Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
Upcoming SlideShare
Loading in...5
×

Retail Security: Closing the Threat Gap

470

Published on

Retail data breaches can have a serious impact on profitability and the costs of a cybersecurity incident may impact the C-Suite as well as consumer trust.

Tripwire’s chief technology officer Dwayne Melançon (@ThatDwayne) and vice president of security products at IDC Charles Kolodgy (@ckolodgy_idc) discuss the current retail cyber threat landscape with a focus on strategies to mitigate the cybersecurity risks and reduce the costs of potential security breaches, including:

- How to identify the early stages of a data breach

- Why point-of-sale and other business-critical systems require a different approach to data security

- How retailers can use the Top 20 Critical Security Controls to make businesses ‘unattractive’ to cybercriminals

- Qualified attendees will earn one CPE credit for participation in this webcast

A recording of the webcast that accompanies this slide deck can be found here: http://www.tripwire.com/register/retail-security-closing-the-threat-gap/

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
470
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
19
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Copyright IDC. Reproduction is forbidden unless authorized. All rights reserved.
  • Attacks opportunistic
  • DELIVERING CYBERTHREAT SECURITY FOR CRITICAL SYSTEMS
    TO DETECT, PREVENT AND RESPOND TO ENTERPRISE THREATS
  • Retailers are prime targets for cybercriminals because of the opportunity to steal your customers personal and financial data, POS intrustions are the number one type of breach in the past three years

    Defensive measures to stop cyber attacks from penetrated the network are not enough, the assumption needs to be that you will be breached it is just a matter of when.

    Retailer must deploy a layered approach to security, including network perimeter based security, anti-malware and endpoint security for business critical endpoint servers, POS endpoints and desktops
    Focus must be on detective capability early in the attack life cycle
  • Retailers need answers to these questions……..quickly

    How do I know if I have been breached?
    How can I detect a breach before significant loss has occurred?
    How do I protect myself so that I am not an attractive cybercrime target?
    How can I protect the customer data on my POS systems?
    Are we continuously monitoring all our critical endpoints for early indicators of risk and breach activity?
    How can I quickly contain my exposure in case of a breach?

    ------------
    This is one of the biggest challenges in enterprise security teams face today--Many times you have heard the phrase in security, “it’s not a matter of if you have been breached, but when”. I would like to add to that, it is also important to identify how long you have been exposed, or simply being able to detect if you have been breached in the first place.

    The enterprise threat gap is a model that helps us illustrate the amount of time that passes through three critical phases.

    The detection gap indicates the amount of time it takes to discover an actual compromise and identify it’s scope.

    The remediation gap indicates the time between that detection and the amount of time it takes to limit the damage.

    Then we have the preventive gap which is the measure of time it takes to avoid repeated or similar attacks.


    Transition: Lets talk about the challenges in each of these phases in more detail--

    This process allows you to answer three key questions to the business:
    Have we been breached?
    How bad is it?
    Can we avoid this from happening again?
  • This is one of the biggest challenges in enterprise security teams face today--Many times you have heard the phrase in security, “it’s not a matter of if you have been breached, but when”. I would like to add to that, it is also important to identify how long you have been exposed, or simply being able to detect if you have been breached in the first place.

    The enterprise threat gap is a model that helps us illustrate the amount of time that passes through three critical phases.

    The detection gap indicates the amount of time it takes to discover an actual compromise and identify it’s scope.

    The remediation gap indicates the time between that detection and the amount of time it takes to limit the damage.

    Then we have the preventive gap which is the measure of time it takes to avoid repeated or similar attacks.


    Transition: Lets talk about the challenges in each of these phases in more detail--

    This process allows you to answer three key questions to the business:
    Have we been breached?
    How bad is it?
    Can we avoid this from happening again?
  • This is one of the biggest challenges in enterprise security teams face today--Many times you have heard the phrase in security, “it’s not a matter of if you have been breached, but when”. I would like to add to that, it is also important to identify how long you have been exposed, or simply being able to detect if you have been breached in the first place.

    The enterprise threat gap is a model that helps us illustrate the amount of time that passes through three critical phases.

    The detection gap indicates the amount of time it takes to discover an actual compromise and identify it’s scope.

    The remediation gap indicates the time between that detection and the amount of time it takes to limit the damage.

    Then we have the preventive gap which is the measure of time it takes to avoid repeated or similar attacks.


    Transition: Lets talk about the challenges in each of these phases in more detail--

    This process allows you to answer three key questions to the business:
    Have we been breached?
    How bad is it?
    Can we avoid this from happening again?
  • This is one of the biggest challenges in enterprise security teams face today--Many times you have heard the phrase in security, “it’s not a matter of if you have been breached, but when”. I would like to add to that, it is also important to identify how long you have been exposed, or simply being able to detect if you have been breached in the first place.

    The enterprise threat gap is a model that helps us illustrate the amount of time that passes through three critical phases.

    The detection gap indicates the amount of time it takes to discover an actual compromise and identify it’s scope.

    The remediation gap indicates the time between that detection and the amount of time it takes to limit the damage.

    Then we have the preventive gap which is the measure of time it takes to avoid repeated or similar attacks.


    Transition: Lets talk about the challenges in each of these phases in more detail--

    This process allows you to answer three key questions to the business:
    Have we been breached?
    How bad is it?
    Can we avoid this from happening again?
  • This is one of the biggest challenges in enterprise security teams face today--Many times you have heard the phrase in security, “it’s not a matter of if you have been breached, but when”. I would like to add to that, it is also important to identify how long you have been exposed, or simply being able to detect if you have been breached in the first place.

    The enterprise threat gap is a model that helps us illustrate the amount of time that passes through three critical phases.

    The detection gap indicates the amount of time it takes to discover an actual compromise and identify it’s scope.

    The remediation gap indicates the time between that detection and the amount of time it takes to limit the damage.

    Then we have the preventive gap which is the measure of time it takes to avoid repeated or similar attacks.


    Transition: Lets talk about the challenges in each of these phases in more detail--

    This process allows you to answer three key questions to the business:
    Have we been breached?
    How bad is it?
    Can we avoid this from happening again?
  • Do we have full coverage? Are we missing any critical events and alerts?
    Can we directly watch for “risky changes” to critical system configs and files?
    Are these actionable high-confidence alerts from my “trusted security source” ?
    ( false positive and unproven technology issue )

    Can we compare current system state(s) with what we expect? ( beyond just alerts/logs )
    Are we looking at breach info in real-time, without loss?
  • What systems can we trust and what systems are compromised?
    Correlate system state information with other sources for greater accuracy
    Rank findings and difference based on risk and value
    Do we have policies, resources and tools to revert to a trusted production state?
    Remove the suspicious or known malicious assets
    Remove or reduce access to production systems
    Change all production credentials
    Freeze changes, except by core-threat team


    Finally, Revert to a trusted production state
    Recreate systems from trusted sources
    Harden the systems to prevent re-infection or repeat compromises


  • Should we assess our architecture and policies to reduce the opportunity for future compromise?
    Establish Policies and Processes – security and configurations
    Establish baseline and “Good Configuration”
    Establish hardened security configurations

    Secure Management Sponsorship and key system integrity indicators
    Establish “security-metrics” that indicates health of the systems and networks...
    At department, asset class, location level – in words that the C-level understands


    Is our continuous monitoring and threat detection process effective?
    Anchor to a known, trusted standard
    Detect variance early
    Isolate and mitigate incidents before loss occurs
    Understand patterns to better detect anomalies
    Shorten time to detection
    Diagnose efficiently & effectively



  • Full text:
    Detecting an attack in the Recon and W&D phase is very difficult because attackers have become very good at camouflaging themselves as legitimate traffic
    Various types of anti-malware products maybe able to detect a breach during the Malicious Action phase, but this is most often late in the attack cycle after a loss has occurred
    The opportunity for detection is highest during the Exploitation phase when the attacker is making repeated changes to the host/endpoint file system
  • Full text:
    Detecting an attack in the Recon and W&D phase is very difficult because attackers have become very good at camouflaging themselves as legitimate traffic
    Various types of anti-malware products maybe able to detect a breach during the Malicious Action phase, but this is most often late in the attack cycle after a loss has occurred
    The opportunity for detection is highest during the Exploitation phase when the attacker is making repeated changes to the host/endpoint file system
  • Early breach detection requires continuous monitoring of all business critical systems including; Servers, network devices, POS systems and desktops.

    Monitoring of just desktops are not sufficient, focus should also be on systems that contain critical assets like customer data , including in the data center.

    An example of a critical desktop would be all System Administrators who have user admin access
  • Early breach detection requires continuous monitoring of all business critical systems including; Servers, network devices, POS systems and desktops.

    Monitoring of just desktops are not sufficient, focus should also be on systems that contain critical assets like customer data , including in the data center.

    An example of a critical desktop would be all System Administrators who have user admin access
  • Example - Monitoring User ID/Log in to look for anomalies
    o   Ex- user logs into a server that they have never accessed, TE & TLC could detect this and then also monitor exactly what that user did to make a diagnosis if this is indeed a breach or needs investigation
    ·        Tie POS to the bigger threat picture (correlating changes on a POS system with corporate servers)
  • Example - Monitoring User ID/Log in to look for anomalies
    o   Ex- user logs into a server that they have never accessed, TE & TLC could detect this and then also monitor exactly what that user did to make a diagnosis if this is indeed a breach or needs investigation
    ·        Tie POS to the bigger threat picture (correlating changes on a POS system with corporate servers)
  • Example - Monitoring User ID/Log in to look for anomalies
    o   Ex- user logs into a server that they have never accessed, TE & TLC could detect this and then also monitor exactly what that user did to make a diagnosis if this is indeed a breach or needs investigation
    ·        Tie POS to the bigger threat picture (correlating changes on a POS system with corporate servers)
  • Example - Monitoring User ID/Log in to look for anomalies
    o   Ex- user logs into a server that they have never accessed, TE & TLC could detect this and then also monitor exactly what that user did to make a diagnosis if this is indeed a breach or needs investigation
    ·        Tie POS to the bigger threat picture (correlating changes on a POS system with corporate servers)
  • Example - Monitoring User ID/Log in to look for anomalies
    o   Ex- user logs into a server that they have never accessed, TE & TLC could detect this and then also monitor exactly what that user did to make a diagnosis if this is indeed a breach or needs investigation
    ·        Tie POS to the bigger threat picture (correlating changes on a POS system with corporate servers)
  • Example - Monitoring User ID/Log in to look for anomalies
    o   Ex- user logs into a server that they have never accessed, TE & TLC could detect this and then also monitor exactly what that user did to make a diagnosis if this is indeed a breach or needs investigation
    ·        Tie POS to the bigger threat picture (correlating changes on a POS system with corporate servers)
  • Example - Monitoring User ID/Log in to look for anomalies
    o   Ex- user logs into a server that they have never accessed, TE & TLC could detect this and then also monitor exactly what that user did to make a diagnosis if this is indeed a breach or needs investigation
    ·        Tie POS to the bigger threat picture (correlating changes on a POS system with corporate servers)
  • Example - Monitoring User ID/Log in to look for anomalies
    o   Ex- user logs into a server that they have never accessed, TE & TLC could detect this and then also monitor exactly what that user did to make a diagnosis if this is indeed a breach or needs investigation
    ·        Tie POS to the bigger threat picture (correlating changes on a POS system with corporate servers)
  • Tripwire core competency is collecting data—challlenge is that humans cannot deal with it

    Driving Effective Security and Compliance—done on top of a bed of real system state intelligence
    Driven by
    VM –big change—vm assessment instantly
  • Tripwire core competency is collecting data—challlenge is that humans cannot deal with it

    Driving Effective Security and Compliance—done on top of a bed of real system state intelligence
    Driven by
    VM –big change—vm assessment instantly
  • Tripwire core competency is collecting data—challlenge is that humans cannot deal with it

    Driving Effective Security and Compliance—done on top of a bed of real system state intelligence
    Driven by
    VM –big change—vm assessment instantly
  • 85% of attacks result from known vulnerabilities
  • 85% of attacks result from known vulnerabilities
  • 85% of attacks result from known vulnerabilities
  • DELIVERING CYBERTHREAT SECURITY FOR CRITICAL SYSTEMS
    TO DETECT, PREVENT AND RESPOND TO ENTERPRISE THREATS
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×