Secure the Dark Matter of Your Network

1. S E C U R E T H E D A R K M A T T E R O F Y O U R N E T W O R K With Opportunistic Scanning B R E A C H A N A L Y T I C S What data is at risk How will attackers compromise the data What will it cost when you’re breached

2. E X E C U T I V E S U M M A R Y Today we are in the midst of digital warfare, it is a global epidemic with all of our data under relentless assault. Over the last several years, companies of all sizes and in every industry have seen their sensitive data lost or stolen. Data is most likely one of your corporation’s most valuable assets. Preventing digital data theft of intellectual property, trade secrets or or incidental losses is paramount for the success of any business. So where is this sensitive data lurking? If you are p ro a c t i v e l y re m e d i a t i n g o n l y k n o w n d a t a repositories and devices, but not scanning for rogue payment data, personal identifiable information and vulnerabilities, you leave yourself exposed to a truly unknown level of risk. If you’re a CISO, CIO or in Security Operations, you’re probably doing everything you can to keep your corporate data safe. To that end, this paper will explain how to find your risk from unknown, unprotected data, and how you can quantify that risk in absolute dollars and cents to help bridge the gap between your remediation goals and your organization’s financial strength. Billy Austin President C O N T E N T S Introduction to Dark Matter Page 3 From Remediation to Prevention Page 6 A Proactive Security Strategy Page 7 Unmatched Data Discovery Page 9 Powerful Cloud Console Page 10 Conclusion Page 11 About iScan Online Page 12 2 Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning

3. Scientists believe that as much as 80% of the universe is made up of dark matter that we currently know little, if anything about. We can’t measure it, see it, and don’t know its properties. We know that, accounting for 80% of the mass of the universe, it must be important; but how, what, and why is beyond our present grasp. We only know it exists when we see it influence elements of the observable universe, like light bending around an invisible black hole. In fact, describing and quantifying the role of dark matter within the universe is one of the greatest challenges facing today’s astrophysicists. Similarly, perhaps the greatest obstacle facing security professionals today arises from another type of dark matter lurking in today's networks: the unknown security threat. Whether it’s payment data or other sensitive personal identifiable information sitting unnoticed on cloud drives and long- since-archived outlook files or the myriad devices constantly connecting to corporate networks around the world, we know these instances of unencrypted PII and untamed devices undermine our networks, but they are often virtually invisible to our traditional efforts to perform data discovery and security assessments on them. Consequently, many devices continue to pose a threat while we struggle to know their security posture, vulnerabilities, compliance status, or what sensitive data they may contain. MY DEVICES, YOUR PROBLEM Classic methods of scanning devices on the network are very good at discovering and finding vulnerabilities on devices that they can see. However, they can only see devices that are on the network at the moment in time the scan is executed. At the same time, these types of plodding network security scans can take a long time to complete while chewing-up precious bandwidth resources. In the past, this was enough: concerns about network latency and device utilization, forced organizations to perform scans during off-hours. Initially this approach did not present an issue as the majority of servers, network devices, and even desktops were always plugged in. These devices were considered static and reachable whether the scan happened at 3am or 3pm, or anytime in between. A snapshot of the threats and the industries that are most threatened today 3 Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning I N T R O D U C T I O N T O D A R K M A T T E R W h a t s t r a n g e a s t r o p h y s i c a l p h e n o m e n o n h a s i n c o m m o n w i t h y o u r d a t a n e t w o r k . 50% 50% Malicious Outsider System Glitch 8%4% 9% 13% 21% 45% Retail Technology Financial Government Education Other

4. The average per-record cost in 2014 to remediate after a breach occurs $100.00 $200.00 $300.00 $400.00 Healthcare Education Energy Financial Technology Retail THE STATUS-QUO HAS CHANGED We live in a world of branch ofﬁces, remote workers, transient contractors and mobile users. And while they may not know the difference between BYOD and BYOB, they are leading the charge towards mixed- use devices and non- standard business platforms. Microsoft Windows, while still representing a large portion of the market, is no longer at 95% market share. In fact, PCs themselves represent a smaller and ever- shrinking share of the devices on our networks. Virtually every network today has a wide array of smartphones, tablets and personal devices of many shapes and sizes constantly requesting access. All of these different devices access our network from different locations and at different times. Worse, lax or non-existent security policies among users mean that, while your network may be buttoned-up, your users are still prone to downloading malware or inﬁltration by bad actors who use their trusted credentials as a pivot point into your network. Since a large percentage of the devices that access the network are no longer available to scan during off-peak times, a traditional network security scan is essentially ineffective for those devices. These unscanned devices and the unencrypted data they contain are the dark matter of your network. They exist and they are an important part of the network, but there is no evidence or means to quantify the risk they pose. At least there isn’t with traditional vulnerability scanning, or until they announce their presence after-the-fact through a potentially devastating breach. 4

5. ACKNOWLEDGING A SECURITY BLIND SPOT If only there was a way of actually scanning these dark matter devices. A network could be made much safer and more immune to attack. Unfortunately, the attackers recognize that most organizations are woefully ill equipped to manage this sort of opportunistic vulnerability scanning and data discovery. In fact, current trends indicate that attacks targeting these devices are on the rise as increasing numbers of disparate devices access the network from locations out of scope for traditional assessment technologies. Today there is a significant blind spot in the vulnerability management solutions that many organizations have spent precious security budget dollars implementing. Frankly, this “blind spot” is a tremendous risk that organizations cannot continue to fail to manage due to a lack of insight. Regulatory compliance schemes recognize this risk. The PCI Council, for instance, has mandated that internal scans of devices be conducted regularly and discovered vulnerabilities and risks should be prioritized for remediation. Likewise in health care, HIPAA has mandated security scanning of devices for health related PII (Personally Identifiable Information). At the same time, regulations like FERPA now govern the protection of student PII and well-regarded security firms like the Ponemon Institute are spearheading analysis on the true cost of a data breach. In short, for most organizations, having such a large number of dark matter devices accessing their networks without visibility is no longer acceptable! The only solution is a strategy designed to answer three crucial questions: 1. What unencrypted data is at-risk on my networks? 2. Where are the vulnerabilities that will allow access to that data by attackers? 3. How much will it cost to remediate the breach after-the-fact? 2,803,036 Records lost or stolen every day 116,793 Records lost or stolen every hour 1,947 Records lost or stolen every minute 32 Records lost or stolen every second F R O M R E M E D I A T I O N T O P R E V E N T I O N The dark matter on your network is a considerable risk. With today's targeted attacks via spear phishing, APTs, and drive-by malware; attackers need only to target and infiltrate one device to get inside your network and wreak havoc. The overwhelming majority of security incidents are due to a known vulnerability being exploited on a single device to gain access to the larger network. 5 Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning *2014 figures from breachlevelindex.com

6. Opportunistic Scanning & Discovery Fortunately a newly patented technology is now available to address this problem with the introduction of iScan Online’ s "Opportunistic Scanning”. Opportunistic Scanning is the ability to perform assessments on devices accessing network resources when and where they are available. This flexible approach means devices can be assessed regardless of the network connection type or location, provided they are connected to the Internet. This flexibility allows iScan Online to shine a light on the dark matter of networks, giving security personnel unprecedented visibility into the security posture, data and applications of those devices. FLEXIBLE DEPLOYMENT, POWERFUL DETECTION iScan Online provides opportunistic scanning and unique methods that allow you to see more of the networked devices and more of the data on those devices with greater accuracy. iScan Online is deployed through a browser plugin, command line interface (downloadable executable) or as a native mobile app. This methodology is fast, highly accurate, and leverages what most organizations already have in place; Microsoft Active Directory, Systems Management tools, Web Applications, Internet access, and a browser. By combining these existing architectures with iScan Online’s cloud-based analytics, organizations are now empowered to assess all devices throughout the organization. This new, highly accurate methodology also delivers very unique scanning capabilities for today and tomorrow’s computing and mobile platforms. An integrated web portal provides a single point for management, analysis, and reporting, while the individual devices perform the heavy lifting of the scan process, permitting scalability across the globe. This distributed architecture provides unparalleled scalability allowing hundreds of thousands of devices to be scanned in a matter of seconds. Even better, it requires no lengthy deployment cycle or additional network appliances to operate. ELIMINATING FALSE POSITIVES & SAVING RESOURCES iScan Online performs deep inspection of devices using a variety of methodologies including the Windows Registry, native file systems, interrogating system configurations using operating system and Application API’s, and Windows WMI queries. Using these direct access methods instead of relying upon network packet response and injection provides highly accurate results, virtually eliminating false positives, which will save time and money for security personnel. There are also no requirements for modifying ingress firewall routes and ports, or need to configure VPN connections as iScan Online executes on the device and communicates via standard HTTPS web traffic. So despite being more flexible and seamless than many other vulnerability scanners, iScan Online’s deployment model ensures that no device goes unscanned due to a lack of credentials or infrequent network connectivity. 6 A P R O A C T I V E S E C U R I T Y S T R A T E G Y Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning

7. 7 Average increased customer churn rates, post- breach, by industry Credentials? We don’t need no stinking credentials! One of the biggest challenges with assessing connected devices is that network administrators typically don’t have credentials to scan the device. This presents a number of challenges for proper risk assessment. First, security personnel must be given administrator credentials to the device, which is extremely problematic in BYOD environments. Second it creates an additional security risk by trusting a cache of administrator level credentials to be stored and used within systems, which may not have been designed as secure authorization and authentication brokers. Without administrative credentials, network scanners can only provide an outside view of the device, typically a port scan. With iScan Online, the need for credentials is eliminated because the scan runs on the host as the current user. One of the dirty little secrets of current vulnerability assessment solutions is that administrative access is NOT required to properly assess vulnerabilities when the assessment is run locally on a device. Regardless of how scans are delivered, speed and scalability is key. Because iScan Online performs scanning directly on the device, there is no network congestion or latency introduced. There are no worries about exhausting the amount of threads the scanner can spawn. It makes no difference how many devices are being scanned at a time. Scan one device or thousands of devices at a time through iScan Online’s distributed cloud architecture and all scans are completed within a fraction of the time of traditional vulnerability scanners. Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning 1.75% 3.50% 5.25% 7.00% Healthcare Education Energy Financial Technology Retail 1.3% 4.1% 6.1% 2.8% 2.4% 5.9%

8. SCAN FROM WEB APPS The dark matter on your network is a considerable risk. With today's targeted attacks via spear phishing, APTs, and drive-by malware; attackers need only to target and inﬁltrate one device to get inside your network and wreak havoc. The overwhelming majority of security incidents are due to a known vulnerability being exploited on a single device to gain access to the larger network. Scanning can now be easily integrated into existing web applications. Utilizing iScan Online for Web Browsers, organizations can now leverage their growing base of web applications as scanning catch points for devices accessing corporate resources. Whether you manage access via captive web portals, single-sign-on credentialing, or another NAC solution, iScan Online works with your existing security policies to ensure that no device gains access to your network without undergoing a background data discovery and vulnerability scan. Even VPN access can incorporate iScan Online technology via simple connect scripts. Now consider a highly distributed organization with a large remote sales force: Typically these users are accessing sales and order processing applications via the web, they rarely access the corporate network using VPN access and are always on the move. How do you assess these devices for security risk? SCAN FROM ANYWHERE At iScan Online, we’ve made it as simple as adding a “Scan Now” button or web analytics service to your web application. Simply include a small JavaScript snippet into any web application and all users accessing the web application will be scanned for security issues in a quick, efﬁcient and unobtrusive manner. Scans can be performed as often as desired (daily, weekly, quarterly etc.) based on the user accessing the web application. Results from the assessment can be analyzed automatically by the web application in order to make decisions regarding the users web application request. For example, the web application could decide to deny access or to limit available functionality to the user based on discovered data or vulnerabilities. And, as with all iScan Online scans, the results are available for reporting and analysis from iScan Online’s Cloud Console. Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning

9. 9 COMPLETE, CUSTOMIZABLE DISCOVERY iScan Online’s Data Discovery Scan identifies what devices store unprotected trade secrets, intellectual property, and personal identifiable information that are putting your business at risk. Because data is where you least expect it, with iScan Online, you can see every unprotected piece of data within your company, from credit cards and social security numbers in Dropbox, to intellectual property in mail folders and zip files. iScan Online is unmatched in its combination of flexible deployment, comprehensive data discovery and iron-clad validation algorithms like Modulus Check (LUHN) and intelligent Contextual Awareness to reduce false positives or missed data. iScan Online provides a comprehensive data discovery and scanning solution that meets and exceeds today’s regulatory requirements at the federal, state and industry level. This is crucial as most organizations have regulatory compliance mandates that require scanning of all connected devices. For example the PCI Council mandates that all merchants perform regular internal scans and prioritize detected vulnerabilities for remediation to manage risk. The ability to conduct these internal scans on- demand is a compelling use case for iScan Online. As a Participating Organization in the PCI Council, iScan Online’s PCI scan compliance report is the proof a merchant needs to show compliance with this requirement. The same is true of HIPAA, as well as other compliance mandates. iScan Online can be configured to run the various types of scans required to demonstrate compliance with multiple regulations. But the rash of data breaches that have received so much press in the last few years make it abundantly clear that meeting regulatory compliance for vulnerability scanning just isn’t enough. If a network is infiltrated, the ability to proactively identify unprotected PII and intellectual property is the single most powerful enhancement to your network security that you can make. U N M A T C H E D D A T A D I S C O V E R Y Besides identifying security vulnerabilities, a complete strategy requires knowing what employees and devices are storing unprotected sensitive data throughout your company. But how do you know where that data is hiding? Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning Scan Every File Type OST/PST, CSV, HTML, RTF, DOCX, XLSX, PPTX Text Files, SQL, Binary, SXW, PDF, XML, ODT & more. . . Credit Cards American Express, Visa 13 & 16 Digits, MasterCard, Discover, Diners Club, JCB Personally Identifiable Information Social Security, Drivers License, Date of Birth, Passport, Customizable Intellectual Property Custom Patterns, Unique File Attributes, File Owners, etc.

10. 10 Delivering Actionable Analytics All of the raw scan data is aggregated into a beautiful, actionable cloud console that can be customized by role and interactive report focus. These reports are designed to work together to ensure complete network awareness around your exposed data, your most vulnerable devices and your total financial liability by individual device. This means you’ll know instantly what needs to be prioritized and have thrown into stark relief the actual cost to rectify the situation post-breach, so even the C-Suite can understand. Sort and prioritize by the financial liability, the type of vulnerability, the type of unprotected data, the location of the devices and more. iScan Online also makes it simple to track your progress over time with trend reports for unprotected data, device vulnerability and financial liability. What better way to demonstrate the ROI of proactive remediation and ongoing security assessments than tracking the reduction in risk and financial liability over time? This means no more guessing what employee is putting your business at risk. The data discovery report by host shows you without a doubt the volume of sensitive data and file path outlining exactly what is most likely to fall prey to data theft. And because iScan Online integrates data discovery and vulnerability detection, you can see the calculated liability exposure of a potential data breach. That makes it simple to present threat assessments to the C- Suite in hard dollars at risk and to prioritize your remediation efforts on those devices and users that pose the greatest financial risk to your organization. The iScan Online Cloud Console provides multi-tenancy, role-based access, scan configuration, reporting and analysis. It allows administrators to specify how scans are initiated, for example via a web browser, mobile app etc. The Cloud Console gives administrators insight into device compliance and vulnerability posture across the entire organization. P O W E R F U L C L O U D C O N S O L E iScan Online is unmatched in its combination of flexible deployment, data discovery and vulnerability detection. But it truly differentiates itself from every other solution in the market today by its powerful data analytics. Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning A View of the Console

11. Technological Darwinism dictates that new technologies and methods will rise up to take their place and ﬁll the niches for organizations that need solutions. iScan Online is one of these new breed of solutions; with the right approach and technology to tackle the challenges that today’s technologies and organizations require. You can’t afford to have a majority of your network as dark matter. With iScan Online gain the insight you need to shine the light on every section and device in your network. TAKING THE NEXT STEP If you believe that there might be unprotected data, or unsecured devices on your network, you owe it to yourself to explore the best possible solution for your organization. If you believe that a solution that doesn’t require any new appliances, operates without increased network load, and proactively ensures that every device connected to your network is completely and thoroughly scanned, iScan Online might be a winning option. You can see a variety of demos, data sheets and videos, and to request a free 14-day trial of our solution at www.iscanonline.com/support-resources Otherwise, please explore the sample reports to the left. 11 Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning I L L U M I N A T I N G T H E D A R K M A T T E R We are living in exciting times. We are in the midst of a paradigm shift in how organizations conduct business and the technologies and devices they use. These changes will render some older technologies and methods obsolete.

12. I S C A N O N L I N E 5600 Tennyson Parkway, #343 Plano, TX 75024 214-276-1150 www.iscanonline.com sales@iscanonline.com

Secure the Dark Matter of Your Network

Secure the Dark Matter of Your Network

Secure the Dark Matter of Your Network

Recommended

More Related Content

Recently uploaded

Recently uploaded(20)

Featured

Featured(20)

Secure the Dark Matter of Your Network