Management<br />
  2. 2. Information Security Trends<br />2<br />Business<br /><ul><li> Multiple delivery models (private / public / hybrid cloud)
  3. 3. Virtualization & capacity optimization
  4. 4. IT under increasing pressure to support consumerization</li></ul>People<br /><ul><li> Diversity (employees, contractors, outsourcing, partners)
  5. 5. Mergers & acquisitions
  6. 6. Skills generalization </li></ul>Technology<br /><ul><li> Multiple delivery models (private / public / hybrid cloud)
  7. 7. Virtualization & capacity optimization </li></li></ul><li>Is This You?<br />Identifying and securing data is difficult.<br />Environment and threats are increasingly complex.<br />Workload is high and staffing is low.<br />Many point solutions with poor integration.<br />Difficult to gain a meaningful picture of what is happening.<br />3<br />
  8. 8. The New Security Team<br />Protection of sensitive data and mission-critical systems remains a key business objective.<br />Regulatory compliance has provided funding but increased the workload.<br />Compliance programs should (but don’t always) provide meaningful security benefits.<br />4<br />
  9. 9. Supermarket Chains Hit By Data Theft <br />Robert McMillan | IDG News Service| March 18, 2008<br />Data thieves broke into computers at supermarket chains Hannaford Brothers and Sweetbay, stealing an estimated 4.2 million credit and debit card numbers, Hannaford said Monday….<br />The Associated Press reported Monday that more than 1,800 cases of fraud had been linked to the theft, which affects 4.2 million credit and debit card numbers… <br />Dai Nippon Printing reports client data theft<br />Reuters | 12 March 2007<br />TOKYO, March 12 (Reuters) - Japan's Dai Nippon Printing Co. said on Monday a former contract worker stole nearly 9 million pieces of private data on customers from 43 clients including Toyota Motor Corp. <br />Dai Nippon, one of Japan's largest commercial printing companies, said the confidential information included names, addresses and credit card numbers intended for use in direct mailing and other printing services. <br />Dai Nippon said the employee stole client data between May 2001 and March 2006 by copying information on to floppy disks and other recording media.<br />Payment Processor Breach May Be Largest Ever<br />By Brian Krebs | Washington Post | 20 January 2009<br />A data breach last year at Princeton, N.J., payment processor Heartland Payment Systems may have compromised tens of millions of credit and debit card transactions, the company said today.<br />If accurate, such figures may make the Heartland <br />incident one of the largest data breaches ever reported.<br />When It All Goes Wrong…<br />“In filings for the Securities and Exchange Commission, Heartland said that it lost $2 million in the second quarter of this year, and that the 2008 data security breach cost it $32 million as of June 30 (2009)” – Credit Union Times<br />5<br />
  10. 10. Back to BasicsGood Security Makes Compliance Easier.<br /><ul><li>Compliance is a process, not a project.
  11. 11. The best way to achieve compliance is to get the security basics right.
  12. 12. Use compliance programs to help focus security, refine processes, and document what’s done.
  13. 13. Relying simply on compliance to provide security leaves organizations open to attack.</li></ul>6<br />
  14. 14. It’s a Brave New World<br />Cloud computing, virtualization and the consumerization of IT have led us to ask:<br />Who has access to our data?<br />Where are they accessing it from?<br />How do I monitor privileged activity?<br />7<br />
  15. 15. Start by Understanding Risk<br />What are we trying to protect?<br />Identify and classify sensitive data and assets.<br />Who or what are we protecting it from?<br />Vulnerabilities can be technical or non-technical.<br />Accidents or errors often cost more than malicious attacks.<br />What would happen if we fail?<br />Failure to meet regulatory mandates can be costly.<br />Lost business opportunity or interruption of activity.<br />8<br />
  16. 16. Identify and Protect Critical Data<br />Finding the data<br />Data may be in files, on physical media, in databases, or in the cloud.<br />Most breaches involve data that the victim did not know was there.<br />Categorizing data<br />What data is sensitive and at risk?<br />Monitoring access<br />Can I identify abnormal access?<br />Who is really accessing the information?<br />9<br />
  17. 17. Monitor User and Resource Access<br />“Out-of-date and/or excessive privileged and access control rights for users are viewed as having the most financial impact on organizations.”<br />– IDC Insider Risk Management, August 2009<br />“Authorized” users are a major threat to data:<br />Theft, fraud and abuse remain significant problems.<br />Accidental exposure or loss of data.<br />Privileged users represent the greatest risk:<br />Can insert malicious code just about anywhere.<br />Have the ability to override system controls without detection.<br />10<br />
  18. 18. The Importance of User (De-)Provisioning<br />Rajendrasinh Makwana, 35, of Frederick, Maryland, was indicted on January 27 for the attempted malware attack.<br />“Despite Makwana’s termination, [his] computer access was not immediately terminated.” <br />- FBI agent Jessica A. Nye stated in the affidavit.<br />Makwana created a malicious script:<br />- Designed to propagate to all 4,000 servers.<br />- Damage would have cost millions of dollars to repair.<br />Nearly 80% of terminated employees take data with them that they know is against company policy. <br />– Dark Reading Tech Center – Insider Threat: March 2009<br />11<br />
  19. 19. Control and Monitor Privileged Access<br />Monitor system and file integrity<br />Changes to key system files.<br />Modification of rarely accessed data.<br />Investigate unusual changes<br />Changes to key system files.<br />Modification of rarely accessed data.<br />Audit individual actions<br />Focus on privileged and “high risk” users/accounts.<br />12<br />
  20. 20. Capture and Monitor Log Data<br />Security and network devices generate lots of data<br />OS, Network, Virtual, P&A, User Activity, DAM, IAM.<br />Compliance mandates capture and review of logs<br />Logs can often provide early warning signs<br />82% of the time, evidence was visible in logs beforehand.<br />Failure to monitor is costly<br />Breaches often go undiscovered and uncontained for weeks or months.<br />13<br />
  21. 21. Physical, Virtual, Hybrid<br />Virtualization brings its own challenges to maintaining compliance<br />Maintain and extend security for critical system into the virtual environment<br />Audit and configuration are just as important<br />Log management is still required<br />14<br />
  22. 22. Some Questions to Ask Yourself…<br />How do I monitor privileged users?<br />How do I detect changes?<br />How can I see what has changed, and who changed it?<br />How do I see when someone accesses sensitive information?<br />How do I know if someone copies sensitive data?<br />What about protecting Active Directory and Group Policy Objects?<br />What about relational databases?<br />15<br />
  23. 23. Summary<br />Complexity is increasing; capacity is not.<br />Criminals are having success exploiting weaknesses in process as much as technology.<br />Hybrid service delivery models simply change the threat vector but do not reduce the risk.<br />Focus on basic good practices to get ahead of the bad guys.<br />16<br />
  24. 24. Security & Compliance<br />Performance & Availability <br />Identity & Access<br />17<br />Our Areas of Focus and Expertise<br /><ul><li>Manage and audit user entitlements
  25. 25. Track privileged user activity
  26. 26. Protect the integrity of key systems and files
  27. 27. Monitor access to sensitive information
  28. 28. Simplify compliance reporting
  29. 29. Monitor and manage heterogeneous environments including custom applications
  30. 30. IT Service validation and end-user performance monitoring
  31. 31. Dynamic provisioning of large-scale monitoring with exceptions
  32. 32. Functional and hierarchical incident escalation
  33. 33. Deliver and manage differentiated service levels
  34. 34. User Provisioning Lifecycle Management
  35. 35. Centralize Unix account management through Active Directory
  36. 36. Reduce number of privileged users
  37. 37. Secure delegated administration
  38. 38. Windows and Exchange migration</li></ul>17<br />© 2010 NetIQ Corporation. All rights reserved.<br />
  39. 39. Learn More in Our Virtual Booth<br />Complete our survey. <br />For a chance to win one of two Apple iPads.<br />Chat with our product experts.<br />Download analyst research reports:<br />“Build Security Into Your Network’s DNA: The Zero Trust Network Model” - Forrester<br />View recent webinars with industry experts:<br />“Combating the Insider Threat: Vulnerabilities and Countermeasures” with Ira Winkler<br />Access informative whitepapers, including:<br /> “Address the Insider Threat of Privileged Users”, co-authored by Dr. Eric Cole<br />18<br />
  40. 40. Thank You For Attending!<br />