SlideShare a Scribd company logo
S E C U R E T H E D A R K M A T T E R
O F Y O U R N E T W O R K
With Opportunistic Scanning
B R E A C H A N A L Y T I C S
What data is at risk
How will attackers compromise the data
What will it cost when you’re breached
E X E C U T I V E S U M M A R Y
Today we are in the midst of digital warfare, it is a
global epidemic with all of our data under
relentless assault.
Over the last several years, companies of all sizes
and in every industry have seen their sensitive
data lost or stolen.
Data is most likely one of your corporation’s most
valuable assets. Preventing digital data theft of
intellectual property, trade secrets or or incidental
losses is paramount for the success of any
business.
So where is this sensitive data lurking? If you are
p ro a c t i v e l y re m e d i a t i n g o n l y k n o w n d a t a
repositories and devices, but not scanning for
rogue payment data, personal identifiable
information and vulnerabilities, you leave yourself
exposed to a truly unknown level of risk.
If you’re a CISO, CIO or in Security Operations,
you’re probably doing everything you can to keep
your corporate data safe. To that end, this paper
will explain how to find your risk from unknown,
unprotected data, and how you can quantify that
risk in absolute dollars and cents to help bridge
the gap between your remediation goals and your
organization’s financial strength.
Billy Austin
President
C O N T E N T S
Introduction to Dark Matter
Page 3
From Remediation to
Prevention
Page 6
A Proactive Security
Strategy
Page 7
Unmatched Data
Discovery
Page 9
Powerful Cloud Console
Page 10
Conclusion
Page 11
About iScan Online
Page 12
2
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
Scientists believe that as much as 80% of the
universe is made up of dark matter that we
currently know little, if anything about. We can’t
measure it, see it, and don’t know its
properties. We know that, accounting for 80%
of the mass of the universe, it must be
important; but how, what, and why is beyond
our present grasp. We only know it exists when
we see it influence elements of the observable
universe, like light bending around an invisible
black hole. In fact, describing and quantifying
the role of dark matter within the universe is
one of the greatest challenges facing today’s
astrophysicists. Similarly, perhaps the greatest
obstacle facing security professionals today
arises from another type of dark matter lurking
in today's networks: the unknown security
threat. Whether it’s payment data or other
sensitive personal identifiable information
sitting unnoticed on cloud drives and long-
since-archived outlook files or the myriad
devices constantly connecting to corporate
networks around the world, we know these
instances of unencrypted PII and untamed
devices undermine our networks, but they are
often virtually invisible to our traditional efforts
to perform data discovery and security
assessments on them. Consequently, many
devices continue to pose a threat while we
struggle to know their security posture,
vulnerabilities, compliance status, or what
sensitive data they may contain.
MY DEVICES, YOUR PROBLEM
Classic methods of scanning devices on the
network are very good at discovering and
finding vulnerabilities on devices that they can
see. However, they can only see devices that
are on the network at the moment in time the
scan is executed. At the same time, these
types of plodding network security scans can
take a long time to complete while chewing-up
precious bandwidth resources. In the past, this
was enough: concerns about network latency
and device utilization, forced organizations to
perform scans during off-hours. Initially this
approach did not present an issue as the
majority of servers, network devices, and even
desktops were always plugged in. These
devices were considered static and reachable
whether the scan happened at 3am or 3pm, or
anytime in between.
A snapshot of the threats and
the industries that are most
threatened today
3
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
I N T R O D U C T I O N T O D A R K M A T T E R
W h a t s t r a n g e a s t r o p h y s i c a l p h e n o m e n o n h a s i n c o m m o n
w i t h y o u r d a t a n e t w o r k .
50% 50%
Malicious Outsider
System Glitch
8%4%
9%
13%
21%
45%
Retail Technology
Financial Government
Education Other
The average per-record
cost in 2014 to remediate
after a breach occurs
$100.00
$200.00
$300.00
$400.00
Healthcare Education Energy Financial Technology Retail
THE STATUS-QUO HAS CHANGED
We live in a world of branch offices, remote
workers, transient contractors and mobile users.
And while they may not know the difference
between BYOD and BYOB, they are leading the
charge towards mixed- use devices and non-
standard business platforms. Microsoft
Windows, while still representing a large portion
of the market, is no longer at 95% market share.
In fact, PCs themselves represent a smaller and
ever- shrinking share of the devices on our
networks.
Virtually every network today has a wide array of
smartphones, tablets and personal devices of
many shapes and sizes constantly requesting
access. All of these different devices access
our network from different locations and at
different times. Worse, lax or non-existent
security policies among users mean that, while
your network may be buttoned-up, your users
are still prone to downloading malware or
infiltration by bad actors who use their trusted
credentials as a pivot point into your network.
Since a large percentage of the devices that
access the network are no longer available to
scan during off-peak times, a traditional network
security scan is essentially ineffective for those
devices. These unscanned devices and the
unencrypted data they contain are the dark
matter of your network. They exist and they are
an important part of the network, but there is no
evidence or means to quantify the risk they
pose. At least there isn’t with traditional
vulnerability scanning, or until they announce
their presence after-the-fact through a
potentially devastating breach.
4
ACKNOWLEDGING A SECURITY BLIND SPOT
If only there was a way of actually scanning
these dark matter devices. A network could
be made much safer and more immune to
attack. Unfortunately, the attackers recognize
that most organizations are woefully ill
equipped to manage this sort of opportunistic
vulnerability scanning and data discovery. In
fact, current trends indicate that attacks
targeting these devices are on the rise as
increasing numbers of disparate devices
access the network from locations out of
scope for traditional assessment technologies.
Today there is a significant blind spot in the
vulnerability management solutions that many
organizations have spent precious security
budget dollars implementing. Frankly, this
“blind spot” is a tremendous risk that
organizations cannot continue to fail to
manage due to a lack of insight.
Regulatory compliance schemes recognize
this risk. The PCI Council, for instance, has
mandated that internal scans of devices be
conducted regularly and discovered
vulnerabilities and risks should be prioritized
for remediation. Likewise in health care,
HIPAA has mandated security scanning of
devices for health related PII (Personally
Identifiable Information). At the same time,
regulations like FERPA now govern the
protection of student PII and well-regarded
security firms like the Ponemon Institute are
spearheading analysis on the true cost of a
data breach.
In short, for most organizations, having such a
large number of dark matter devices
accessing their networks without visibility is no
longer acceptable! The only solution is a
strategy designed to answer three crucial
questions:
1. What unencrypted data is at-risk on my
networks?
2. Where are the vulnerabilities that will allow
access to that data by attackers?
3. How much will it cost to remediate the
breach after-the-fact?
2,803,036 Records lost or stolen every day
116,793 Records lost or stolen every hour
1,947 Records lost or stolen every minute
32 Records lost or stolen every second
F R O M R E M E D I A T I O N T O P R E V E N T I O N
The dark matter on your network is a considerable risk. With today's targeted attacks via spear
phishing, APTs, and drive-by malware; attackers need only to target and infiltrate one device to get
inside your network and wreak havoc. The overwhelming majority of security incidents are due to a
known vulnerability being exploited on a single device to gain access to the larger network.
5
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
*2014 figures from breachlevelindex.com
Opportunistic Scanning & Discovery
Fortunately a newly patented technology
is now available to address this problem
with the introduction of iScan Online’ s
"Opportunistic Scanning”. Opportunistic
Scanning is the ability to perform
assessments on devices accessing
network resources when and where they
are available. This flexible approach
means devices can be assessed
regardless of the network connection
type or location, provided they are
connected to the Internet. This flexibility
allows iScan Online to shine a light on
the dark matter of networks, giving
security personnel unprecedented
visibility into the security posture, data
and applications of those devices.
FLEXIBLE DEPLOYMENT, POWERFUL
DETECTION
iScan Online provides opportunistic scanning
and unique methods that allow you to see
more of the networked devices and more of
the data on those devices with greater
accuracy. iScan Online is deployed through a
browser plugin, command line interface
(downloadable executable) or as a native
mobile app. This methodology is fast, highly
accurate, and leverages what most
organizations already have in place; Microsoft
Active Directory, Systems Management tools,
Web Applications, Internet access, and a
browser. By combining these existing
architectures with iScan Online’s cloud-based
analytics, organizations are now empowered
to assess all devices throughout the
organization.
This new, highly accurate methodology also
delivers very unique scanning capabilities for
today and tomorrow’s computing and mobile
platforms. An integrated web portal provides
a single point for management, analysis, and
reporting, while the individual devices perform
the heavy lifting of the scan process,
permitting scalability across the globe. This
distributed architecture provides unparalleled
scalability allowing hundreds of thousands of
devices to be scanned in a matter of seconds.
Even better, it requires no lengthy deployment
cycle or additional network appliances to
operate.
ELIMINATING FALSE POSITIVES & SAVING
RESOURCES
iScan Online performs deep inspection of
devices using a variety of methodologies
including the Windows Registry, native file
systems, interrogating system configurations
using operating system and Application API’s,
and Windows WMI queries. Using these direct
access methods instead of relying upon
network packet response and injection
provides highly accurate results, virtually
eliminating false positives, which will save
time and money for security personnel. There
are also no requirements for modifying ingress
firewall routes and ports, or need to configure
VPN connections as iScan Online executes on
the device and communicates via standard
HTTPS web traffic. So despite being more
flexible and seamless than many other
vulnerability scanners, iScan Online’s
deployment model ensures that no device
goes unscanned due to a lack of credentials
or infrequent network connectivity.
6
A P R O A C T I V E S E C U R I T Y S T R A T E G Y
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
7
Average increased
customer churn rates, post-
breach, by industry
Credentials? We don’t need no stinking
credentials!
One of the biggest challenges with assessing
connected devices is that network administrators
typically don’t have credentials to scan the
device. This presents a number of challenges for
proper risk assessment. First, security personnel
must be given administrator credentials to the
device, which is extremely problematic in BYOD
environments. Second it creates an additional
security risk by trusting a cache of administrator
level credentials to be stored and used within
systems, which may not have been designed as
secure authorization and authentication brokers.
Without administrative credentials, network
scanners can only provide an outside view of the
device, typically a port scan. With iScan Online,
the need for credentials is eliminated because
the scan runs on the host as the current user.
One of the dirty little secrets of current
vulnerability assessment solutions is that
administrative access is NOT required to
properly assess vulnerabilities when the
assessment is run locally on a device.
Regardless of how scans are delivered, speed
and scalability is key. Because iScan Online
performs scanning directly on the device, there
is no network congestion or latency introduced.
There are no worries about exhausting the
amount of threads the scanner can spawn. It
makes no difference how many devices are
being scanned at a time. Scan one device or
thousands of devices at a time through iScan
Online’s distributed cloud architecture and all
scans are completed within a fraction of the
time of traditional vulnerability scanners.
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
1.75%
3.50%
5.25%
7.00%
Healthcare Education Energy Financial Technology Retail
1.3%
4.1%
6.1%
2.8%
2.4%
5.9%
SCAN FROM WEB APPS
The dark matter on your network is a
considerable risk. With today's targeted attacks
via spear phishing, APTs, and drive-by malware;
attackers need only to target and infiltrate one
device to get inside your network and wreak
havoc. The overwhelming majority of security
incidents are due to a known vulnerability being
exploited on a single device to gain access to
the larger network.
Scanning can now be easily integrated into
existing web applications. Utilizing iScan Online
for Web Browsers, organizations can now
leverage their growing base of web applications
as scanning catch points for devices accessing
corporate resources. Whether you manage
access via captive web portals, single-sign-on
credentialing, or another NAC solution, iScan
Online works with your existing security policies
to ensure that no device gains access to your
network without undergoing a background data
discovery and vulnerability scan. Even VPN
access can incorporate iScan Online
technology via simple connect scripts.
Now consider a highly distributed organization
with a large remote sales force: Typically these
users are accessing sales and order processing
applications via the web, they rarely access the
corporate network using VPN access and are
always on the move. How do you assess these
devices for security risk?
SCAN FROM ANYWHERE
At iScan Online, we’ve made it as simple as
adding a “Scan Now” button or web analytics
service to your web application. Simply include
a small JavaScript snippet into any web
application and all users accessing the web
application will be scanned for security issues
in a quick, efficient and unobtrusive manner.
Scans can be performed as often as desired
(daily, weekly, quarterly etc.) based on the user
accessing the web application. Results from the
assessment can be analyzed automatically by
the web application in order to make decisions
regarding the users web application request.
For example, the web application could decide
to deny access or to limit available functionality
to the user based on discovered data or
vulnerabilities. And, as with all iScan Online
scans, the results are available for reporting and
analysis from iScan Online’s Cloud Console.
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
9
COMPLETE, CUSTOMIZABLE DISCOVERY
iScan Online’s Data Discovery Scan identifies
what devices store unprotected trade secrets,
intellectual property, and personal identifiable
information that are putting your business at
risk. Because data is where you least expect
it, with iScan Online, you can see every
unprotected piece of data within your
company, from credit cards and social
security numbers in Dropbox, to intellectual
property in mail folders and zip files. iScan
Online is unmatched in its combination of
flexible deployment, comprehensive data
discovery and iron-clad validation algorithms
like Modulus Check (LUHN) and intelligent
Contextual Awareness to reduce false
positives or missed data.
iScan Online provides a comprehensive data
discovery and scanning solution that meets
and exceeds today’s regulatory requirements
at the federal, state and industry level. This is
crucial as most organizations have regulatory
compliance mandates that require scanning of
all connected devices. For example the PCI
Council mandates that all merchants perform
regular internal scans and prioritize detected
vulnerabilities for remediation to manage risk.
The ability to conduct these internal scans on-
demand is a compelling use case for iScan
Online. As a Participating Organization in the
PCI Council, iScan Online’s PCI scan
compliance report is the proof a merchant
needs to show compliance with this
requirement. The same is true of HIPAA, as
well as other compliance mandates. iScan
Online can be configured to run the various
types of scans required to demonstrate
compliance with multiple regulations.
But the rash of data breaches that have
received so much press in the last few years
make it abundantly clear that meeting
regulatory compliance for vulnerability
scanning just isn’t enough. If a network is
infiltrated, the ability to proactively identify
unprotected PII and intellectual property is the
single most powerful enhancement to your
network security that you can make.
U N M A T C H E D D A T A D I S C O V E R Y
Besides identifying security vulnerabilities, a complete strategy requires knowing what employees
and devices are storing unprotected sensitive data throughout your company. But how do you
know where that data is hiding?
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
Scan Every File Type
OST/PST, CSV, HTML, RTF, DOCX, XLSX, PPTX
Text Files, SQL, Binary, SXW, PDF, XML, ODT & more. . .
Credit Cards American Express, Visa 13 & 16 Digits, MasterCard, Discover, Diners Club, JCB
Personally Identifiable
Information
Social Security, Drivers License, Date of Birth, Passport, Customizable
Intellectual Property Custom Patterns, Unique File Attributes, File Owners, etc.
10
Delivering Actionable Analytics
All of the raw scan data is aggregated into a
beautiful, actionable cloud console that can
be customized by role and interactive report
focus. These reports are designed to work
together to ensure complete network
awareness around your exposed data, your
most vulnerable devices and your total
financial liability by individual device. This
means you’ll know instantly what needs to be
prioritized and have thrown into stark relief the
actual cost to rectify the situation post-breach,
so even the C-Suite can understand.
Sort and prioritize by the financial liability, the
type of vulnerability, the type of unprotected
data, the location of the devices and more.
iScan Online also makes it simple to track your
progress over time with trend reports for
unprotected data, device vulnerability and
financial liability. What better way to
demonstrate the ROI of proactive remediation
and ongoing security assessments than
tracking the reduction in risk and financial
liability over time?
This means no more guessing what employee
is putting your business at risk. The data
discovery report by host shows you without a
doubt the volume of sensitive data and file
path outlining exactly what is most likely to fall
prey to data theft. And because iScan Online
integrates data discovery and vulnerability
detection, you can see the calculated liability
exposure of a potential data breach. That
makes it simple to present threat assessments
to the C- Suite in hard dollars at risk and to
prioritize your remediation efforts on those
devices and users that pose the greatest
financial risk to your organization.
The iScan Online Cloud Console provides
multi-tenancy, role-based access, scan
configuration, reporting and analysis. It allows
administrators to specify how scans are
initiated, for example via a web browser,
mobile app etc. The Cloud Console gives
administrators insight into device compliance
and vulnerability posture across the entire
organization.
P O W E R F U L C L O U D C O N S O L E
iScan Online is unmatched in its combination of flexible deployment, data discovery and
vulnerability detection. But it truly differentiates itself from every other solution in the market today
by its powerful data analytics.
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
A View of the Console
Technological Darwinism dictates that new technologies
and methods will rise up to take their place and fill the
niches for organizations that need solutions. iScan Online
is one of these new breed of solutions; with the right
approach and technology to tackle the challenges that
today’s technologies and organizations require.
You can’t afford to have a majority of your network as
dark matter. With iScan Online gain the insight you need
to shine the light on every section and device in your
network.
TAKING THE NEXT STEP
If you believe that there might be unprotected data, or
unsecured devices on your network, you owe it to
yourself to explore the best possible solution for your
organization.
If you believe that a solution that doesn’t require any new
appliances, operates without increased network load,
and proactively ensures that every device connected to
your network is completely and thoroughly scanned,
iScan Online might be a winning option.
You can see a variety of demos, data sheets and videos,
and to request a free 14-day trial of our solution at
www.iscanonline.com/support-resources
Otherwise, please explore the sample reports to the left.
11
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
I L L U M I N A T I N G T H E D A R K M A T T E R
We are living in exciting times. We are in the midst of a paradigm shift in how organizations conduct
business and the technologies and devices they use. These changes will render some older
technologies and methods obsolete.
I S C A N O N L I N E
5600 Tennyson Parkway, #343
Plano, TX 75024
214-276-1150
www.iscanonline.com
sales@iscanonline.com

More Related Content

Recently uploaded

Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10
ankush9927
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
Tatiana Al-Chueyr
 
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
Priyanka Aash
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
SynapseIndia
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
Shiv Technolabs
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
Priyanka Aash
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
ssuser1915fe1
 
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes..."Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
Anant Gupta
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
Patch Tuesday de julio
Patch Tuesday de julioPatch Tuesday de julio
Patch Tuesday de julio
Ivanti
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
bhumivarma35300
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
Adam Dunkels
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
SAI KAILASH R
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
313mohammedarshad
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
ldtexsolbl
 

Recently uploaded (20)

Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
 
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
 
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes..."Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
Patch Tuesday de julio
Patch Tuesday de julioPatch Tuesday de julio
Patch Tuesday de julio
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
 

Featured

2024 Trend Updates: What Really Works In SEO & Content Marketing
2024 Trend Updates: What Really Works In SEO & Content Marketing2024 Trend Updates: What Really Works In SEO & Content Marketing
2024 Trend Updates: What Really Works In SEO & Content Marketing
Search Engine Journal
 
Storytelling For The Web: Integrate Storytelling in your Design Process
Storytelling For The Web: Integrate Storytelling in your Design ProcessStorytelling For The Web: Integrate Storytelling in your Design Process
Storytelling For The Web: Integrate Storytelling in your Design Process
Chiara Aliotta
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
OECD Directorate for Financial and Enterprise Affairs
 
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
SocialHRCamp
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Lily Ray
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
Rajiv Jayarajah, MAppComm, ACC
 

Featured (20)

2024 Trend Updates: What Really Works In SEO & Content Marketing
2024 Trend Updates: What Really Works In SEO & Content Marketing2024 Trend Updates: What Really Works In SEO & Content Marketing
2024 Trend Updates: What Really Works In SEO & Content Marketing
 
Storytelling For The Web: Integrate Storytelling in your Design Process
Storytelling For The Web: Integrate Storytelling in your Design ProcessStorytelling For The Web: Integrate Storytelling in your Design Process
Storytelling For The Web: Integrate Storytelling in your Design Process
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
 
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 

Secure the Dark Matter of Your Network

  • 1. S E C U R E T H E D A R K M A T T E R O F Y O U R N E T W O R K With Opportunistic Scanning B R E A C H A N A L Y T I C S What data is at risk How will attackers compromise the data What will it cost when you’re breached
  • 2. E X E C U T I V E S U M M A R Y Today we are in the midst of digital warfare, it is a global epidemic with all of our data under relentless assault. Over the last several years, companies of all sizes and in every industry have seen their sensitive data lost or stolen. Data is most likely one of your corporation’s most valuable assets. Preventing digital data theft of intellectual property, trade secrets or or incidental losses is paramount for the success of any business. So where is this sensitive data lurking? If you are p ro a c t i v e l y re m e d i a t i n g o n l y k n o w n d a t a repositories and devices, but not scanning for rogue payment data, personal identifiable information and vulnerabilities, you leave yourself exposed to a truly unknown level of risk. If you’re a CISO, CIO or in Security Operations, you’re probably doing everything you can to keep your corporate data safe. To that end, this paper will explain how to find your risk from unknown, unprotected data, and how you can quantify that risk in absolute dollars and cents to help bridge the gap between your remediation goals and your organization’s financial strength. Billy Austin President C O N T E N T S Introduction to Dark Matter Page 3 From Remediation to Prevention Page 6 A Proactive Security Strategy Page 7 Unmatched Data Discovery Page 9 Powerful Cloud Console Page 10 Conclusion Page 11 About iScan Online Page 12 2 Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
  • 3. Scientists believe that as much as 80% of the universe is made up of dark matter that we currently know little, if anything about. We can’t measure it, see it, and don’t know its properties. We know that, accounting for 80% of the mass of the universe, it must be important; but how, what, and why is beyond our present grasp. We only know it exists when we see it influence elements of the observable universe, like light bending around an invisible black hole. In fact, describing and quantifying the role of dark matter within the universe is one of the greatest challenges facing today’s astrophysicists. Similarly, perhaps the greatest obstacle facing security professionals today arises from another type of dark matter lurking in today's networks: the unknown security threat. Whether it’s payment data or other sensitive personal identifiable information sitting unnoticed on cloud drives and long- since-archived outlook files or the myriad devices constantly connecting to corporate networks around the world, we know these instances of unencrypted PII and untamed devices undermine our networks, but they are often virtually invisible to our traditional efforts to perform data discovery and security assessments on them. Consequently, many devices continue to pose a threat while we struggle to know their security posture, vulnerabilities, compliance status, or what sensitive data they may contain. MY DEVICES, YOUR PROBLEM Classic methods of scanning devices on the network are very good at discovering and finding vulnerabilities on devices that they can see. However, they can only see devices that are on the network at the moment in time the scan is executed. At the same time, these types of plodding network security scans can take a long time to complete while chewing-up precious bandwidth resources. In the past, this was enough: concerns about network latency and device utilization, forced organizations to perform scans during off-hours. Initially this approach did not present an issue as the majority of servers, network devices, and even desktops were always plugged in. These devices were considered static and reachable whether the scan happened at 3am or 3pm, or anytime in between. A snapshot of the threats and the industries that are most threatened today 3 Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning I N T R O D U C T I O N T O D A R K M A T T E R W h a t s t r a n g e a s t r o p h y s i c a l p h e n o m e n o n h a s i n c o m m o n w i t h y o u r d a t a n e t w o r k . 50% 50% Malicious Outsider System Glitch 8%4% 9% 13% 21% 45% Retail Technology Financial Government Education Other
  • 4. The average per-record cost in 2014 to remediate after a breach occurs $100.00 $200.00 $300.00 $400.00 Healthcare Education Energy Financial Technology Retail THE STATUS-QUO HAS CHANGED We live in a world of branch offices, remote workers, transient contractors and mobile users. And while they may not know the difference between BYOD and BYOB, they are leading the charge towards mixed- use devices and non- standard business platforms. Microsoft Windows, while still representing a large portion of the market, is no longer at 95% market share. In fact, PCs themselves represent a smaller and ever- shrinking share of the devices on our networks. Virtually every network today has a wide array of smartphones, tablets and personal devices of many shapes and sizes constantly requesting access. All of these different devices access our network from different locations and at different times. Worse, lax or non-existent security policies among users mean that, while your network may be buttoned-up, your users are still prone to downloading malware or infiltration by bad actors who use their trusted credentials as a pivot point into your network. Since a large percentage of the devices that access the network are no longer available to scan during off-peak times, a traditional network security scan is essentially ineffective for those devices. These unscanned devices and the unencrypted data they contain are the dark matter of your network. They exist and they are an important part of the network, but there is no evidence or means to quantify the risk they pose. At least there isn’t with traditional vulnerability scanning, or until they announce their presence after-the-fact through a potentially devastating breach. 4
  • 5. ACKNOWLEDGING A SECURITY BLIND SPOT If only there was a way of actually scanning these dark matter devices. A network could be made much safer and more immune to attack. Unfortunately, the attackers recognize that most organizations are woefully ill equipped to manage this sort of opportunistic vulnerability scanning and data discovery. In fact, current trends indicate that attacks targeting these devices are on the rise as increasing numbers of disparate devices access the network from locations out of scope for traditional assessment technologies. Today there is a significant blind spot in the vulnerability management solutions that many organizations have spent precious security budget dollars implementing. Frankly, this “blind spot” is a tremendous risk that organizations cannot continue to fail to manage due to a lack of insight. Regulatory compliance schemes recognize this risk. The PCI Council, for instance, has mandated that internal scans of devices be conducted regularly and discovered vulnerabilities and risks should be prioritized for remediation. Likewise in health care, HIPAA has mandated security scanning of devices for health related PII (Personally Identifiable Information). At the same time, regulations like FERPA now govern the protection of student PII and well-regarded security firms like the Ponemon Institute are spearheading analysis on the true cost of a data breach. In short, for most organizations, having such a large number of dark matter devices accessing their networks without visibility is no longer acceptable! The only solution is a strategy designed to answer three crucial questions: 1. What unencrypted data is at-risk on my networks? 2. Where are the vulnerabilities that will allow access to that data by attackers? 3. How much will it cost to remediate the breach after-the-fact? 2,803,036 Records lost or stolen every day 116,793 Records lost or stolen every hour 1,947 Records lost or stolen every minute 32 Records lost or stolen every second F R O M R E M E D I A T I O N T O P R E V E N T I O N The dark matter on your network is a considerable risk. With today's targeted attacks via spear phishing, APTs, and drive-by malware; attackers need only to target and infiltrate one device to get inside your network and wreak havoc. The overwhelming majority of security incidents are due to a known vulnerability being exploited on a single device to gain access to the larger network. 5 Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning *2014 figures from breachlevelindex.com
  • 6. Opportunistic Scanning & Discovery Fortunately a newly patented technology is now available to address this problem with the introduction of iScan Online’ s "Opportunistic Scanning”. Opportunistic Scanning is the ability to perform assessments on devices accessing network resources when and where they are available. This flexible approach means devices can be assessed regardless of the network connection type or location, provided they are connected to the Internet. This flexibility allows iScan Online to shine a light on the dark matter of networks, giving security personnel unprecedented visibility into the security posture, data and applications of those devices. FLEXIBLE DEPLOYMENT, POWERFUL DETECTION iScan Online provides opportunistic scanning and unique methods that allow you to see more of the networked devices and more of the data on those devices with greater accuracy. iScan Online is deployed through a browser plugin, command line interface (downloadable executable) or as a native mobile app. This methodology is fast, highly accurate, and leverages what most organizations already have in place; Microsoft Active Directory, Systems Management tools, Web Applications, Internet access, and a browser. By combining these existing architectures with iScan Online’s cloud-based analytics, organizations are now empowered to assess all devices throughout the organization. This new, highly accurate methodology also delivers very unique scanning capabilities for today and tomorrow’s computing and mobile platforms. An integrated web portal provides a single point for management, analysis, and reporting, while the individual devices perform the heavy lifting of the scan process, permitting scalability across the globe. This distributed architecture provides unparalleled scalability allowing hundreds of thousands of devices to be scanned in a matter of seconds. Even better, it requires no lengthy deployment cycle or additional network appliances to operate. ELIMINATING FALSE POSITIVES & SAVING RESOURCES iScan Online performs deep inspection of devices using a variety of methodologies including the Windows Registry, native file systems, interrogating system configurations using operating system and Application API’s, and Windows WMI queries. Using these direct access methods instead of relying upon network packet response and injection provides highly accurate results, virtually eliminating false positives, which will save time and money for security personnel. There are also no requirements for modifying ingress firewall routes and ports, or need to configure VPN connections as iScan Online executes on the device and communicates via standard HTTPS web traffic. So despite being more flexible and seamless than many other vulnerability scanners, iScan Online’s deployment model ensures that no device goes unscanned due to a lack of credentials or infrequent network connectivity. 6 A P R O A C T I V E S E C U R I T Y S T R A T E G Y Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
  • 7. 7 Average increased customer churn rates, post- breach, by industry Credentials? We don’t need no stinking credentials! One of the biggest challenges with assessing connected devices is that network administrators typically don’t have credentials to scan the device. This presents a number of challenges for proper risk assessment. First, security personnel must be given administrator credentials to the device, which is extremely problematic in BYOD environments. Second it creates an additional security risk by trusting a cache of administrator level credentials to be stored and used within systems, which may not have been designed as secure authorization and authentication brokers. Without administrative credentials, network scanners can only provide an outside view of the device, typically a port scan. With iScan Online, the need for credentials is eliminated because the scan runs on the host as the current user. One of the dirty little secrets of current vulnerability assessment solutions is that administrative access is NOT required to properly assess vulnerabilities when the assessment is run locally on a device. Regardless of how scans are delivered, speed and scalability is key. Because iScan Online performs scanning directly on the device, there is no network congestion or latency introduced. There are no worries about exhausting the amount of threads the scanner can spawn. It makes no difference how many devices are being scanned at a time. Scan one device or thousands of devices at a time through iScan Online’s distributed cloud architecture and all scans are completed within a fraction of the time of traditional vulnerability scanners. Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning 1.75% 3.50% 5.25% 7.00% Healthcare Education Energy Financial Technology Retail 1.3% 4.1% 6.1% 2.8% 2.4% 5.9%
  • 8. SCAN FROM WEB APPS The dark matter on your network is a considerable risk. With today's targeted attacks via spear phishing, APTs, and drive-by malware; attackers need only to target and infiltrate one device to get inside your network and wreak havoc. The overwhelming majority of security incidents are due to a known vulnerability being exploited on a single device to gain access to the larger network. Scanning can now be easily integrated into existing web applications. Utilizing iScan Online for Web Browsers, organizations can now leverage their growing base of web applications as scanning catch points for devices accessing corporate resources. Whether you manage access via captive web portals, single-sign-on credentialing, or another NAC solution, iScan Online works with your existing security policies to ensure that no device gains access to your network without undergoing a background data discovery and vulnerability scan. Even VPN access can incorporate iScan Online technology via simple connect scripts. Now consider a highly distributed organization with a large remote sales force: Typically these users are accessing sales and order processing applications via the web, they rarely access the corporate network using VPN access and are always on the move. How do you assess these devices for security risk? SCAN FROM ANYWHERE At iScan Online, we’ve made it as simple as adding a “Scan Now” button or web analytics service to your web application. Simply include a small JavaScript snippet into any web application and all users accessing the web application will be scanned for security issues in a quick, efficient and unobtrusive manner. Scans can be performed as often as desired (daily, weekly, quarterly etc.) based on the user accessing the web application. Results from the assessment can be analyzed automatically by the web application in order to make decisions regarding the users web application request. For example, the web application could decide to deny access or to limit available functionality to the user based on discovered data or vulnerabilities. And, as with all iScan Online scans, the results are available for reporting and analysis from iScan Online’s Cloud Console. Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
  • 9. 9 COMPLETE, CUSTOMIZABLE DISCOVERY iScan Online’s Data Discovery Scan identifies what devices store unprotected trade secrets, intellectual property, and personal identifiable information that are putting your business at risk. Because data is where you least expect it, with iScan Online, you can see every unprotected piece of data within your company, from credit cards and social security numbers in Dropbox, to intellectual property in mail folders and zip files. iScan Online is unmatched in its combination of flexible deployment, comprehensive data discovery and iron-clad validation algorithms like Modulus Check (LUHN) and intelligent Contextual Awareness to reduce false positives or missed data. iScan Online provides a comprehensive data discovery and scanning solution that meets and exceeds today’s regulatory requirements at the federal, state and industry level. This is crucial as most organizations have regulatory compliance mandates that require scanning of all connected devices. For example the PCI Council mandates that all merchants perform regular internal scans and prioritize detected vulnerabilities for remediation to manage risk. The ability to conduct these internal scans on- demand is a compelling use case for iScan Online. As a Participating Organization in the PCI Council, iScan Online’s PCI scan compliance report is the proof a merchant needs to show compliance with this requirement. The same is true of HIPAA, as well as other compliance mandates. iScan Online can be configured to run the various types of scans required to demonstrate compliance with multiple regulations. But the rash of data breaches that have received so much press in the last few years make it abundantly clear that meeting regulatory compliance for vulnerability scanning just isn’t enough. If a network is infiltrated, the ability to proactively identify unprotected PII and intellectual property is the single most powerful enhancement to your network security that you can make. U N M A T C H E D D A T A D I S C O V E R Y Besides identifying security vulnerabilities, a complete strategy requires knowing what employees and devices are storing unprotected sensitive data throughout your company. But how do you know where that data is hiding? Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning Scan Every File Type OST/PST, CSV, HTML, RTF, DOCX, XLSX, PPTX Text Files, SQL, Binary, SXW, PDF, XML, ODT & more. . . Credit Cards American Express, Visa 13 & 16 Digits, MasterCard, Discover, Diners Club, JCB Personally Identifiable Information Social Security, Drivers License, Date of Birth, Passport, Customizable Intellectual Property Custom Patterns, Unique File Attributes, File Owners, etc.
  • 10. 10 Delivering Actionable Analytics All of the raw scan data is aggregated into a beautiful, actionable cloud console that can be customized by role and interactive report focus. These reports are designed to work together to ensure complete network awareness around your exposed data, your most vulnerable devices and your total financial liability by individual device. This means you’ll know instantly what needs to be prioritized and have thrown into stark relief the actual cost to rectify the situation post-breach, so even the C-Suite can understand. Sort and prioritize by the financial liability, the type of vulnerability, the type of unprotected data, the location of the devices and more. iScan Online also makes it simple to track your progress over time with trend reports for unprotected data, device vulnerability and financial liability. What better way to demonstrate the ROI of proactive remediation and ongoing security assessments than tracking the reduction in risk and financial liability over time? This means no more guessing what employee is putting your business at risk. The data discovery report by host shows you without a doubt the volume of sensitive data and file path outlining exactly what is most likely to fall prey to data theft. And because iScan Online integrates data discovery and vulnerability detection, you can see the calculated liability exposure of a potential data breach. That makes it simple to present threat assessments to the C- Suite in hard dollars at risk and to prioritize your remediation efforts on those devices and users that pose the greatest financial risk to your organization. The iScan Online Cloud Console provides multi-tenancy, role-based access, scan configuration, reporting and analysis. It allows administrators to specify how scans are initiated, for example via a web browser, mobile app etc. The Cloud Console gives administrators insight into device compliance and vulnerability posture across the entire organization. P O W E R F U L C L O U D C O N S O L E iScan Online is unmatched in its combination of flexible deployment, data discovery and vulnerability detection. But it truly differentiates itself from every other solution in the market today by its powerful data analytics. Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning A View of the Console
  • 11. Technological Darwinism dictates that new technologies and methods will rise up to take their place and fill the niches for organizations that need solutions. iScan Online is one of these new breed of solutions; with the right approach and technology to tackle the challenges that today’s technologies and organizations require. You can’t afford to have a majority of your network as dark matter. With iScan Online gain the insight you need to shine the light on every section and device in your network. TAKING THE NEXT STEP If you believe that there might be unprotected data, or unsecured devices on your network, you owe it to yourself to explore the best possible solution for your organization. If you believe that a solution that doesn’t require any new appliances, operates without increased network load, and proactively ensures that every device connected to your network is completely and thoroughly scanned, iScan Online might be a winning option. You can see a variety of demos, data sheets and videos, and to request a free 14-day trial of our solution at www.iscanonline.com/support-resources Otherwise, please explore the sample reports to the left. 11 Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning I L L U M I N A T I N G T H E D A R K M A T T E R We are living in exciting times. We are in the midst of a paradigm shift in how organizations conduct business and the technologies and devices they use. These changes will render some older technologies and methods obsolete.
  • 12. I S C A N O N L I N E 5600 Tennyson Parkway, #343 Plano, TX 75024 214-276-1150 www.iscanonline.com sales@iscanonline.com