Raleigh ISSA, profile picture
Uploaded byRaleigh ISSA
PPTX, PDF421 views

2011-10 The Path to Compliance

This document discusses the challenges of maintaining security and compliance. It notes that most breaches are opportunistic and avoidable through reasonable controls. It also discusses the business model of organized cybercrime and common attack methodologies. The document advocates for a security-first approach using log management, vulnerability scanning, and intrusion detection to help meet compliance requirements and detect security issues in a timely manner. Real-world examples are provided to illustrate how these technical controls can help investigate incidents and resolve audit findings.

Embed presentation

Download to read offline
Alert Logic The Path to Compliance September 2011
Agenda • State of the security market – Organized Cybercrime – Common Attack Methodology • Compliance defined – The Compliance Two-Step – The Obligatory Response • A Security First Approach • Real World Examples
STATE OF THE SECURITY MARKET
Recent Attacks May 4, 2009 Virginia Prescription Monitoring Program, Richmond Virginia Compromised Records: 531,400 Type of Attack: Outside Hacker Outcome: Attacker is still at-large. State notified 531,400 people of the breach by letter November 10, 2010 Holy Cross Hospital, Ft. Lauderdale Florida Compromised Records: 44,000 (1500 Confirmed) Type of Attack: Internal Employee gained access to server Outcome: Employee was fired and arrested. 5 other suspects have been charged. February 10, 2011 Texas Children’s Hospital, Houston Texas Compromised Records: 19,264 Type of Attack: Malware Outcome: Attacker is still at-large. All patients were notified by letter 4
2010 Data Breaches Who is breaching data? How do breaches occur? 70% External Sources (-9%) 48% Involved Privilege Misuse (+26%) 48% Inside Sources (+26%) 40% Hacking (-24%) 11% Business Partners (-23%) 38% Malicious Code (<>) 27% Multiple Partners (-12%) 28% Employed Social Tactics (+16%) 15% Physical Threats (+6%) What Commonalities Exist 85% Attacks were not highly difficult 85% Breaches were the result of opportunistic attacks 96% Were considered avoidable through reasonable controls *Statistics from 2010 Verizon Business Data Breach Investigation Report 5
ORGANIZED CYBERCRIME
Cybercrime Market The Numbers – Global computer crime market estimated to be $7B in 20101 – Russia responsible for $2.5B – Growing ~35% per year overall Interesting Trends – Increase of specialization of participants – On-Demand and Pay-Per-Use services – Developing C2C market 1 Group-IB Report - 2010
Crime Pays Stolen Assets/Criminal Activity Payout Credit Card Details $5-10, expected $1-2 post PSN Bank Credentials $80-$700 Bank Transfers 10% to 40% of amount transferred Social Security Numbers $30-50 0Day Exploits $5,000 - $100,000 Exploits for published vulnerabilities $5,000 - $50,000 Exploit Packs $200 - $5,000 Malware Pay-Per-Install Up to $1.50 for US victims, $0.15-0.60 for other countries
How it Works – The Business Model Register With Cybercrime Group 2 Data Sold Wholesale 5 BLACK MARKET Purchase Malware Pack CYBERCRIME 1 GROUP 6 Payment Made 4 Infected Users Send Data to Group DISTRIBUTOR Infect Users, P2P 3 seeding, XSS VICTIMS
COMMON ATTACK METHODOLOGY
Traditional Attacks Hacker Profile – Talented individual – Young, bored Motivation – To prove a point – Curiosity – Credibility Attack Methods – Worms targeting memory vulns in network services – Attack payload not usually customized
Modern Attack Profile Hacker Profile – Organized Crime (84%) – Dedicated teams who are paid – Teams often work for criminal organizations as a career Motivation – Targeted attack for financial gain – Desire anonymity Attack Methods – Vulnerable web applications – Client side applications – Malware used to keep control
Delivery/Attack Surface Infection Method Difficulty Effectiveness Websites Easy Good P2P Networks Easy Medium SPAM Easy Medium Paid Ads Medium Medium Phishing Easy Poor Traditional Network Exploit Difficult Poor Blackhat SEO Medium Medium Cross Site Scripting ‐ Most sites are vulnerable ‐ Easy to find and users trust the websites SQL Injection ‐ Easy to find ‐ Very common Source: Veracode State of Software Security Report, April 2011
COMPLIANCE DEFINED
Security and Compliance Management is Becoming More Difficult Every Day Increasing number and sophistication in security threats • Improved organization and sophistication of attackers • Prolonged and persistent targeting with compressed timelines to react • Rise of contaminated spam, botnets, and social engineering for malicious breaches Increasing complexity in maintaining compliance • Continuous updates in requirements and reporting standards • Adoption of new regulatory compliance standards • Manual and laborious processes Increasing cost to support and maintain (HW, SW, FTEs) • Training on the latest compliance requirements and security threats • Updating, patching, and maintaining software, scripts, and processes • Rollout of new HW/SW to keep up with increased demand
Complicated and Costly Compliance Picture for Healthcare Implement People, Process, & Technology for Compliance • HIPAA 164.308 Administrative safeguards • HIPAA 164.312 Technical safeguards Penalties for EMR Non-Compliance Coming into Effect • Penalties and Fees up to $1.5M for neglect • Data Breach Notification to HHS and Local Media for breaches >500 patients What about PCI compliance? • PCI applies to every entity that stores, processes, or transmits cardholder information • Patient billing, pharmacy, etc.
Compliance… a costly problem HIPAA & HITECH Vulnerability 164.308 (a)(1)(ii)(A) Risk Analysis – Conduct Vulnerability Assessment Assessment 164.308 (a)(1)(ii)(B) Risk Management – Implement security measures to reduce risk of security breaches 164.308 (a)(1)(ii)(D) Information System Activity Review – Procedures to review system activity IDS/IPS/Log 164.308 (a)(5)(ii)(B) Protection from Malicious Software – Procedures to guard against malicious software host/network IPS Management 164.308 (a)(6)(i) Log-in Monitoring – Procedures and monitoring for log-in attempts on host IDS 164.308 (a)(6)(iii) Response & Reporting – Mitigate and document security incidents 164.312 (b) Log Management Audit Controls – Procedures and mechanisms for monitoring system activity
Compliance… a costly problem PCI DSS SOX (CobiT) Penalties: fines, loss of credit card processing, and Penalties: fines up to $5M, up to 10 year in prison level 1 merchant requirements DS 5.9 Malicious Software Prevention, 6.2 Identify newly discovered security Detection, and Correction Vulnerability vulnerabilities “put preventive, detection, and corrective measures in place Assessment 11.2 Perform network vulnerability scans (especially up-to-date security patches and virus control) across quarterly by an ASV the organization to protect information systems and technology from malware (e.g., viruses, worms, spyware, spam)” DS 5.6 Security Incident Definition “clearly define and communicate the characteristics of potential 5.1.1 Monitor zero day attacks not covered by security incidents so that they can be properly classified and Intrusion Anti-Virus treated by the incident and problem management process” DS 5.10 Network Security Detection 11.4 Maintain IDS/IPS to monitor & alert “use security techniques and related management procedures personnel, keep engines up to date (e.g., firewalls, security appliances, network segmentation, intrusion detection) to authorize access and control information flows from and to networks.” 10.2 Automated audit trails 10.3 Capture audit trails DS 5.5 Security Testing, Surveillance, and Monitoring Log 10.5 Secure logs “…a logging and monitoring function will enable the early Management 10.6 Review logs at least daily prevention and/or detection and subsequent timely reporting of unusual and/or abnormal activities that may need to be 10.7 Maintain logs online for 3 months addressed.” 10.7 Retain audit trail for at least 1 year
The Ugly Truth • Compliance is the output of post-mortem – Some organization did not secure their data, and now everyone else must deploy solutions, software, policies, and guidelines • Compliance will always be a step behind the latest threat • Compliance will NEVER mean you are secure • Compliance mandates will continually be expanded, as hospitals, insurance companies, and other health care resources experience breaches, privacy violations, and security issues
The Compliance Two-Step • Organizations continue to check the compliance box and then struggle to maintain compliance • IDS, Log Manamement and Vulnerability Scanning are the most expensive and resource intensive – and also the most difficult for organizations to implement and maintain • Attacks are not being detected in an acceptable time • Organizations that achieve compliance are able to protect their patient data • Companies will continue to fail to achieve compliance due to lack of time, budget, and technical resources
The Obligatory Response Protective Technical Controls • Firewalls • Routers • Antivirus • System Patching • Complex Passwords • Data Access Controls • Whole Disk Encryption • VPNs
A SECURITY FIRST APPROACH
Analyzing the Facts • Companies aren‘t detecting attacks in an effective way – Why? Chasing false alarms, other priorities, etc… • Companies are not focusing on continuous security – Too many companies check a box and move on • Companies must review log data – Companies need to be more vigilant in this area • Most of the 99% of breaches could have been caught – With effective intrusion detection systems, log management and vulnerability assessment 25
Common Trends • Strong push towards SaaS and MSSPs to augment their staff • Some are looking towards cloud-based technologies to reduce technology expenditures • Moving away from general standards like HIPAA and SOX towards PCI and DISA Standards • Deploying centralization solutions to tie together their compliance efforts • Using GRC tools
Defending Users AV Isn’t Enough – Malware evolves ahead of AV signatures Education – At least half of the executables on P2P network infected – Don’t install software from untrusted sources – Safe browsing – Flash drives
Infrastructure Defense Close your Perimeter (egress too!) Patch your systems Vulnerability scanning – Automated vuln scans & review them regularly IDS – Attempted botnet comm, network scans – Propogation over RPC exploits, brute forcing Windows shares Log Management – Account lockouts due to brute force – Proxy logs WAF
REAL WORLD EXAMPLES
Use Case #1: Security Issues and Identity Theft • Scenario • One of your system administrators returned from a two-week vacation and was unable to login • He believes his account has been locked out, but he’s not sure why • Key Questions to Answer: • Why is the account locked out? • Where did the lock out occur? • When did it occur? • How did it occur?
Effective Log Management Can Prevent Breaches and Provide Compliance Breached customer records cost businesses an average of $202 per record in 20091 “86% of victims had evidence of the breach in their logs…” “in most attacks, the victim has several days or more before data was compromised.”2 Breach or Suspicious Intrusion or Malicious IT alerted Log Activity Penetration Activity Without Too Late Log Mgmt With Breach is Log Mgmt Avoided Log collection and SOC is alerted and monitoring detects security containment activity; sends alert steps are executed
Compliance and Security Simplified: Security Issues and Identity Theft Key Compliance and Security Activities Investigating Monitoring Alerting Log in to a domain controller. Log in to a domain controller Examine the AD object for the daily. Create a filter on the Wait for the System Admin Without user to determine the time of username every day, and to call if their account is Log Management lock-out. Review the logs on review the logs. Repeat locked out again. each domain controller process for every domain manually. controller. Issue: Manual & Timely Issue: Expensive Issue: Reactive • Common index with search capabilities. With • Automated alerting and notification. Log Management • Regular reporting and forensics
Use Case #2: Audit Resolution Challenges • Scenario • A new policy is initiated to require any new Domain Administrators to only be added by the Security Department • A few weeks later, a routine audit discovers some new members in the Domain Admin Group • Key Questions to Answer: • When were these users added? • Who added them? • Who was added?
Compliance and Security Simplified: Audit Resolution Challenges Key Compliance and Security Activities Investigating Monitoring Alerting Log in to a domain controller. Log in to a domain controller Review the logs for group daily. Review Domain Admins Wait for the System Admin Without changes. Hope the logs are group and verify no one has to call if their account is Log Management still on the system and have been added or removed since locked out again. not rolled over. Repeat for the last review. each DC. Issue: Manual & Timely Issue: Expensive Issue: Reactive • Search on the Group Member Added and filter on Domain Admin. With • Save View and have the report emailed on a regular basis. Log Management • Build an automated alert to notify when users added, removed, changed
Use Case #3: Hacker/Attacker • Scenario • For several weeks your network has been running slow • Some systems have been performing abnormally and there are new user accounts that cannot be tied back to a particular user • Suddenly, you receive an odd e-mail from an alleged hacker who claims to have access to sensitive patient files • Key Questions to Answer: • Have you been hacked? • If so, when did it begin? • How would you respond? • Should you notify the media?
Compliance and Security Simplified: Business Critical Applications Key Compliance and Security Activities Investigating Monitoring Alerting Log in to the firewall/VPN Log in to VPN. Search inside gateway, look through the of the VPN Disconnect Wait for the Network Without logs (if it can store the logs). messages. See what time the Engineer to log in and Intrusion Detection Look for disconnect disconnect occurred and all discover it is down. messages, and errors. Etc. errors related to the VPN session. Issue: Manual & Timely Issue: Expensive Issue: Reactive • Use logs to search for suspicious message, account creation, firewall With messages. Intrusion Detection • Use IDS to look for attack attempts. • Focus efforts on actionable security incidents
With Complicated Threats, There is a Need for Security Expertise Lots of point solutions, but difficult to consume all the data It is nearly impossible to be aware of all forms of attacks and attack-responses, and perform all the other functions expected relating to daily operations Breach or Suspicious Intrusion or Malicious IT alerted Log Activity Penetration Activity Without IDS Too Late With IDS Breach is Avoided Log collection and Security containment monitoring detects steps are executed activity; sends alert
CONCLUSION
Meeting the Challenges Head On • Move from manual to automated log management – Keys to success: effective and sustainable log management and review • Choose a vulnerability assessment solution that aligns with your network – Keys to success: centralized view and remediation knowledge • Select an intrusion protection solution that doesn’t require costly implementation, configuration and management – Keys to success: Implement a solution that adapts to your network security policies and minimizes the work load of your resources
Q&A
Who is Alert Logic? Founded: 2002 Customers: 1,200+, spanning 3 continents Staff: 100+ Service Renewal Rate: ~99% Experienced Management Profitable w/ Strong Balance Sheet Patented SaaS Products Integrated Services Log Manager LogReview Threat Manager ActiveWatch • Easy to implement and deploy • 24x7 Security Operations Center • Flexible and Scalable • GIAC-certified security analysts • Improve security and threat visibility Delivering measurable • Meet compliance requirements • Lower, more predictable costs customer benefits • Quicker Time-to-Value
Contact • Mark Brooks • mbrooks@alertlogic.com

More Related Content

PPTX
ISACA ISSA Presentation
byMarc Crudgington, MBA
 
PPTX
7 mike-steenberg-carlos-lopera-us-bank
byshreemala1
 
PPT
Security Lifecycle Management Process
byBill Ross
 
PPT
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
byGaurav Srivastav
 
PPTX
Spiceworld 2011 - AppRiver breakout session
byShane Rice
 
PPTX
Cybersecurity - Sam Maccherola
byTechBiz Forense Digital
 
PDF
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
byNetpluz Asia Pte Ltd
 
PDF
Securing Internet Payment Systems
byDomenico Catalano
 
ISACA ISSA Presentation
byMarc Crudgington, MBA
 
7 mike-steenberg-carlos-lopera-us-bank
byshreemala1
 
Security Lifecycle Management Process
byBill Ross
 
30 it securitythreatsvulnerabilitiesandcountermeasuresv1_2
byGaurav Srivastav
 
Spiceworld 2011 - AppRiver breakout session
byShane Rice
 
Cybersecurity - Sam Maccherola
byTechBiz Forense Digital
 
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
byNetpluz Asia Pte Ltd
 
Securing Internet Payment Systems
byDomenico Catalano
 

What's hot

PDF
How to analyze cyber threats
byAkankshaPathak27
 
PPTX
The State of Endpoint Security Today
byJustine Shaffer
 
PDF
Insider threat
byARCON TECHSOLUTIONS
 
PPTX
Cyber Security for Financial Planners
byMichael O'Phelan
 
PDF
Balancing Your Internet Cyber-Life with Privacy and Security
byevolutionaryit
 
PPT
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
byUISGCON
 
PDF
Insider Threats Webinar Final_Tyco
byMatt Frowert
 
PDF
C018131821
byIOSR Journals
 
PDF
Cybercriminals and security attacks
byGFI Software
 
PPT
Jon ppoint
byCheryl White
 
PDF
Spam and Phishing Report - Marzo 2010
bySymantec Italia
 
PDF
Cyber Attack Methodologies
byGeeks Anonymes
 
DOCX
VAPT- A Service on Eucalyptus Cloud
bySwapna Shetye
 
PDF
Thornton e authentication guidance
byHai Nguyen
 
PPT
Information_Security_Class
byDr. Robert L. Straitt
 
PDF
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
byAccellis Technology Group
 
PDF
VAPT Infomagnum
byARUN REDDY M
 
PDF
VulnerabilityRewardsProgram
byTaha Kachwala
 
PDF
Detecting-Preventing-Insider-Threat
byMike Saunders
 
PPTX
Cybersecurity Training
byWindstoneHealth
 
How to analyze cyber threats
byAkankshaPathak27
 
The State of Endpoint Security Today
byJustine Shaffer
 
Insider threat
byARCON TECHSOLUTIONS
 
Cyber Security for Financial Planners
byMichael O'Phelan
 
Balancing Your Internet Cyber-Life with Privacy and Security
byevolutionaryit
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
byUISGCON
 
Insider Threats Webinar Final_Tyco
byMatt Frowert
 
C018131821
byIOSR Journals
 
Cybercriminals and security attacks
byGFI Software
 
Jon ppoint
byCheryl White
 
Spam and Phishing Report - Marzo 2010
bySymantec Italia
 
Cyber Attack Methodologies
byGeeks Anonymes
 
VAPT- A Service on Eucalyptus Cloud
bySwapna Shetye
 
Thornton e authentication guidance
byHai Nguyen
 
Information_Security_Class
byDr. Robert L. Straitt
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
byAccellis Technology Group
 
VAPT Infomagnum
byARUN REDDY M
 
VulnerabilityRewardsProgram
byTaha Kachwala
 
Detecting-Preventing-Insider-Threat
byMike Saunders
 
Cybersecurity Training
byWindstoneHealth
 

Viewers also liked

DOCX
Task 7 booklet task
byali_b94
 
PDF
UFFL DECK
byBen Steward
 
PPT
Cri vision to gprc foundation (feb 2011)
byGPRC Research & Innovation
 
PPT
Why bother bout Social Media
byNipun Kapur
 
PDF
Uo2 samples exposed to jh device
byJohn Hutchison
 
PDF
ms3n
bysssfcmedia
 
ODP
Homophobia
byEmma Shervill
 
Task 7 booklet task
byali_b94
 
UFFL DECK
byBen Steward
 
Cri vision to gprc foundation (feb 2011)
byGPRC Research & Innovation
 
Why bother bout Social Media
byNipun Kapur
 
Uo2 samples exposed to jh device
byJohn Hutchison
 
ms3n
bysssfcmedia
 
Homophobia
byEmma Shervill
 

Similar to 2011-10 The Path to Compliance

PPTX
Anatomy of an Attack
byspoofyroot
 
PDF
Oracle tech db-02-hacking-neum-15.04.2010
byOracle BH
 
PDF
Information Security
byMadushan Sandaruwan
 
PPTX
Owasp e crime-london-2012-final
byMarco Morana
 
PDF
20120329 Cybercrime threats on e-world
byLuc Beirens
 
PDF
ISACA Los Angeles 2010 Compliance - Ulf Mattsson
byUlf Mattsson
 
PPTX
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
byMark Evertz
 
PPT
Security Compliance Web Application Risk Management
byMarco Morana
 
PPTX
What is the Cybersecurity plan for tomorrow?
bySamvel Gevorgyan
 
PPTX
Cyber Attacks and Defences - JNTUH,Cyber Attacks and Defences
byNiharikaGuptas
 
PPT
Hackers Cracker Network Intruder
byErdo Deshiant Garnaby
 
PPTX
Ulf mattsson webinar jun 7 2012 slideshare version
byUlf Mattsson
 
PPTX
Owasp atlanta-ciso-guidevs1
byMarco Morana
 
PPT
Hackers
byMohamed Boudchiche
 
PPTX
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
byUlf Mattsson
 
PPTX
Trend Micro - is your cloud secure
byKappa Data
 
PDF
Information Systems Audit - Auditing Information Systems
byssuser557ea5
 
PDF
Identity Theft
bySimpletel
 
PPTX
CYBERSECURITY | Why it is important?
byRONIKMEHRA
 
PDF
Modern Lessons in Security Monitoring
byAnton Goncharov
 
Anatomy of an Attack
byspoofyroot
 
Oracle tech db-02-hacking-neum-15.04.2010
byOracle BH
 
Information Security
byMadushan Sandaruwan
 
Owasp e crime-london-2012-final
byMarco Morana
 
20120329 Cybercrime threats on e-world
byLuc Beirens
 
ISACA Los Angeles 2010 Compliance - Ulf Mattsson
byUlf Mattsson
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
byMark Evertz
 
Security Compliance Web Application Risk Management
byMarco Morana
 
What is the Cybersecurity plan for tomorrow?
bySamvel Gevorgyan
 
Cyber Attacks and Defences - JNTUH,Cyber Attacks and Defences
byNiharikaGuptas
 
Hackers Cracker Network Intruder
byErdo Deshiant Garnaby
 
Ulf mattsson webinar jun 7 2012 slideshare version
byUlf Mattsson
 
Owasp atlanta-ciso-guidevs1
byMarco Morana
 
Hackers
byMohamed Boudchiche
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
byUlf Mattsson
 
Trend Micro - is your cloud secure
byKappa Data
 
Information Systems Audit - Auditing Information Systems
byssuser557ea5
 
Identity Theft
bySimpletel
 
CYBERSECURITY | Why it is important?
byRONIKMEHRA
 
Modern Lessons in Security Monitoring
byAnton Goncharov
 

More from Raleigh ISSA

PDF
Raleigh issa chapter updates-slides-2014-9
byRaleigh ISSA
 
PDF
Raleigh issa chapter updates-slides-2014-8
byRaleigh ISSA
 
PDF
Raleigh issa chapter updates-slides-2014-7
byRaleigh ISSA
 
PDF
Raleigh issa chapter updates-slides-2014-6
byRaleigh ISSA
 
PDF
Managing privileged account security
byRaleigh ISSA
 
PDF
A10 issa d do s 5-2014
byRaleigh ISSA
 
PDF
Raleigh issa chapter april meeting - managing a security & privacy governan...
byRaleigh ISSA
 
PDF
April 2014 Raleigh ISSA chapter update slides
byRaleigh ISSA
 
PDF
March 2014 B2B - Breaking into info sec
byRaleigh ISSA
 
PDF
March 2014 Raleigh ISSA chapter update slides
byRaleigh ISSA
 
PDF
February 2014 Raleigh Chapter ISSA Board update slides
byRaleigh ISSA
 
PDF
2014-01 Raleigh ISSA Chapter Updates January 2014
byRaleigh ISSA
 
PPTX
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
byRaleigh ISSA
 
PPTX
2013-11 Raleigh ISSA Chapter Updates November 2013
byRaleigh ISSA
 
PPTX
2013-10 Raleigh ISSA Chapter Updates October 2013
byRaleigh ISSA
 
PDF
2013-09 Raleigh ISSA Chapter Updates September 2013
byRaleigh ISSA
 
PPTX
2013-08 Raleigh ISSA Chapter Updates August 2013
byRaleigh ISSA
 
PDF
2013-07 How to Win with Customers - Keith Pigues
byRaleigh ISSA
 
PDF
2013-07 Raleigh ISSA Chapter Updates July 2013
byRaleigh ISSA
 
PDF
2013-06 Raleigh ISSA Chapter Updates June 2013
byRaleigh ISSA
 
Raleigh issa chapter updates-slides-2014-9
byRaleigh ISSA
 
Raleigh issa chapter updates-slides-2014-8
byRaleigh ISSA
 
Raleigh issa chapter updates-slides-2014-7
byRaleigh ISSA
 
Raleigh issa chapter updates-slides-2014-6
byRaleigh ISSA
 
Managing privileged account security
byRaleigh ISSA
 
A10 issa d do s 5-2014
byRaleigh ISSA
 
Raleigh issa chapter april meeting - managing a security & privacy governan...
byRaleigh ISSA
 
April 2014 Raleigh ISSA chapter update slides
byRaleigh ISSA
 
March 2014 B2B - Breaking into info sec
byRaleigh ISSA
 
March 2014 Raleigh ISSA chapter update slides
byRaleigh ISSA
 
February 2014 Raleigh Chapter ISSA Board update slides
byRaleigh ISSA
 
2014-01 Raleigh ISSA Chapter Updates January 2014
byRaleigh ISSA
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
byRaleigh ISSA
 
2013-11 Raleigh ISSA Chapter Updates November 2013
byRaleigh ISSA
 
2013-10 Raleigh ISSA Chapter Updates October 2013
byRaleigh ISSA
 
2013-09 Raleigh ISSA Chapter Updates September 2013
byRaleigh ISSA
 
2013-08 Raleigh ISSA Chapter Updates August 2013
byRaleigh ISSA
 
2013-07 How to Win with Customers - Keith Pigues
byRaleigh ISSA
 
2013-07 Raleigh ISSA Chapter Updates July 2013
byRaleigh ISSA
 
2013-06 Raleigh ISSA Chapter Updates June 2013
byRaleigh ISSA
 

Recently uploaded

PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
PDF
final.pdf
byomarbishtawi04
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
AI in the Real World: From University to Industry
byDarvan Shvan
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
final.pdf
byomarbishtawi04
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
AI in the Real World: From University to Industry
byDarvan Shvan
 

2011-10 The Path to Compliance

  • 1.
    Alert Logic The Pathto Compliance September 2011
  • 2.
    Agenda • State ofthe security market – Organized Cybercrime – Common Attack Methodology • Compliance defined – The Compliance Two-Step – The Obligatory Response • A Security First Approach • Real World Examples
  • 3.
    STATE OF THESECURITY MARKET
  • 4.
    Recent Attacks May 4,2009 Virginia Prescription Monitoring Program, Richmond Virginia Compromised Records: 531,400 Type of Attack: Outside Hacker Outcome: Attacker is still at-large. State notified 531,400 people of the breach by letter November 10, 2010 Holy Cross Hospital, Ft. Lauderdale Florida Compromised Records: 44,000 (1500 Confirmed) Type of Attack: Internal Employee gained access to server Outcome: Employee was fired and arrested. 5 other suspects have been charged. February 10, 2011 Texas Children’s Hospital, Houston Texas Compromised Records: 19,264 Type of Attack: Malware Outcome: Attacker is still at-large. All patients were notified by letter 4
  • 5.
    2010 Data Breaches Who is breaching data? How do breaches occur? 70% External Sources (-9%) 48% Involved Privilege Misuse (+26%) 48% Inside Sources (+26%) 40% Hacking (-24%) 11% Business Partners (-23%) 38% Malicious Code (<>) 27% Multiple Partners (-12%) 28% Employed Social Tactics (+16%) 15% Physical Threats (+6%) What Commonalities Exist 85% Attacks were not highly difficult 85% Breaches were the result of opportunistic attacks 96% Were considered avoidable through reasonable controls *Statistics from 2010 Verizon Business Data Breach Investigation Report 5
  • 6.
  • 7.
    Cybercrime Market The Numbers – Global computer crime market estimated to be $7B in 20101 – Russia responsible for $2.5B – Growing ~35% per year overall Interesting Trends – Increase of specialization of participants – On-Demand and Pay-Per-Use services – Developing C2C market 1 Group-IB Report - 2010
  • 8.
    Crime Pays Stolen Assets/CriminalActivity Payout Credit Card Details $5-10, expected $1-2 post PSN Bank Credentials $80-$700 Bank Transfers 10% to 40% of amount transferred Social Security Numbers $30-50 0Day Exploits $5,000 - $100,000 Exploits for published vulnerabilities $5,000 - $50,000 Exploit Packs $200 - $5,000 Malware Pay-Per-Install Up to $1.50 for US victims, $0.15-0.60 for other countries
  • 9.
    How it Works– The Business Model Register With Cybercrime Group 2 Data Sold Wholesale 5 BLACK MARKET Purchase Malware Pack CYBERCRIME 1 GROUP 6 Payment Made 4 Infected Users Send Data to Group DISTRIBUTOR Infect Users, P2P 3 seeding, XSS VICTIMS
  • 12.
  • 13.
    Traditional Attacks Hacker Profile – Talented individual – Young, bored Motivation – To prove a point – Curiosity – Credibility Attack Methods – Worms targeting memory vulns in network services – Attack payload not usually customized
  • 14.
    Modern Attack Profile HackerProfile – Organized Crime (84%) – Dedicated teams who are paid – Teams often work for criminal organizations as a career Motivation – Targeted attack for financial gain – Desire anonymity Attack Methods – Vulnerable web applications – Client side applications – Malware used to keep control
  • 15.
    Delivery/Attack Surface Infection Method Difficulty Effectiveness Websites Easy Good P2P Networks Easy Medium SPAM Easy Medium Paid Ads Medium Medium Phishing Easy Poor Traditional Network Exploit Difficult Poor Blackhat SEO Medium Medium Cross Site Scripting ‐ Most sites are vulnerable ‐ Easy to find and users trust the websites SQL Injection ‐ Easy to find ‐ Very common Source: Veracode State of Software Security Report, April 2011
  • 16.
  • 17.
    Security and ComplianceManagement is Becoming More Difficult Every Day Increasing number and sophistication in security threats • Improved organization and sophistication of attackers • Prolonged and persistent targeting with compressed timelines to react • Rise of contaminated spam, botnets, and social engineering for malicious breaches Increasing complexity in maintaining compliance • Continuous updates in requirements and reporting standards • Adoption of new regulatory compliance standards • Manual and laborious processes Increasing cost to support and maintain (HW, SW, FTEs) • Training on the latest compliance requirements and security threats • Updating, patching, and maintaining software, scripts, and processes • Rollout of new HW/SW to keep up with increased demand
  • 18.
    Complicated and CostlyCompliance Picture for Healthcare Implement People, Process, & Technology for Compliance • HIPAA 164.308 Administrative safeguards • HIPAA 164.312 Technical safeguards Penalties for EMR Non-Compliance Coming into Effect • Penalties and Fees up to $1.5M for neglect • Data Breach Notification to HHS and Local Media for breaches >500 patients What about PCI compliance? • PCI applies to every entity that stores, processes, or transmits cardholder information • Patient billing, pharmacy, etc.
  • 19.
    Compliance… a costlyproblem HIPAA & HITECH Vulnerability 164.308 (a)(1)(ii)(A) Risk Analysis – Conduct Vulnerability Assessment Assessment 164.308 (a)(1)(ii)(B) Risk Management – Implement security measures to reduce risk of security breaches 164.308 (a)(1)(ii)(D) Information System Activity Review – Procedures to review system activity IDS/IPS/Log 164.308 (a)(5)(ii)(B) Protection from Malicious Software – Procedures to guard against malicious software host/network IPS Management 164.308 (a)(6)(i) Log-in Monitoring – Procedures and monitoring for log-in attempts on host IDS 164.308 (a)(6)(iii) Response & Reporting – Mitigate and document security incidents 164.312 (b) Log Management Audit Controls – Procedures and mechanisms for monitoring system activity
  • 20.
    Compliance… a costlyproblem PCI DSS SOX (CobiT) Penalties: fines, loss of credit card processing, and Penalties: fines up to $5M, up to 10 year in prison level 1 merchant requirements DS 5.9 Malicious Software Prevention, 6.2 Identify newly discovered security Detection, and Correction Vulnerability vulnerabilities “put preventive, detection, and corrective measures in place Assessment 11.2 Perform network vulnerability scans (especially up-to-date security patches and virus control) across quarterly by an ASV the organization to protect information systems and technology from malware (e.g., viruses, worms, spyware, spam)” DS 5.6 Security Incident Definition “clearly define and communicate the characteristics of potential 5.1.1 Monitor zero day attacks not covered by security incidents so that they can be properly classified and Intrusion Anti-Virus treated by the incident and problem management process” DS 5.10 Network Security Detection 11.4 Maintain IDS/IPS to monitor & alert “use security techniques and related management procedures personnel, keep engines up to date (e.g., firewalls, security appliances, network segmentation, intrusion detection) to authorize access and control information flows from and to networks.” 10.2 Automated audit trails 10.3 Capture audit trails DS 5.5 Security Testing, Surveillance, and Monitoring Log 10.5 Secure logs “…a logging and monitoring function will enable the early Management 10.6 Review logs at least daily prevention and/or detection and subsequent timely reporting of unusual and/or abnormal activities that may need to be 10.7 Maintain logs online for 3 months addressed.” 10.7 Retain audit trail for at least 1 year
  • 21.
    The Ugly Truth •Compliance is the output of post-mortem – Some organization did not secure their data, and now everyone else must deploy solutions, software, policies, and guidelines • Compliance will always be a step behind the latest threat • Compliance will NEVER mean you are secure • Compliance mandates will continually be expanded, as hospitals, insurance companies, and other health care resources experience breaches, privacy violations, and security issues
  • 22.
    The Compliance Two-Step •Organizations continue to check the compliance box and then struggle to maintain compliance • IDS, Log Manamement and Vulnerability Scanning are the most expensive and resource intensive – and also the most difficult for organizations to implement and maintain • Attacks are not being detected in an acceptable time • Organizations that achieve compliance are able to protect their patient data • Companies will continue to fail to achieve compliance due to lack of time, budget, and technical resources
  • 23.
    The Obligatory Response Protective Technical Controls • Firewalls • Routers • Antivirus • System Patching • Complex Passwords • Data Access Controls • Whole Disk Encryption • VPNs
  • 24.
  • 25.
    Analyzing the Facts •Companies aren‘t detecting attacks in an effective way – Why? Chasing false alarms, other priorities, etc… • Companies are not focusing on continuous security – Too many companies check a box and move on • Companies must review log data – Companies need to be more vigilant in this area • Most of the 99% of breaches could have been caught – With effective intrusion detection systems, log management and vulnerability assessment 25
  • 26.
    Common Trends • Strongpush towards SaaS and MSSPs to augment their staff • Some are looking towards cloud-based technologies to reduce technology expenditures • Moving away from general standards like HIPAA and SOX towards PCI and DISA Standards • Deploying centralization solutions to tie together their compliance efforts • Using GRC tools
  • 27.
    Defending Users AV Isn’tEnough – Malware evolves ahead of AV signatures Education – At least half of the executables on P2P network infected – Don’t install software from untrusted sources – Safe browsing – Flash drives
  • 28.
    Infrastructure Defense Close yourPerimeter (egress too!) Patch your systems Vulnerability scanning – Automated vuln scans & review them regularly IDS – Attempted botnet comm, network scans – Propogation over RPC exploits, brute forcing Windows shares Log Management – Account lockouts due to brute force – Proxy logs WAF
  • 29.
  • 30.
    Use Case #1:Security Issues and Identity Theft • Scenario • One of your system administrators returned from a two-week vacation and was unable to login • He believes his account has been locked out, but he’s not sure why • Key Questions to Answer: • Why is the account locked out? • Where did the lock out occur? • When did it occur? • How did it occur?
  • 31.
    Effective Log ManagementCan Prevent Breaches and Provide Compliance Breached customer records cost businesses an average of $202 per record in 20091 “86% of victims had evidence of the breach in their logs…” “in most attacks, the victim has several days or more before data was compromised.”2 Breach or Suspicious Intrusion or Malicious IT alerted Log Activity Penetration Activity Without Too Late Log Mgmt With Breach is Log Mgmt Avoided Log collection and SOC is alerted and monitoring detects security containment activity; sends alert steps are executed
  • 32.
    Compliance and SecuritySimplified: Security Issues and Identity Theft Key Compliance and Security Activities Investigating Monitoring Alerting Log in to a domain controller. Log in to a domain controller Examine the AD object for the daily. Create a filter on the Wait for the System Admin Without user to determine the time of username every day, and to call if their account is Log Management lock-out. Review the logs on review the logs. Repeat locked out again. each domain controller process for every domain manually. controller. Issue: Manual & Timely Issue: Expensive Issue: Reactive • Common index with search capabilities. With • Automated alerting and notification. Log Management • Regular reporting and forensics
  • 33.
    Use Case #2:Audit Resolution Challenges • Scenario • A new policy is initiated to require any new Domain Administrators to only be added by the Security Department • A few weeks later, a routine audit discovers some new members in the Domain Admin Group • Key Questions to Answer: • When were these users added? • Who added them? • Who was added?
  • 34.
    Compliance and SecuritySimplified: Audit Resolution Challenges Key Compliance and Security Activities Investigating Monitoring Alerting Log in to a domain controller. Log in to a domain controller Review the logs for group daily. Review Domain Admins Wait for the System Admin Without changes. Hope the logs are group and verify no one has to call if their account is Log Management still on the system and have been added or removed since locked out again. not rolled over. Repeat for the last review. each DC. Issue: Manual & Timely Issue: Expensive Issue: Reactive • Search on the Group Member Added and filter on Domain Admin. With • Save View and have the report emailed on a regular basis. Log Management • Build an automated alert to notify when users added, removed, changed
  • 35.
    Use Case #3:Hacker/Attacker • Scenario • For several weeks your network has been running slow • Some systems have been performing abnormally and there are new user accounts that cannot be tied back to a particular user • Suddenly, you receive an odd e-mail from an alleged hacker who claims to have access to sensitive patient files • Key Questions to Answer: • Have you been hacked? • If so, when did it begin? • How would you respond? • Should you notify the media?
  • 36.
    Compliance and SecuritySimplified: Business Critical Applications Key Compliance and Security Activities Investigating Monitoring Alerting Log in to the firewall/VPN Log in to VPN. Search inside gateway, look through the of the VPN Disconnect Wait for the Network Without logs (if it can store the logs). messages. See what time the Engineer to log in and Intrusion Detection Look for disconnect disconnect occurred and all discover it is down. messages, and errors. Etc. errors related to the VPN session. Issue: Manual & Timely Issue: Expensive Issue: Reactive • Use logs to search for suspicious message, account creation, firewall With messages. Intrusion Detection • Use IDS to look for attack attempts. • Focus efforts on actionable security incidents
  • 37.
    With Complicated Threats,There is a Need for Security Expertise Lots of point solutions, but difficult to consume all the data It is nearly impossible to be aware of all forms of attacks and attack-responses, and perform all the other functions expected relating to daily operations Breach or Suspicious Intrusion or Malicious IT alerted Log Activity Penetration Activity Without IDS Too Late With IDS Breach is Avoided Log collection and Security containment monitoring detects steps are executed activity; sends alert
  • 38.
  • 39.
    Meeting the ChallengesHead On • Move from manual to automated log management – Keys to success: effective and sustainable log management and review • Choose a vulnerability assessment solution that aligns with your network – Keys to success: centralized view and remediation knowledge • Select an intrusion protection solution that doesn’t require costly implementation, configuration and management – Keys to success: Implement a solution that adapts to your network security policies and minimizes the work load of your resources
  • 40.
  • 41.
    Who is AlertLogic? Founded: 2002 Customers: 1,200+, spanning 3 continents Staff: 100+ Service Renewal Rate: ~99% Experienced Management Profitable w/ Strong Balance Sheet Patented SaaS Products Integrated Services Log Manager LogReview Threat Manager ActiveWatch • Easy to implement and deploy • 24x7 Security Operations Center • Flexible and Scalable • GIAC-certified security analysts • Improve security and threat visibility Delivering measurable • Meet compliance requirements • Lower, more predictable costs customer benefits • Quicker Time-to-Value
  • 42.
    Contact • Mark Brooks •mbrooks@alertlogic.com

Editor's Notes

  • #8 CC market 7B last year, russia 1/3 and growing 35% per yearpeople talk a lot about the chinese threat but that’s mainly bc they’re noisy &amp; they get caught, to me means they’re not the ones you need to worry about so muchinteresting trends to note: the business models &amp; roles evolving along similar lines as the legit IT industryon-demand &amp; pay-per-useppl are taking on specialized roles either to limit personal risk or maximize effectivness &amp; profit within the context of their own abilitiesT: things have evolved from single autonomous attackers to...
  • #9 Credit cards – influenced by supply/demand, Sony PSN +70M cards stolen, if majority are valid &amp; dumped on market, would push prices way downExploit packs cover multiple vulns, price based on agePPI - work like banner ad &amp; browser toolbars affiliate programs developed in the 90’s with pay-per-view and pay-per-click models, malware install affiliate programs have sprung upT: I’m a young unemployed ukranian guy &amp; i want in on the action
  • #11 This is a screenshot of the old Dogma Millions website. This has since been taken down but you can see from the graphics the msg they send.Work for us &amp; you can drive your own Porsche SUV on a blue water beach with Victoria’s Secret modelsT: unfortunately the English language sites aren’t as creative...
  • #12 Payperinstall.com is a clearinghouse for pay per install groupsyou sign up with a affiliate, they provide a custom set of executables embedded with your affiliate IDfor every US machine you get the malware installed on, you get a dollar10,000 machines = $10,000
  • #14 young student, intelligent, bored, maybe problems with authoritythink it’s cool, looking for a challenge, out defacing websites of organizations they disagree withunlikematthewbroderick, none of the guys i knew who were writing dos viruses in highschool ever had a girl in their bedroomscredibility, fame &amp; recognition among their peers onlinehistorically they wrote worms attacking vuln network services - korgo, sasser, mostly static payload, built &amp; released to run its courseT: things have changed a lot since then
  • #15 overwhelming majority of attacks today are carried out by professional teams who do it for a livingthe goal is to control as many computers as they can to steal as much data as possiblethey can use directly or sell on the wholesale marketnot making noise, not defacing websitesremain undetected as long as they can to maximize profitsattack surface changed, even avg home networks typically have firewalls now blocking inbound connections. target vulns in client apps that sit behind the firewall &amp; connect outonce they get code execution, malware installed to keep control of target systemsT: the new approach is working really well
  • #16 Affiliates don’t care how you get their malware installedTons of websites vulnerable to XSS where you can inject Javascript that will redirect users to your hosted malware site with your fake AV software or whatever you’re deliverable isP2P are also easy, download any executable you want, use your malware kit to embed your affiliate’s code, share new binary back on the networkTrad Net Exploit – difficult bc most companies have firewalls blocking vulnerable ports, non-routable internal address space, even home networks have private addr &amp; a firewall. All other techniques target the end user systems directly. Often after stealing that users data, malware will propagate to other systems on a corp network once it’s brought to work and connected behind the firewall, ex: conficker.Blackhat SEO – interesting &amp; annoying at the same time. link farms and other techniques to game the search engine algorithms to get high rankings for the most common searches, justinbieber, brittney spears, most recently osama bin laden assassination videos.Flash drive example
  • #20 One of the primary reasons our customers purchase our solution is to meet compliance standards. Our solutions cover the most expensive and labor intensive areas of compliance The following is a breakdown of the PCI and SOX requirements we satisfy with our solutions. For PCI we cover requirement 10, 11.2, and 11.4 which are the most costly and cumbersome to comply with. Examples: Vulnerability Assessment: 11.2 in PCI because Alert Logic is an Approved Scanning Vendor (ASV) for quarterly PCI scans Intrusion Protection: All mandates and regulations require or recommend an intrusion detection system. Log Management: We cover the majority of requirement 10 of PCI and DS 5.5 for Cobit. We make log review simple and automate the log management process.
  • #21 One of the primary reasons our customers purchase our solution is to meet compliance standards. Our solutions cover the most expensive and labor intensive areas of compliance The following is a breakdown of the PCI and SOX requirements we satisfy with our solutions. For PCI we cover requirement 10, 11.2, and 11.4 which are the most costly and cumbersome to comply with. Examples: Vulnerability Assessment: 11.2 in PCI because Alert Logic is an Approved Scanning Vendor (ASV) for quarterly PCI scans Intrusion Protection: All mandates and regulations require or recommend an intrusion detection system. Log Management: We cover the majority of requirement 10 of PCI and DS 5.5 for Cobit. We make log review simple and automate the log management process.
  • #28 Education – sounds extremely basic but some people don’t knowBrowsing – browsers are complex pieces of software &amp; they all have holes, The majority of owned desktop systems I’ve seen were used by avid IE usersI use firefox, automatic updates and a number of plugins that improve your security like NoScript and RequestPolicythese tools can defeat CSRF and some XSS attacks even though the webapps you use are vulnerable.Filtering web proxies
  • #29 Perimeter – many healthcare organizations block specific “bad” ports like SMTP and FTP, and even then do it inconsistently needs to be blocked in &amp; out, exceptions specific to source &amp; destination addresses &amp; port numbers.Filtering web proxy... not worth much if you don’t do egress filtering at your border
  • #41 Scripted Q&amp;A- Which Hosing.com solutions support Alert Logic tools?  What are the benefits/features of Cloud compared to Dedicated? If I receive a security incident, how quickly will I be contacted by the Security Operations Center?- How long to you store log data in your data center?- Who owns the data that is stored in your data center?- How can I ensure my data is safe both during transport and in storage?- How often should I be running a vulnerability scan?- I only have to fill out Self Assessment Questionairre (SAQ) A, do I still have to monitor my log data?Thank you for joining our Webinar today. We hope you found the content useful and applicable to your role. If you have questions or would like further information regarding Alert Logic’s solutions, please visit the Hosting.com website and contact us via phone, email or live chat.  A recording of this session will be emailed to you in the next 48 hours. Thank you and have a wonderful day!