Box has revolutionized how employees can access, share and manage company data and collaborate more effectively. But while the distributive nature of cloud based file sharing makes it invaluable to business productivity, it also adds increased risk of malicious or accidental leakage of business-critical data.
Today’s cloud sharing services like Box require a complete rethinking of traditional security practices to ensure proper access control, security, and compliance as corporate assets migrate outside the enterprise boundary into 3rd party cloud apps. Implementing these security practices starts with gaining visibility into how cloud apps are being used by employees, identifying sensitive content and how it is being shared, uncovering risky or anomalous behavior, and proactively enforcing policies to protect against internal or external threats.
Google Apps, Especially Google Drive, have enabled millions of users to easily share documents and collaborate more effectively. However, a lack of visibility and control by IT departments over these users and their activity in Google Apps has actually dramatically increased the risk of malicious or accidental leakage of business-critical data.
In this webcast, cloud security experts Nitin Kumar of Cisco, and Sergio Castro of Elastica will discuss best practices for protecting your data in Google Apps. You will learn:
• What base level security Google Drive provides (and what it doesn’t)
• Examples of companies that are facing these issues and how they are solving them
• Best practices in identifying sensitive, shared content that may violate compliance policies (PCI, PHI, PII, etc.)
• Best practices in using data science to uncover risky or anomalous behavior
• How to automate protection against Google Drive data breaches
Elastica conducted an exhaustive analysis of over 100 million customer files in order to better understand how employees use (and occasionally abuse) file sharing apps. This data has been anonymized and aggregated and, for the first time ever, sheds some much-needed light on typical file sharing behaviors, the nature of the data being shared, including unmanaged “shadow data”, and the possible consequences of file sharing data breaches for organizations like yours.
This slideshare, “Shadow Data Exposed”, delves deeply into this research data to help you unlock the business potential of cloud sharing apps and uncover and manage the “Shadow Data” stored in them, while ensuring these apps are used safely and in compliance with your corporate policy. You will learn:
• Why traditional security technologies like DLP, firewalls, endpoint solutions and antivirus are ineffective in the brave new world of file sharing apps.
• How to spot 7 risks of managing file sharing apps, as revealed by Elastica’s big security data research.
• How to build an effective cloud app security architecture that provides visibility, control and remediation.
How to Extend Security and Compliance Within BoxElastica Inc.
Choosing an enterprise-class file sharing service such as Box is a great first step in safely migrating to the cloud. However even with the most robust service, enterprise organizations are still responsible for how their users take advantage of the service, what sensitive content they upload and share, and potential damage due to compromised user credentials.
In this on-demand webcast Eric Andrews, Elastica VP of Marketing, will discuss:
• What base level security Box provides
• Best practices in identifying sensitive, shared content that may violate compliance policies (PCI, PHI, PII, etc.)
• Best practices in using data science to uncover risky or anomalous behavior
Office 365 revolutionized how employees work and collaborate by embracing the power of the software-as-a-service (SaaS) model. While the easy deployment and broad access of Office 365 makes it invaluable to business productivity, a SaaS model adds increased risk of malicious or accidental leakage of business-critical data.
In this webinar Protect Your Data in Office365 you will learn to:
Understand how Office 365 is being used by your users
Identify sensitive content (like payment information, healthcare records, source code, or other types of data) being shared
Uncover risky or anomalous behavior by rogue insiders
Automate protection against Office 365 data breaches, minimize false positives, and eliminate the constant retuning of data classification policies.
Watch the on-demand webcast at https://www.elastica.net/protect-your-data-in-office365/
Google Apps, Especially Google Drive, have enabled millions of users to easily share documents and collaborate more effectively. However, a lack of visibility and control by IT departments over these users and their activity in Google Apps has actually dramatically increased the risk of malicious or accidental leakage of business-critical data.
In this webcast, cloud security experts Nitin Kumar of Cisco, and Sergio Castro of Elastica will discuss best practices for protecting your data in Google Apps. You will learn:
• What base level security Google Drive provides (and what it doesn’t)
• Examples of companies that are facing these issues and how they are solving them
• Best practices in identifying sensitive, shared content that may violate compliance policies (PCI, PHI, PII, etc.)
• Best practices in using data science to uncover risky or anomalous behavior
• How to automate protection against Google Drive data breaches
Elastica conducted an exhaustive analysis of over 100 million customer files in order to better understand how employees use (and occasionally abuse) file sharing apps. This data has been anonymized and aggregated and, for the first time ever, sheds some much-needed light on typical file sharing behaviors, the nature of the data being shared, including unmanaged “shadow data”, and the possible consequences of file sharing data breaches for organizations like yours.
This slideshare, “Shadow Data Exposed”, delves deeply into this research data to help you unlock the business potential of cloud sharing apps and uncover and manage the “Shadow Data” stored in them, while ensuring these apps are used safely and in compliance with your corporate policy. You will learn:
• Why traditional security technologies like DLP, firewalls, endpoint solutions and antivirus are ineffective in the brave new world of file sharing apps.
• How to spot 7 risks of managing file sharing apps, as revealed by Elastica’s big security data research.
• How to build an effective cloud app security architecture that provides visibility, control and remediation.
How to Extend Security and Compliance Within BoxElastica Inc.
Choosing an enterprise-class file sharing service such as Box is a great first step in safely migrating to the cloud. However even with the most robust service, enterprise organizations are still responsible for how their users take advantage of the service, what sensitive content they upload and share, and potential damage due to compromised user credentials.
In this on-demand webcast Eric Andrews, Elastica VP of Marketing, will discuss:
• What base level security Box provides
• Best practices in identifying sensitive, shared content that may violate compliance policies (PCI, PHI, PII, etc.)
• Best practices in using data science to uncover risky or anomalous behavior
Office 365 revolutionized how employees work and collaborate by embracing the power of the software-as-a-service (SaaS) model. While the easy deployment and broad access of Office 365 makes it invaluable to business productivity, a SaaS model adds increased risk of malicious or accidental leakage of business-critical data.
In this webinar Protect Your Data in Office365 you will learn to:
Understand how Office 365 is being used by your users
Identify sensitive content (like payment information, healthcare records, source code, or other types of data) being shared
Uncover risky or anomalous behavior by rogue insiders
Automate protection against Office 365 data breaches, minimize false positives, and eliminate the constant retuning of data classification policies.
Watch the on-demand webcast at https://www.elastica.net/protect-your-data-in-office365/
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
Organizations today are facing unprecedented and sophisticated attacks to their internal Information Technology infrastructure. These evolving attacks include spear phishing, ransomware, credential hijacking, and more and can result in significant data loss and/or theft of confidential and valuable intellectual property. In response to these threats, Microsoft has released an array of tools such as Azure Sentinel, Cloud App Security, Microsoft Defender for Identity, and more which can help to secure and protect against these threats. These tools work with both on-premises and cloud-based infrastructure to provide for comprehensive protection of hybrid environments.
This session breaks down each of these Microsoft tools and provides for an understanding of their value for specific security scenarios. A simple, no-marketing approach is taken to evaluating each individual tool, and a simple breakdown of what is provided with each Microsoft licensing model is outlined. Attendees will gain a better appreciation to which tools to utilize and how to better protect their Information Technology investments from the type of career-ending attacks which are unfortunately common today.
• Understand how modern threats such as spear phishing, ransomware, credential hijacking, and more are commonly faced in today’s IT environments and what tools and techniques can be used to mitigate the risk faced by these modern threats
• Examine Microsoft security tools such as Azure Sentinel, Microsoft Defender for Identity, Azure Security Center, Cloud App Security, Azure AD Privileged Identity Management, Azure AD Identity Protection, Azure Information Protection, and more
• Understand which tools are available for each licensing model in the Microsoft world and when it may make sense to ‘upgrade’ existing licenses to support specific toolsets as opposed to investment in third-party tools
Making Cloud Security Part of Your DNA Webinar SlidesNetskope
To watch the full Making Cloud Security Part of Your DNA webinar video, please go to: https://resources.netskope.com/h/i/65967799-making-cloud-security-part-of-your-dna
Summary:
As Chief Security Officer for leading cancer diagnostic company Genomic Health, Craig Guinasso makes cloud a strategic advantage while solving some of today’s most complex security challenges.
Join Craig, along with Sanjay Beri, CEO of Netskope, Missy Krasner, Managing Director of Healthcare at Box, and David Baker, CSO of Okta, for a webinar on the top five strategies that healthcare technology leaders should adopt to get the most out of the cloud while also protecting patient health data and keeping their organizations compliant.
In this powerpoint, you will get a glimpse into the webinar where we discussed how to:
- Think about cloud services in relation to business objectives
- Triage Shadow IT and consolidate on the most enterprise-ready cloud services
- Create checks and policies to identify and prevent PHI leaks
- Turn their business stakeholders into security champions
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
Global regulations are driving the needs for businesses in all sectors to have cybersecurity programs that are designed to fit the organizations risk profile. At the same time, there is a lack of clarity on how much one should spend on managing these risks and the sophistication and number of risk mitigants that are required to manage these risks.
Company executives and board of directors are held personally liable for having the appropriate oversight and management of these controls and are looking for their CISO and CIROs to provide them assurance that these controls are in place and operating effectively. An attempt to balance the requirements and the expectations is a delicate balance. This presentation will look at the regulatory landscape and how this landscape is affecting client, executive, and board-level expectations for cybersecurity risk management. It will also provide some recommendations on how to approach the development of a cybersecurity risk management program.
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
Sensitive data may be stored in different forms. Not only legal owners but also malicious people are interesting of getting sensitive data. Exposing valuable data to others leads to severe Consequences. Customers, organizations, and /or companies lose their money and reputation due to data breaches. There are many reasons for data leakages. Internal threats such as human mistakes and external threats such as DDoS attacks are two main reasons for data loss. In general, data may be categorized based into three kinds: data in use, data at rest, and data in motion. Data Loss Prevention (DLP) are good tools to identify important data. DLP can do analysis for data content and send feedback to administrators to make decision such as filtering, deleting, or encryption. Data Loss Prevention (DLP) tools are not a final solution for data breaches, but they consider good security tools to eliminate malicious activities and protect sensitive information. There are many kinds of DLP techniques, and approximation matching is one of them. Mrsh-v2 is one type of approximation matching. It is implemented and evaluated by using TS dataset and confusion matrix. Finally, Mrsh-v2 has high score of true positive and sensitivity, and it has low score of false negative.
The objective of this workshop is to show existing Oracle Database (Enterprise
Edition, Exadata, Autonomous Database, EXACS, DBCS) customers how to
attach your Database to Data safe and gain valuable understanding of
potential risks. Using user Assessment, understand rights and entitlement of
users and review activity auditing which provides powerful insight to database
interaction. The workshop will finish with a full sensitive data discovery and
then how to anonymize date with sensitive data masking.
The workshop is delivered in an interactive way with Presentations and Hands on
Labs to ensure complete understanding.
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your OrganizationRaffa Learning Community
An examination of ever growing cyber threats which continue to develop and successfully execute cyber attacks and fraud scams, which cost businesses billions of dollars globally. This session will step through different current and emerging cyber attacks and cyber fraud scenarios, and then discuss how basic but effective security controls can help to significantly reduce the risks.
Presentation on the Internet of Things. How we are connecting more devices to the Internet and forgetting to secure access. Research done by Billy Rios - delivered by Wolfgnag Kandek
Thread Legal and Microsoft 365 SecurityThread Legal
Safeguard your business against external threats and leaks, and easily manage devices with Microsoft 365. Protect business data, and control who has access to sensitive information. Learn more in this in-depth deck.
Have your incident response time numbers been slipping? As cybersecurity teams deal with an increasing number of systems, networks, and threats, they naturally find it more difficult to deal with these issues in the same amount of time as they once did. Security automation can help teams identify the most pressing issues, adequately prioritize responses and make it easy for new employees to get up to speed quickly. Visit - https://www.siemplify.co/
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
In an ever-changing technology landscape, SD-WAN has emerged as a leading technology to drive IT efficiency. Innovation, market convergence, and a noisy product landscape have made the marketplace more complex than it needs to be. Learn why a managed approach makes things easier and is considered a best practice by many.
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec Data Loss Prevention - Introduction
- Symantec Data Loss Prevention - Components
- Symantec Data Loss Prevention - Features & Use Cases
- Symantec Data Loss Prevention - System Requirements
- Symantec Data Loss Prevention - Appendix (extra information)
This provides a brief overview of Symantec Data Loss Prevention (DLP). Please note all the information is based prior to May 2016 and the full integration of Blue Coat Systems's set of solutions.
Threat Hunting, Detection, and Incident Response in the CloudBen Johnson
SaaS and IaaS are new frontiers for a lot of security teams. We'll explore some thoughts at how you might approach some of these areas of your environment from a hunting or IR perspective. This was from a Sans webinar on 2019-09-25.
Splunk Conf 2013 September 30-October 3 & Splunklive Denver.
Monitoring for the big "T". Learn how Ping Identity manages, deploys and monitors it's hybrid cloud SaaS applications using best of breed solutions. Tools and people create T = r + t, our philosophy for transparency and reliability.
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
Organizations today are facing unprecedented and sophisticated attacks to their internal Information Technology infrastructure. These evolving attacks include spear phishing, ransomware, credential hijacking, and more and can result in significant data loss and/or theft of confidential and valuable intellectual property. In response to these threats, Microsoft has released an array of tools such as Azure Sentinel, Cloud App Security, Microsoft Defender for Identity, and more which can help to secure and protect against these threats. These tools work with both on-premises and cloud-based infrastructure to provide for comprehensive protection of hybrid environments.
This session breaks down each of these Microsoft tools and provides for an understanding of their value for specific security scenarios. A simple, no-marketing approach is taken to evaluating each individual tool, and a simple breakdown of what is provided with each Microsoft licensing model is outlined. Attendees will gain a better appreciation to which tools to utilize and how to better protect their Information Technology investments from the type of career-ending attacks which are unfortunately common today.
• Understand how modern threats such as spear phishing, ransomware, credential hijacking, and more are commonly faced in today’s IT environments and what tools and techniques can be used to mitigate the risk faced by these modern threats
• Examine Microsoft security tools such as Azure Sentinel, Microsoft Defender for Identity, Azure Security Center, Cloud App Security, Azure AD Privileged Identity Management, Azure AD Identity Protection, Azure Information Protection, and more
• Understand which tools are available for each licensing model in the Microsoft world and when it may make sense to ‘upgrade’ existing licenses to support specific toolsets as opposed to investment in third-party tools
Making Cloud Security Part of Your DNA Webinar SlidesNetskope
To watch the full Making Cloud Security Part of Your DNA webinar video, please go to: https://resources.netskope.com/h/i/65967799-making-cloud-security-part-of-your-dna
Summary:
As Chief Security Officer for leading cancer diagnostic company Genomic Health, Craig Guinasso makes cloud a strategic advantage while solving some of today’s most complex security challenges.
Join Craig, along with Sanjay Beri, CEO of Netskope, Missy Krasner, Managing Director of Healthcare at Box, and David Baker, CSO of Okta, for a webinar on the top five strategies that healthcare technology leaders should adopt to get the most out of the cloud while also protecting patient health data and keeping their organizations compliant.
In this powerpoint, you will get a glimpse into the webinar where we discussed how to:
- Think about cloud services in relation to business objectives
- Triage Shadow IT and consolidate on the most enterprise-ready cloud services
- Create checks and policies to identify and prevent PHI leaks
- Turn their business stakeholders into security champions
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
Global regulations are driving the needs for businesses in all sectors to have cybersecurity programs that are designed to fit the organizations risk profile. At the same time, there is a lack of clarity on how much one should spend on managing these risks and the sophistication and number of risk mitigants that are required to manage these risks.
Company executives and board of directors are held personally liable for having the appropriate oversight and management of these controls and are looking for their CISO and CIROs to provide them assurance that these controls are in place and operating effectively. An attempt to balance the requirements and the expectations is a delicate balance. This presentation will look at the regulatory landscape and how this landscape is affecting client, executive, and board-level expectations for cybersecurity risk management. It will also provide some recommendations on how to approach the development of a cybersecurity risk management program.
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
Sensitive data may be stored in different forms. Not only legal owners but also malicious people are interesting of getting sensitive data. Exposing valuable data to others leads to severe Consequences. Customers, organizations, and /or companies lose their money and reputation due to data breaches. There are many reasons for data leakages. Internal threats such as human mistakes and external threats such as DDoS attacks are two main reasons for data loss. In general, data may be categorized based into three kinds: data in use, data at rest, and data in motion. Data Loss Prevention (DLP) are good tools to identify important data. DLP can do analysis for data content and send feedback to administrators to make decision such as filtering, deleting, or encryption. Data Loss Prevention (DLP) tools are not a final solution for data breaches, but they consider good security tools to eliminate malicious activities and protect sensitive information. There are many kinds of DLP techniques, and approximation matching is one of them. Mrsh-v2 is one type of approximation matching. It is implemented and evaluated by using TS dataset and confusion matrix. Finally, Mrsh-v2 has high score of true positive and sensitivity, and it has low score of false negative.
The objective of this workshop is to show existing Oracle Database (Enterprise
Edition, Exadata, Autonomous Database, EXACS, DBCS) customers how to
attach your Database to Data safe and gain valuable understanding of
potential risks. Using user Assessment, understand rights and entitlement of
users and review activity auditing which provides powerful insight to database
interaction. The workshop will finish with a full sensitive data discovery and
then how to anonymize date with sensitive data masking.
The workshop is delivered in an interactive way with Presentations and Hands on
Labs to ensure complete understanding.
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your OrganizationRaffa Learning Community
An examination of ever growing cyber threats which continue to develop and successfully execute cyber attacks and fraud scams, which cost businesses billions of dollars globally. This session will step through different current and emerging cyber attacks and cyber fraud scenarios, and then discuss how basic but effective security controls can help to significantly reduce the risks.
Presentation on the Internet of Things. How we are connecting more devices to the Internet and forgetting to secure access. Research done by Billy Rios - delivered by Wolfgnag Kandek
Thread Legal and Microsoft 365 SecurityThread Legal
Safeguard your business against external threats and leaks, and easily manage devices with Microsoft 365. Protect business data, and control who has access to sensitive information. Learn more in this in-depth deck.
Have your incident response time numbers been slipping? As cybersecurity teams deal with an increasing number of systems, networks, and threats, they naturally find it more difficult to deal with these issues in the same amount of time as they once did. Security automation can help teams identify the most pressing issues, adequately prioritize responses and make it easy for new employees to get up to speed quickly. Visit - https://www.siemplify.co/
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
In an ever-changing technology landscape, SD-WAN has emerged as a leading technology to drive IT efficiency. Innovation, market convergence, and a noisy product landscape have made the marketplace more complex than it needs to be. Learn why a managed approach makes things easier and is considered a best practice by many.
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec Data Loss Prevention - Introduction
- Symantec Data Loss Prevention - Components
- Symantec Data Loss Prevention - Features & Use Cases
- Symantec Data Loss Prevention - System Requirements
- Symantec Data Loss Prevention - Appendix (extra information)
This provides a brief overview of Symantec Data Loss Prevention (DLP). Please note all the information is based prior to May 2016 and the full integration of Blue Coat Systems's set of solutions.
Threat Hunting, Detection, and Incident Response in the CloudBen Johnson
SaaS and IaaS are new frontiers for a lot of security teams. We'll explore some thoughts at how you might approach some of these areas of your environment from a hunting or IR perspective. This was from a Sans webinar on 2019-09-25.
Splunk Conf 2013 September 30-October 3 & Splunklive Denver.
Monitoring for the big "T". Learn how Ping Identity manages, deploys and monitors it's hybrid cloud SaaS applications using best of breed solutions. Tools and people create T = r + t, our philosophy for transparency and reliability.
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
View Webinar: http://ibm.co/1pyzpuI
The momentum continues with the IBM Security AppExchange. Join this webinar to meet the developers of two apps that help you extend the capabilities of IBM Security QRadar.
iSIGHT Threatscape enables users to pull rich threat intelligence from iSIGHT Partners directly into QRadar, improving the ability to mange threats and automate security workflow.
STEALTHbits monitors Microsoft systems and provides an easy and extensible dashboard for viewing active-directory changes logged by STEALTHbits products
Learn the advantages of sharing best practices and collaborating with others to battle highly organized cybercrime - join the era of collaborative defense!
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfJenna Murray
Cyber Security is a protection offered to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications). To read more visit: https://www.rangtech.com/blog/cybersecurity/cyber-security-what-is-it-and-what-you-need-to-know
The crown jewels of any IT environment is the valuable information you manage. This session will explore techniques and Microsoft technologies that can ensure documents are well-managed, secured, and only available to approved individuals in your organization. We will also look at advanced ediscovery and data governance approaches and technologies that can support these.
Threat modeling is about thinking what bad can happen and what can you do about it. It can also find logical flaws and reveal problems in the architecture or software development practices. These vulnerabilities cannot usually be found by technical testing.
Threat modeling helps you deliver better software, prioritize your preventive security measures, and focus your penetration testing to the most risky parts of the system. The beauty of threat modeling is that you can assess security already in the design phase. In addition, it is something every team member can participate in because it doesn't require any source code, special skills, or tools. Threat modeling is for everyone: developers, testers, product owners, and project managers.
The presentation covers various methods, such as the STRIDE model, for finding security and privacy threats. You will also learn to analyze use cases for finding business level threats. The presentation also includes practical tips for arranging threat workshops and representing your results.
This presentation was held in the Diana Initiative 2018 and Nixucon 2018 conferences.
IT infrastructure is changing and needs controls for mobile, cloud, and big data
Guardium is the leader in database and big data security
Heterogeneous support is a great asset to leverage across the infrastructure to reduce risk
Supports separation of duties
Integration with other security products
No additional training for multiple products
2016 Cybersecurity Analytics State of the UnionCloudera, Inc.
3 Things to Learn About:
-Ponemon Institute's 2016 big data cybersecurity analytics research report
-Quantifiable returns organizations are seeing with big data cybersecurity analytics
-Trends in the industry that are affecting cybersecurity strategies
Office 365 Security Features That Nonprofits Should Know and UseTechSoup
When it comes to email, document storage, and online browsing, security should be foremost. Join us for a 30-minute webinar where we will discuss how you can use built-in features of Office 365 to protect your organization. Learn how to protect your systems and keep data in the hands of only those users who need it.
This webinar is intended for organizations that already use Office 365, or those that want to better understand how Office 365 can keep their communications and data secure.
Privacy Preserved Data Augmentation using Enterprise Data FabricAtif Shaikh
Enterprises hold data that has potential value outside their own firewalls. We have been trying to figure out how to share such data at a level of detail with others in a secure, safe, legal and risk mitigated manner that ensure high level of privacy while adding tangible economic and social value. Enterprises are facing numerous roadblocks, failed projects, inadequate business cases, and issues of scale that needs newer techniques, technology and approach.
In this talk, we will be setup the groundwork for scalable data augmentation for organisations and visualising technical architectures and solutions around emerging technologies of data fabrics, edge computing and a second coming of data virtualisation.
Security and Compliance with SharePoint and Office 365Richard Harbridge
Whether you’re new to security and compliance in Office 365 or a seasoned veteran, we’ll have something for you in this session. Hear about Microsoft’s overall security story from Microsoft MVP Richard Harbridge, and better understand how it relates to SharePoint services, catch up on new developments over the past year, and learn about the new capabilities Microsoft provides. From advanced security management and threat intelligence to sensitive content encryption, governance and sharing there is plenty to discuss.
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
Cerdant’s Director of Engineering, Joshua Skeens, presented the best ‘bets’ to increase your security odds. Josh warned customers to stop gambling with their data, and cautioned against weak, guessable passwords stating, “Use 2-Factor Authentication everywhere!” The first step in creating the best security posture possible for your business will always be just getting started, and to keep momentum Josh suggests implementing 1 new security practice each week.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Enabling Dropbox for Business
1. • Introduction
• Discussion
• Demo
• Q&A – If you have any questions
during the event, please type them
into the panel on the right side of
your screen.
Agenda
elastica.net
Speaker
Santiago Polo
Sr. Systems Engineer
2. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute!
Enabling Dropbox for Business
3. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.
Excellent security team and controls in
place to protect your data from hackers
More and more enterprises are confident
trusting their data with Dropbox
Can be deployed with a
Single Sign-On solution
Dropbox for Business is a secure solution
Johnny.B.Good
•••••••••••••••
4. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.
Johnny.B.Good
•••••••••••••••
What is not secure…
Password-based authentication has
inherent limitations
Human Nature – intentional or accidental
misuse of a valuable tool
Even if the tool is secure, organizations need
to govern their use of the tool
Compliance Risks?
Compromised Credentials?
Malicious Insiders?
Data Governance?
Malware Threats?
Unsecured BYOD Access?
5. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.
No malicious intent
just bad practice
Determined internal
threat
Compromised
devices or credentials
Inappropriate sharing of
critical content
Broad sharing of data
outside of specified groups
Moving restricted data
between services
Sending data to external sources
without considering implications
Failing to limit collaborators
to appropriate groups
Disgruntled employee
Dishonest Employee
Employee leaving to
join competitor
Terminated employee
who still has access
Uploading critical data
to personal storage
Phishing attacks
Man in the middle
Keystroke loggers
Stolen device
Stolen credentials
Socially engineered theft
Threat Vectors
12%7%80%
Aberdeen Group report
SaaS Data Loss —
The Problem You Didn’t
Know You Had (2014)
6. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.
Zeus-style malware
hidden under
user https session
Illegal transactions made.
Data stolen and uploaded
under https session!
No visibility
Malware Example
Zeus-like Malware
targets Cloud Apps
7. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute. 7
Who Controls Sharing?
Sharing has become
democratized (no longer top-
down controls)
Even file owners no longer
fully control how their files
are shared
Alice shares a file with Bob
Shadow Data
Bob shares that file publicly
without Alice’s knowledge
READ WRITE
READ ONLY
READ ONLY
READ ONLY
READ ONLY
READ ONLY
READ WRITE
READ WRITE
READ WRITEREAD WRITE
READ WRITE
READ ONLY
READ WRITEREAD ONLY
READ WRITE
READ ONLY
READ ONLY
READ WRITE
READ ONLY
READ WRITE
READ ONLYREAD WRITE
READ WRITE
READ ONLY
READ ONLY
READ ONLY
READ WRITEREAD WRITE
READ WRITE
READ ONLY
READ ONLY
READ ONLY
READ ONLY
READ ONLY
READ ONLY
READ ONLY
READ ONLY
READ ONLY
READ ONLY
READ ONLY
8. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.
Inadvertent Sharing
Legacy Sharing
Over Sharing
Public Shares /“Loose” Shares
Inherited File &
Folder
Permissions
Forgotten Shares
Shadow Data
former staff freelance contractor media contact with access to master
“marketing” folder
9. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.
files stored in the
cloud per user
(average)
All Company
68%
files per user are
broadly shared
(average) External
19%
13%
Public
contain compliance related
data
PII
56%
29%
PHI
15%
PCI
20%of these files
2037 185
5% of users responsible for 85% of risk!
Shadow Data
10. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.
Bob
Shared
Payroll.docx
with Alice
But it’s not
that
simple
Alice is an
External Collaborator
Using
Dropbox
From an
Unmanaged Device
The File Contains
PII Risk
From an
Anomalous Location
Required Granularity of Visibility and Control
11. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.
Relies on outdated perimeter concept
Does not understand cloud app activity at a granular level
Is not context aware
Many times ignores encrypted traffic
Assumes links are safe
Traditional Security Approaches Fall Short
Traditional Company Environment
?
12. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.
Gaining Visibility into Cloud Apps
Gateway
front door
back door
13. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.
StreamIQ™
Deep visibility into
encrypted cloud traffic
Extracts all cloud
service objects and
activities (upload,
download,
share, delete)
Understands internal
vs. external
collaborators
ContentIQ™
Machine learning, semantic
analysis, natural language
processing, etc. used to provide
accurate file classification and
risk assessment (PII, PCI, HIPAA,
Source Code, etc.)
Use the above in policy to easily
alert, block, or remediate
ThreatScore™
Dozens of machine learning models
run per-user against StreamIQ™
events to tease out weak signals
indicating compromise, intentional
malicious activity, or accidental risky
behavior
Never before possible at this scale
100’s of thousands of users harnessing the power of the
cloud
Data Science Enables File Sharing in the Cloud
14. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.
StreamIQ™
Event Extraction & Recording
Applying Data Science to Analyze User Behavior
15. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.
Applying Data Science to Analyze User Behavior
a unique graph for each individual
What happens when suspicious activity
occurs?
deviation
Analyze User Behavior
16. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.
Applying Data Science to Analyze User Behavior
given based on severity of suspicious activity
ThreatScore™
deviation
Dynamically Assign ThreatScore™
17. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.
ContentIQ™ — Classifying the data
ContentIQ™
?
?
?
?
18. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.
Minimize False Positives
ContentIQ™ — Classifying the data
19. Copyright (C) 2015 Elastica, Inc. Confidential Information. Do Not Distribute.
Data Science PoweredTM Cloud App Security
Elastica GW
Cloud APIs
FW Logs
Elastica
CloudSOC™
Business Readiness
Rating™
ThreatScore™
Content Classification
Granular Cloud Usage
PII PCI PHI Source Code
StreamIQ™
Machine Learning Semantic Analysis Natural Language Processing Graph Theory
Data Science Powered™ Cloud App Security
20. Fully understand how files are being shared in your organization
Quick and Easy – setup in minutes.
Start seeing results in a couple hours!
Expose risky content and develop policy/coach users
Find PII, PCI, HIPAA, Encrypted/Compressed Files, Source Code and more
Drill down on risky behaviors and perform immediate incident response
Find compromised user accounts, suspicious behavior, malware
Get your Shadow Data Risk Assessment
from your local Elastica team today!
Visit us to learn how you
can find risks and
protect critical content in
your file sharing apps.
elastica.net
Enabling Dropbox
for Business
Editor's Notes
Welcome everyone and thanks for joining today’s webinar on enabling Dropbox for Business. As Martin mentioned Today we’ll cover a few topics on some of the challenges we see around securing Dropbox for enterprise use, how we here at Elastica address these challenges, and we’ll do a brief demo.
As Martin mentioned, your questions are welcomed, so please type those into the question field to the right of your screen in the GoToWebinar control panel.
So let’s begin by stating that Dropbox for Business is a secure solution. The intention of this presentation is NOT to position Dropbox as a super-high-risk file sharing service and scare you into avoiding it. The fact is Dropbox has an excellent security team, and they have great security features, and they give you great controls to protect your data. I think their customers would agree with this by and large.
Since Dropbox offers you an enterprise grade platform for storage and file sharing services, this is one less thing you have to worry about. One item you may want to consider is securing this using a single sign-on solution to authenticate your users regardless of where they’re coming from. Even with these two things in place, there are still some areas we need to cover. As many breaches have proven, user name and password is not enough! CLICK
STOP
However, there are some challenges here, and some elements we should look at that are not secure.
To start, if you’ve read any news about many of the security breaches over the past couple of years, you already know the limitations of password-based authentication, but beyond this, you also have the human nature element, where either intentional or even accidental misuse of this great tool can result in unintended exposures.
One of the things you have to worry about is using an application that’s secure, using enterprise grade, second thing is use a single sign on solution to authenticate regardless of where they’re coming form. But even with these two things in place there are still some areas that we need cover for. User name and password is not enough.
door / build access panel
Compliance Risks?
Compromised Credentials?
Malicious Insiders?
Data Governance?
Malware Threats?
Unsecured BYOD Access?
door / build access panel
Compliance Risks?
Compromised Credentials?
Malicious Insiders?
Data Governance?
Malware Threats?
Unsecured BYOD Access?
There are some challenges here, and some elements we should look at that are not secure.
To start, if you’ve read any news about many of the security breaches over the past couple of years, you already know the limitations of password-based authentication, but beyond this, you also have the human nature element, where either intentional or even accidental misuse of this great tool can result in unintended exposures.
This causes us to look at our risks differently. Do we have compliance risks now? What happens in the case of compromised credentials or malicious insiders? Or with BYOD scenarios? Let’s take a look at some of these cases.
door / build access panel
Compliance Risks?
Compromised Credentials?
Malicious Insiders?
Data Governance?
Malware Threats?
Unsecured BYOD Access?
So there are three main threat vectors to think about…
The first and most prominent threat vector is that of user error! *CLICK* Lots of people focus on compromised credentials, there’s also a lot of accidental sharing. A study last year discovered that 80% of the data loss in these SaaS applications like Dropbox were due to user mistake! The user had no malicious intent, they just clicked the wrong place, or publicly shared sensitive files just to make things easier for themselves or others. *CLICK*
The second threat we see is the determined insider threat. This might be a disgruntled, or dishonest employee, or someone who’s leaving the company to join a competitor. This is now intentional mis-use by someone who has access. *CLICK*
The third threat we see is that from a compromised credential. This of course, is the story that always makes the news and usually has dire results. This is usually the result of malware or social engineering efforts. Let’s take a look at this. *CLICK*
So let’s take a quick peek at an example of hijacked or malware scenario. Let’s take a look at our Dropbox user here who ordinarily visits Dropbox to view or share files, but today things are different. Unfortunately, his machine has been infected with a zeus-like trojan that targets cloud apps. Now the user makes his requests to dropbox, and our next gen firewall, IPS systems, and URL filtering systems are perfectly happy to allow him to do this, since he’s allowed to go there. Unfortunately, since this traffic also SSL encrypted, they may not detect the malware signaling or the fact that his Dropbox session is now being hijacked. The malware in this case is now using the hijacked account to share these files with users outside of the corporate domain. Lots of questions remain outstanding here. What files were touched? What did the compromised machine do when it was logged in to Dropbox? Were files deleted, shared, exposed, downloaded? Hmm.
So to expand on this, lets take a look at the other case. The non-malicious user who’s simply oversharing.
So let me ask you this question: Do you remember back in the day when we had file sharing within our data center? We’d build a file server, and the IT admin or domain admin had full control over who had access to that file server and what could be shared with whom. When we work with applications like Dropbox, for all the wonderful things it brings us, it now also brings us the question of who controls sharing? Sharing has become democratized now, where you’re putting the controls in the hands of the user. Even file owners no longer fully control how their files are shared. *CLICK* Let’s look at this example where Alice shares a file with Bob, *CLICK* and then Bob decides to share the file with two friends. And they share with their friends, and so on, and so on, and so on. From here things get very complicated because permissions, control, file ownership, all get a little confusing. This is an example of what we call shadow data, or shadow IT. You’ll likely hear me use this term again.
With this in mind, let’s take a look at a couple of other examples of those unintentional shares in more detail: First we have the oversharing scenario, where users will share files publicly to make things easier for themselves or others. It’s super easy to just click that button there that says “Anyone with the link”
The second case here is where users will inadvertently share an entire folder of files, which then assigns those sharing permissions to all the files within it. Or, also inadvertently sharing files with collaborators that may be outside the corporate domain. For example, I wanted to share this presentation with my coworker Nick yesterday, and when typing in his name, it auto-populated another Nick at another company! I almost clicked the “Share” button before I caught the error.
The third case here is legacy sharing. How many of you have former staff members that may still have access to their dropbox accounts? Or Freelance Contractors who haven’t been here for years? Or worse, folders being shared with folks that we’ve simply forgotten about.
These are more Shadow Data cases where we absolutely risk exposure.
So let’s take a look at the stats here: From data we’ve collected on our own customers that we’re monitoring, we see that the average user stores about 2037 files in cloud based storage accounts. *CLICK* Of these files on average about 185 of these are shared broadly. *CLICK* These may be public or externally shared or just shared with the whole company.
If we take a look at those 185 files that are shared broadly, about 20% of these contain sensitive data! (PII, PHI or PCI)
If we go back and look at it from perspective of which users are doing this, we see that 5% of our users are responsible for 85% of the risk exposure. So who are they? What are these files? Where are they? And how do we remediate this? As it turns out, we can solve these, problems, but we need the right tools. Manual remediation would take us lengthy amounts of time to resolve, but automated tools, can resolve this in seconds.
So let’s take look at how we can do this.
Average number of files per user 2037
About 9% broadly shared
(company-wide, external or public)
20% of these contain compliance-related data!
Average time to remediate risk exposures:
Manual: 67 minutes per user
Automated: 16 seconds per user (1/251)
First let’s take a simple use case: Bob shares a file with Alice using Dropbox. If you’re using traditional tools like NGFW, IPS, or URL filtering, this is about all you’d see. Bob connected to Dropbox. But that’s not the entire story here. To have good visibility and control, you also need to know that
1. He shared it from an unmanaged device
2. He made Alice an external collaborator
3. The file contains sensitive information
4. The file was accessed from an anomalous location.
but it’s no that simple
The traditional tools, Next Gen Firewall, Proxies, DLP’s, these fall short since they’re primarily focused on data within your perimeter. This data is now outside your perimeter where these tools don’t understand this concept of application activity at a very granular level. Frequently these tools will also ignore SSL encrypted traffic and assume that the links are all safe, since when files are shared as links, there’s simply no content to inspect here. These tools may also not be context aware, meaning it’s not possible to tell if Alice is internal or external, or whether the context of keywords within a file constitute an exposure or not. Where does this leave us? Exactly. We don’t know. So how do we resolve this.
NGFW/Proxies/DLP
1. Relies on outdated Perimeter concept
• Doesn’t see the traffic from Mobile Devices
2. Does not understand cloud app activity at a granular level
• Cannot detect sharing actions vs. uploads and downloads
3. Is not context aware
• Cannot determine whether Bob is an internal or external collaborator
• Does not understand the structure of the file to validate risk
4. Many times ignores encrypted traffic
5. Assumes links are safe
• When files are shared as links there is no content to inspect
First, here’s our administrator, who would like to have better visibility and control over his dropbox users who can be anywhere. CLICK CLICK Some may be in the office on managed corporate laptops, some may be on unmanaged BYOD style devices on a park bench or at a coffee shop.
We start by steering this traffic through what we call our Elastica Gateway, which is a transparent forward proxy. The Elastica Gateway is now in line, in the flow of this Dropbox traffic, monitoring traffic as it comes through the the front door. But this isn’t enough, since we also have users who may not be going through our corporate network, and we’d still like to view activities and files that are being shared, or even view the contents of these files. For these we use an API that reaches directly into the application. Both these methods give us visibility and control into the cloud applications such as Dropbox, and allow us to create policy.
Now that you know how we’re seeing the activity, let’s take a look under the hood and see how we apply data science to analyze user behavior.
As it turns out, the best and only way to properly address these challenges is through Data Science. At Elastica, we’ve developed security methods that allow us to re-gain visibility and control of these applications. The engines we use are Data Science powered, and I’ll explain what this means, but in short there are three key elements we’ll look at here:
StreamIQ, which is observing user activity within these applications in very fine detail, ContentIQ which is inspecting the content of files and monitoring risk exposure, and ThreatScore which is profiling user behavior. These technologies allow us to monitor and control activity at a scale that was never before possible!
Let’s take a look at an example of how this works.
First, we have StreamIQ which is observing in very fine detail every click the user makes within each cloud-based application you choose to monitor. From StreamIQ we get deep visibility into encrypted cloud traffic we wouldn’t see otherwise, extracing all cloud service objects and activities - upload, download, share, delete, internal vs. external collaborators.
We pair this with our ContentIQ engine, which is inspecting the content of files that have been stored on these services to detect sensitive information. Natural language processors identify and understand context of various words within files.
Next, having data from StreamIQ and ContentIQ, we run dozens of machine learning models per user, to tease out weak signals that may indicate compromise, intentional malicious activity, or accidental risky behavior, we can assign a ThreatScore to profile each individual user’s behavior and assign a risk score to their activity.
Seem overwhelming? Fortunately, the benefit of automation is to make life easier, and that’s exactly what we’re doing here.
Let’s take a look at an example of how this all works.
Granular user activity analysis
StreamIQ™
Deep visibility into encrypted cloud traffic
Extracts all cloud service objects and activities (upload, download, share, delete)
Understands internal vs. external collaborators
Per-User ThreatScore™ Calculated
Dozens of machine learning models run per-user against StreamIQ™ events to tease out weak signals indicating compromise, intentional malicious activity, or accidental risky behavior
Never before possible at this scale (100’s of thousands of users) – harnessing the power of the cloud
Deep Content Inspection
ContentIQ™
Machine learning, semantic analysis, natural language processing, etc. used to provide accurate file classification and risk assessment (PII, PCI, HIPAA, Source Code, etc.)
Use the above in policy to easily alert, block, or remediate
FIRST: Let’s look at event extraction and recording. Alice here is going to Dropbox. The StreamIQ engine monitors her session and records every activity she performs. This includes things like what folders she views, who she collaborates with, what browser she uses, what geographical location she logs in from, this is deep visibility into encrypted cloud traffic in very fine details.
NEXT.
Granular user activity analysis
StreamIQ™
Deep visibility into encrypted cloud traffic
Extracts all cloud service objects and activities (upload, download, share, delete)
Understands internal vs. external collaborators
Per-User ThreatScore™ Calculated
Dozens of machine learning models run per-user against StreamIQ™ events to tease out weak signals indicating compromise, intentional malicious activity, or accidental risky behavior
Never before possible at this scale (100’s of thousands of users) – harnessing the power of the cloud
Deep Content Inspection
ContentIQ™
Machine learning, semantic analysis, natural language processing, etc. used to provide accurate file classification and risk assessment (PII, PCI, HIPAA, Source Code, etc.)
Use the above in policy to easily alert, block, or remediate
NEXT: Now that the first step is complete, we analyze the user behavior we saw previously. This detailed data from StreamIQ is analyzed to establish a baseline of what normal behavior is for alice. A unique graph is established for each individual user. Once the baseline is established, now we can look for anomalies. So now the question is , what happens when the user deviates from the norm and we begin to see suspicious activity?
Granular user activity analysis
StreamIQ™
Deep visibility into encrypted cloud traffic
Extracts all cloud service objects and activities (upload, download, share, delete)
Understands internal vs. external collaborators
Per-User ThreatScore™ Calculated
Dozens of machine learning models run per-user against StreamIQ™ events to tease out weak signals indicating compromise, intentional malicious activity, or accidental risky behavior
Never before possible at this scale (100’s of thousands of users) – harnessing the power of the cloud
Deep Content Inspection
ContentIQ™
Machine learning, semantic analysis, natural language processing, etc. used to provide accurate file classification and risk assessment (PII, PCI, HIPAA, Source Code, etc.)
Use the above in policy to easily alert, block, or remediate
SIMPLE: We dynamically assign a ThreatScore. CLICK Once the deviations are detected, these are examined and assigned a score. Modeling is performed to determine the risk of these deviations, and even weak signals, or what would be seemingly low-level anomalies can add up to a higher risk score when looked at in context. CLICK
Now that we’ve identified a risky behavior, we can take action. Lock out the device from accessing Dropbox, lock him out of all services, log the user out of single sign on, email an administrator, text an administrator, open a trouble ticket, etc.
The best part here is that all of this is automated, so less work for you.
Granular user activity analysis
StreamIQ™
Deep visibility into encrypted cloud traffic
Extracts all cloud service objects and activities (upload, download, share, delete)
Understands internal vs. external collaborators
Per-User ThreatScore™ Calculated
Dozens of machine learning models run per-user against StreamIQ™ events to tease out weak signals indicating compromise, intentional malicious activity, or accidental risky behavior
Never before possible at this scale (100’s of thousands of users) – harnessing the power of the cloud
Deep Content Inspection
ContentIQ™
Machine learning, semantic analysis, natural language processing, etc. used to provide accurate file classification and risk assessment (PII, PCI, HIPAA, Source Code, etc.)
Use the above in policy to easily alert, block, or remediate
That’s fine for file sharing, and threats, but what about identifying content of files? Traditional DLP already presents certain challenges with even seeing traffic when using SSL, and further, traditional DLP will typically depend on regex values, and be ignorant of context. This can lead to blind spots and false positives.
17
Elastica’s ContentIQ engine applies semantic analysis and natural language processing to not only identify keywords within files, but the context of those keywords. This in turn, leads to accurate file classification and risk assessment. Once you have this, you can use policy to easily alert, block or remediate.
Let’s take a look at a typical example of what i mean here: If you look closely at these three documents, any of us on this call could pretty easily determine that the one on the left is a patient health record containing personal information, the one in the middle is a doctor’s resume, and the one on the right is source code. A traditional DLP, however, might identify all three of these documents as containing Public Health Information content because they all happen to contain keywords that trigger it’s regular expression engine. Not so with Elastica! Since the ContentIQ engine understands natural language and context, it easily classified these documents properly and without false positives, leaving you more time to work on the more important things.
So to recap here, the Elastica CloudSOC is all about generating meaning to the data. We gather this data from API’s and the Elastica Gateway and even firewall logs, and apply data science to provide very granular visibility via the StreamIQ engine, identify content and risk using the ContentIQ, and identify suspicious behavior using the ThreatScore engine. And we then use this information to apply policy to safely enable these applications.
At this point, We’re very proud to show you the Elastica CloudSOC, applying all these tools I’ve mentioned. We’re going to jump to a demo now where you’ll get to see this technology in action.
Now that you’ve seen this, I hope we’ve been able to answer your questions about safely enabling Dropbox. We would love to ask you to give Elastica a try. Setting up an evaluation literally takes about 5 minutes, requires no hardware or software, and you can start gaining visibility into your Dropbox for Business accounts very quickly.
To get started, please contact your local sales team, or contact us directly here at Elastica to set up an evaluation today. Thanks, and we’ll look forward to seeing you on our next webinar!