Data Leakage Prevention - K. K. Mookhey

Data Leakage
Prevention
Interop 2010

w w w .niiconsulting.com

Agenda

 Introduction
 Data Leakage Scenario
 Cases
 Real-world impacts
 Vulnerabilities
 Building the Business Case
 Demystifying DLP Solutions
 Implementation Challenges


Speaker Introduction

 Founder & Principal Consultant, Network
Intelligence
 Certified as CISA, CISSP and CISM
 Speaker at Blackhat 2004, Interop 2005, IT
Underground 2005, OWASP Asia 2008,2009
 Co-author of book on Metasploit Framework
(Syngress), Linux Security & Controls (ISACA)
 Author of numerous articles on SecurityFocus,
IT Audit, IS Controls (ISACA)
 Conducted numerous pen-tests, application
security assessments, forensics, etc.


THE BIGGEST HACK IN
HISTORY


Gonzalez, TJX and Heart-break-land

 >200 million credit card number stolen
 Heartland Payment Systems, 7-Eleven, and
2 US national retailers hacked
 Modus operandi
 Visit retail stores to understand workings
 Analyze websites for vulnerabilities
 Hack in using SQL injection
 Inject malware
 Sniff for card numbers and details
 Hide tracks


The hacker underground

 Albert Gonzalez
 a/k/a “segvec,”
 a/k/a “soupnazi,”
 a/k/a “j4guar17”

 Malware, scripts and hacked data hosted on servers in:
 Latvia Ukraine
New Jersey
 Netherlands
California

 IRC chats
 March 2007: Gonzalez “planning my second phase against
Hannaford”
 December 2007: Hacker P.T. “that’s how [HACKER 2]
hacked Hannaford.”


Where does all this end up?
IRC Channels
#cc
#ccards
#ccinfo
#ccpower
#ccs
#masterccs
#thacc
#thecc
#virgincc

 Commands used on IRC
 !cardable
 !cc, !cclimit, !chk, !cvv2, !exploit, !order.log,
!proxychk


TJX direct costs $200 million in
fines/penalties

$41 million to
Visa
$24 million to
MasterCard


Who’s been affected?


BUILDING THE BUSINESS
CASE


Profitability in hacking – 2009


Sectors hacked – Q1 2009


Back of the envelope

SECURITY ROI


Cost of an incident

 $6.6 million average cost of a data breach
 From this, cost of lost business is $4.6
million
 More than $200 per compromised record

On the other hand:
 Fixing a bug costs $400 to $4000
 Cost increases exponentially as time lapses


Direct Costs

 Fees for legal recourse to address and
forensics
 Short-term impact to R&D cost
recuperation
 Long-term impact to profitability/revenue
projections
 System and process audits
 Fines
 Regulatory audit fees
 Strategy consulting fees


Numbers on the table


Indirect Cost

 $1 billion business
 20% new customer base lost
 10% of repeat customers lost


Impact to profit margin


The Legal Angle

 Computer Crimes Act, 1997
 Electronic Commerce Act, 2006
 PCI DSS
 Central Bank of Malaysia Act, 2009
 Personal Data Protection Bill, ??
 Guidelines on Internet Insurance
 Other regulations


DEMYSTIFYING DLP
SOLUTIONS


What does it stand for?

 Data Leakage Prevention
 Data Loss Protection
 Information Loss Protection
 Extrusion Prevention
 Content Monitoring and Filtering
 Content Monitoring and Protection


DLP Solutions

 Options
 Vendors
 Network
 End-point
 Content-aware
 Context-aware


FEATURES TO LOOK OUT
FOR


Comprehensive Coverage


Pre-defined policies


Blocking & Alerting


Management Console & Dashboards


Under the hood

1. Rule-based Regular
Expressions
2. Database Fingerprinting
3. Exact File Matching
4. Partial Document
Matching
5. Statistical Analysis
6. Conceptual/Lexicon
7. Categories


Protecting Data

 Data in motion
 Network monitor
 Email integration
 Filtering/blocking and proxy integration
 Internal networks
 Distributed and Hierarchical deployments
 Data at rest
 Content discovery techniques
 Remote scanning / Agent-Based Scanning /
Memory-Resident Agent Scanning
 Data in use
 Endpoint protection

Coverage

 Network
 End-point
 Bluetooth
 Blackberry/iPhones/Smartphones
 Operating systems
 Virtualized servers
 Integration with AD/LDAP
 Integration with DRM


GETTING DOWN TO
BRASS TACKS


Challenges

 User resistance – yet another solution
 Over-optimism – this is it!
 Under-estimation of effort involved
 Lack of trained resources
 Absence of policy and procedure framework
 Ownership resides with IT
 Expensive
 False positives
 Legal & regulatory framework


Implementation Plan

 What matters to you – listing of assets
 How important is it – classification of assets
 Where does it reside?
 Who should be able to do what with it – access
rights policy
 Strategy
 Network Focused
 Endpoint Focused
 Storage Focused
 Integration with existing infrastructure
 Monitoring and fine-tuning


Is it working?

 Number of people/business groups contacted about incidents --
tie in somehow with user awareness training.
 Remediation metrics to show trend results in reducing
incidents
 Trend analysis over 3, 6, & 9 month periods to show how the
number of events has reduced as remediation efforts kick in
 Reduction in the average severity of an event per user,
business group, etc.
 Trend: number of broken business policies
 Trend: number of incidents related to automated business
practices (automated emails)
 Trend: number of incidents that generated automatic email
 Trend: number of incidents that were generated from service
accounts -- (emails, batch files, etc.)
Reference : http://securosis.com/blog/some-dlp-metrics/, Rich Mogull


Questions?
Thank you! kkmookhey@niiconsulting.com

Information Security Information Security
Consulting Services Training Services


Data Leakage Prevention - K. K. Mookhey

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Data Leakage Prevention - K. K. Mookhey

Similar to Data Leakage Prevention - K. K. Mookhey (20)

More from Network Intelligence India

More from Network Intelligence India (20)

Recently uploaded

Recently uploaded (20)

Data Leakage Prevention - K. K. Mookhey