SlideShare a Scribd company logo

Key note in nyc the next breach target and how oracle can help - nyoug

Ulf Mattsson
Ulf Mattsson

Old security approaches are based on finding malware and data leaks. This is like "boiling the ocean," since you are “patching” all possible data paths and data stores, and you may not even find a trace of an attack. New security approaches assume that you are under attack and focus instead on protecting the data itself, even in computer memory (the “target” for a growing number of attacks). This session discusses what companies can do now to prevent what happened to Target and others processing PII, PHI and PCI data. The Oracle Big Data Appliance is a critical part of the solution.

1 of 66
Download to read offline
TheTheTheThe Next Breach Target andNext Breach Target andNext Breach Target andNext Breach Target and HowHowHowHow Oracle can helpOracle can helpOracle can helpOracle can help Ulf Mattsson CTO, Protegrity Ulf.Mattsson AT protegrity.com
Working in Task Forces at Payment Card Industry Security Standards Council (PCI SSC): 1. PCI SSC Tokenization Task Force 2. PCI SSC Encryption Task Force 3. PCI SSC Point to Point Encryption Task Force 4. PCI SSC Risk Assessment SIG Ulf Mattsson & PCI Data Security Standards 5. PCI SSC eCommerce SIG 6. PCI SSC Cloud SIG 7. PCI SSC Virtualization SIG 8. PCI SSC Pre-Authorization SIG 9. PCI SSC Scoping SIG Working Group 2 10. PCI SSC 2013 – 2014 Tokenization Task Force (TkTF) 2
3
Mary Ann Davidson, Chief Security Officer, Oracle Corporation 4
5
Target Data Breach, U.S. Secret Service & iSIGHT Target CIO Beth Jacob resigned 6
$ Data Protection Breach Detection $ Threat Landscape 7 Regulatory $ Compliance Big Data $ Cyber Insurance $
Threat Landscape $ Data Protection Breach Detection $ 8 Regulatory $ Compliance Big Data $ Cyber Insurance $
THE CHANGING THREAT LANDSCAPETHREAT LANDSCAPE 9 How have the methods of attack shifted?
The 2014 Verizon Data Breach Investigations Report 10 Source: searchsecurity.techtarget.com/news/2240215422/In-2014-DBIR-preview-Verizon-says-data-breach-response-gap-widening The 2014 DBIR is expected to be released this spring
Security Improving but We Are Losing Ground 11
360 million email accounts 1.25 billion email addresses without passwords 105 million records were stolen in a single data breach The email addresses came from • All the major providers, including Google, Microsoft and Yahoo. The Biggest Cyber Attack Detected in Feb 2014 Yahoo. • Non-profit organizations • Almost all Fortune 500 companies were affected by the attacks • Some have not made their security breaches public According to the cybersecurity firm Hold Security LLC 12
New Malware Source: mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf 13
Total Malware Samples in McAfee Labs Database Source: mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf 14
Total Malicious Signed Malware Source: mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf 15
Targeted Malware Topped the Threats 16 62% said that the pressure to protect from data breaches also increased over the past year. Source: 2014 Trustwave Security Pressures Report
US and Canada - Targeted Malware Top Threat 17 In the United States and Canada, targeted malware was the top threat IT pros felt pressured to secure against, and in the U.K. and Germany, the top threat was phishing/social engineering. Respondents in each country surveyed said viruses and worms caused the lowest pressure. Source: 2014 Trustwave Security Pressures Report
Report: “Recent Cyber Intrusion Events Directed Toward Retail Firms” FBI uncovered 20 cyber attacks against retailers in the past year that utilized methods similar to Target incident Fallout – FBI Memory-Scraping Malware Warning "We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms' actions to mitigate it." Source: searchsecurity.techtarget.com/news/2240213143/FBI-warns-of-memory-scraping- malware-in-wake-of-Target-breach 18
Data Loss Worries IT Pros Most 19 Source: 2014 Trustwave Security Pressures Report
July 2012 - June 2013: 74 targeted cyber attacks/day • #1: Government/Public sector – 25.4% • #2: Energy sector - 16.3% Oct. 2012 - May 2013: The U.S. government's Industrial Control Systems Cyber Emergency Response Team responded to more than 200 incidents — 53% aimed at the energy sector. Energy Sector a Prime Target for Cyber Attacks energy sector. So far, there have not been any successful catastrophic attacks on the US energy grid, but there is ongoing debate about the risk of a "cyber Pearl Harbor" attack. Source: www.csoonline.com/article/748580/energy-sector-a-prime-target-for-cyber-attacks 20
UK Energy Companies Refused Insurance 21 www.itproportal.com/2014/02/27/uk-energy-companies-refused-insurance-due-to-inadequate-cyber-defences/#ixzz2ud7g2hmO
$ Data Protection Breach Detection $ Threat Landscape 22 Regulations $ & Compliance Big Data $ Cyber Insurance $
Cyber Insurance Increases 5x Globally Companies view on cyber risk http://www.strategic-risk-global.com/popularity-of-cyber-insurance-increases-five-fold-in-eight-years/1407324.article23 76% (up 19%)
Organizations worldwide are not "sufficiently protected" against cyber attack Cyber attack fallout could cost the global economy $3 trillion by 2020 The report states that if "attackers continue to get Cyber Attacks are a Real and Growing Threat better more quickly than defenders," as is presently the case, "this could result in a world where a 'cyberbacklash' decelerates digitization." 24 Source: McKinsey report on enterprise IT security implications released in January 2014.
TARGET DATA BREACHBREACH 25 What can we learn from the Target breach?
Memory Scraping Malware – Target Breach Payment Card Terminal Point Of Sale Application Memory Scraping Malware Authorization, Settlement … Web Server Memory Scraping Malware Russia 26
Credentials were stolen from Fazio Mechanical in a malware- injecting phishing attack sent to employees of the firm by email • Resulted in the theft of at least 40 million customer records containing financial data such as debit and credit card information. • In addition, roughly 70 million accounts were compromised that included addresses and mobile numbers. The data theft was caused by the installation of malware on How The Breach at Target Went Down the firm's point of sale machines • Free version of Malwarebytes Anti-Malware was used by Target The subsequent file dump containing customer data is reportedly flooding the black market • Starting point for the manufacture of fake bank cards, or provide data required for identity theft. Source: Brian Krebs and www.zdnet.com/how-hackers-stole-millions-of-credit- card-records-from-target-7000026299/ 27
It’s not like other businesses are using some special network security practices that Target doesn’t know about. They just haven’t been hit yet. No number of traps, bars, or alarms will keep out the determined thief. 28
$ Data Protection Breach Detection $ Threat Landscape 29 Regulations $ & Compliance Big Data $ Cyber Insurance $
THINKING LIKE A HACKERHACKER How can we shift from reactive to proactive thinking? 30
What if a Social Security number or Credit Card NumberCredit Card Number in the Hands of a Criminal was Useless? 31
TURNING THE TIDE 32 What new technologies and techniques can be used to prevent future attacks?
Coarse Grained Security • Access Controls • Volume Encryption • File Encryption Fine Grained Security Evolution of Data Security Methods Time Fine Grained Security • Access Controls • Field Encryption (AES & ) • Masking • Tokenization • Vaultless Tokenization 33
Old and flawed: Minimal access levels so people can only carry Access Control Risk High – can only carry out their jobs 34 Access Privilege Level I High I Low Low –
Applying the Protection Profile to the Structure of each Sensitive Data Fields allows forSensitive Data Fields allows for a Wider Range of Granular Authority Options 35
Risk High – Old: Minimal access levels – Least New : Much greater The New Data Protection - Tokenization Access Privilege Level I High I Low Low – levels – Least Privilege to avoid high risks Much greater flexibility and lower risk in data accessibility 36
Reduction of Pain with New Protection Techniques High Pain & TCO Strong Encryption AES, 3DES Format Preserving Encryption DTP, FPE Input Value: 3872 3789 1620 3675 !@#$%a^.,mhu7///&*B()_+!@ 8278 2789 2990 2789 37 1970 2000 2005 2010 Low Vault-based Tokenization Vaultless Tokenization 8278 2789 2990 2789 Format Preserving Greatly reduced Key Management No Vault 8278 2789 2990 2789
Research Brief Tokenization Gets Traction Aberdeen has seen a steady increase in enterprise use of tokenization for protecting sensitive data over encryption Nearly half of the respondents (47%) are currently using tokenization for something other than cardholder data Over the last 12 months, tokenization users had 50% fewer security-related incidents than tokenization non- users 38 Source: http://www.protegrity.com/2012/08/tokenization-gets-traction-from-aberdeen/
Security of Different Protection Methods High Security Level I Format Preserving Encryption I Vaultless Data Tokenization I AES CBC Encryption Standard I Basic Data Tokenization 39 Low
Fine Grained Data Security Methods Tokenization and Encryption are Different Used Approach Cipher System Code System Cryptographic algorithms Cryptographic keys TokenizationEncryption 40 Cryptographic keys Code books Index tokens Source: McGraw-HILL ENCYPLOPEDIA OF SCIENCE & TECHNOLOGY
10 000 000 - 1 000 000 - 100 000 - 10 000 - Transactions per second* Speed of Different Protection Methods 10 000 - 1 000 - 100 - I Format Preserving Encryption I Vaultless Data Tokenization I AES CBC Encryption Standard I Vault-based Data Tokenization *: Speed will depend on the configuration 41
Different Tokenization Approaches Property Dynamic Pre-generated Vaultless Vault-based 42
$ Data Protection Breach Detection $ Threat Landscape 43 Regulations $ & Compliance Big Data $ Cyber Insurance $
Use Case How Should I Secure Different Data? Simple – PCI PII Encryption of Files Card Holder Data Tokenization of Fields Personally Identifiable Information Type of Data I Structured I Un-structured Complex – PHI Protected Health Information 44 Personally Identifiable Information
Examples: De-Identified Sensitive Data Field Real Data Tokenized / Pseudonymized Name Joe Smith csu wusoj Address 100 Main Street, Pleasantville, CA 476 srta coetse, cysieondusbak, CA Date of Birth 12/25/1966 01/02/1966 Telephone 760-278-3389 760-389-2289 E-Mail Address joe.smith@surferdude.org eoe.nwuer@beusorpdqo.org SSN 076-39-2778 076-28-3390 CC Number 3678 2289 3907 3378 3846 2290 3371 3378 Business URL www.surferdude.com www.sheyinctao.com Fingerprint Encrypted Photo Encrypted X-Ray Encrypted Healthcare / Financial Services Dr. visits, prescriptions, hospital stays and discharges, clinical, billing, etc. Financial Services Consumer Products and activities Protection methods can be equally applied to the actual data, but not needed with de-identification 45
USA law, originally passed in 1996 Defines “Protected Health Information” (PHI) Updated by the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 Health Information Portability and Accountability Act (HIPAA) Most recently, the Omnibus final rule came into effect September 2013 Now requires both organizations that handle PHI and their business partners to protect sensitive information 46
1. Names 2. All geographical subdivisions smaller than a State 3. All elements of dates (except year) related to individual 4. Phone numbers 5. Fax numbers 11. Certificate/license numbers 12. Vehicle identifiers and serial numbers 13. Device identifiers and serial numbers 14. Web Universal Resource Locators (URLs) US Heath Information Portability and Accountability Act – HIPAA 6. Electronic mail addresses 7. Social Security numbers 8. Medical record numbers 9. Health plan beneficiary numbers 10. Account numbers 47 15. Internet Protocol (IP) address numbers 16. Biometric identifiers, including finger prints 17. Full face photographic images 18. Any other unique identifying number
$ Data Protection Breach Detection $ Threat Landscape 48 Regulations $ & Compliance Big Data $ Cyber Insurance $
THE CHANGING TECHNOLOGYTECHNOLOGY LANDSCAPE What effect, if any, does the rise of “Big Data” have on breaches? 49
Holes in Big Data… 50 Source: Gartner
Many Ways to Hack Big Data 51 Hackers & APT Rogue Privileged Users Unvetted Applications Or Ad Hoc Processes
Many Ways to Hack Big Data MapReduce (Job Scheduling/Execution System) Pig (Data Flow) Hive (SQL) Sqoop ETL Tools BI Reporting RDBMS Avro(Serialization) Zookeeper(Coordination) Hackers Unvetted Applications Or Ad Hoc Processes Source: http://nosql.mypopescu.com/post/1473423255/apache-hadoop-and-hbase 52 HDFS (Hadoop Distributed File System) Hbase (Column DB) Avro(Serialization) Zookeeper(Coordination) Privileged Users
Big Data (Hadoop) was designed for data access, not security Security in a read-only environment introduces new challenges Massive scalability and performance requirements Big Data Vulnerabilities and Concerns Sensitive data regulations create a barrier to usability, as data cannot be stored or transferred in the clear Transparency and data insight are required for ROI on Big Data 53
BIG DATA 54 Protecting the data flow & Catching attackers
$ Data Protection Breach Detection $ Threat Landscape 55 Regulations $ & Compliance Big Data $ Cyber Insurance $
Oracle’s Big Data Platform 056 123456 123456 1234 123456 999999 1234
Tokenization Reducing Attack Surface 123456 123456 1234 Tokenization on Each Node 57
$ Data Protection Breach Detection $ Threat Landscape 58 Regulations $ & Compliance Big Data $ Cyber Insurance $
Current Breach Discovery Methods 59 Verizon 2013 Data-breach-investigations-report & 451 Research
Use Big Data to Analyze Abnormal Usage Pattern Payment Card Terminal Point Of Sale Application Memory Scraping Malware Authorization, Settlement … Web Server Memory Scraping Malware Russia Big Data Analytics ?
You must assume the systems will be breached. Once breached, how do you know you've been compromised? You have to baseline and understand what 'goodness' looks like and look for deviations from goodness McAfee and Symantec can't tell you what normal looks like in your own systems. CISOs say SIEM Not Good for Security Analytics own systems. Only monitoring anomalies can do that Monitoring could be focused on a variety of network and end-user activities, including network flow data, file activity and even going all the way down to the packets Source: 2014 RSA Conference, moderator Neil MacDonald, vice president at Gartner 61
$ Data Protection Breach Detection $ Threat Landscape 62 Regulations $ & Compliance Big Data $ Cyber Insurance $
Open Security Analytics Framework & Big Data 63 Source: Emc.com/collateral/white-paper/h12878-rsa-pivotal-security-big-data-reference-architecture Enterprise Data Lake
Conclusions What happened at Target? • Modern customized malware can be very hard to detect • They were compliant, but not secure Changing threat landscape & challenges to secure data: • Attackers are looking for not just payment data – a more serious problem. • IDS systems are lacking context needed to catch data theft 64 • SIEM detection is too slow in handling large amounts of events. How can we prevent what happened to Target and the next attack against our sensitive data? • Assume that we are under attack - proactive protection of the data itself • We need to analyze event information and context to catch modern attackers • The Oracle Big Data Appliance can provide the foundation for solving this problem
Protegrity Summary Proven enterprise data security software and innovation leader • Sole focus on the protection of data • Patented Technology, Continuing to Drive Innovation Cross-industry applicability • Retail, Hospitality, Travel and TransportationTransportation • Financial Services, Insurance, Banking • Healthcare • Telecommunications, Media and Entertainment • Manufacturing and Government 65
Thank you!Thank you! Questions? Please contact us for more information http://www.protegrity.com/news-resources/collateral/ Ulf.Mattsson AT protegrity.com

Recommended

New york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattssonNew york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattsson
Ulf Mattsson
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big data
Ulf Mattsson
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...
Ulf Mattsson
 
Securing data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCSecuring data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYC
Ulf Mattsson
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
Ulf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
Ulf Mattsson
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computation
Ulf Mattsson
 
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Ulf Mattsson
 

Recommended

New york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattssonNew york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattsson
Ulf Mattsson
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big data
Ulf Mattsson
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...
Ulf Mattsson
 
Securing data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYCSecuring data today and in the future - Oracle NYC
Securing data today and in the future - Oracle NYC
Ulf Mattsson
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
Ulf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
Ulf Mattsson
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computation
Ulf Mattsson
 
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Bridging the gap between privacy and big data Ulf Mattsson - Protegrity Sep 10
Ulf Mattsson
 
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Ulf Mattsson
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
Ulf Mattsson
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
Ulf Mattsson
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
Ulf Mattsson
 
The past, present, and future of big data security
The past, present, and future of big data securityThe past, present, and future of big data security
The past, present, and future of big data security
Ulf Mattsson
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscape
Ulf Mattsson
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Ulf Mattsson
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 
Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011 Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011
Ulf Mattsson
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacy
Ulf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
Ulf Mattsson
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
Ulf Mattsson
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
Ulf Mattsson
 
Future data security ‘will come from several sources’
Future data security ‘will come from several sources’Future data security ‘will come from several sources’
Future data security ‘will come from several sources’
John Davis
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
Ulf Mattsson
 
BigData and Privacy webinar at Brighttalk
BigData and Privacy webinar at BrighttalkBigData and Privacy webinar at Brighttalk
BigData and Privacy webinar at Brighttalk
Ulf Mattsson
 
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data security
Ulf Mattsson
 
Next generation data protection and security for oracle users - gdpr blockc...
Next generation data protection and security for oracle users - gdpr blockc...Next generation data protection and security for oracle users - gdpr blockc...
Next generation data protection and security for oracle users - gdpr blockc...
Ulf Mattsson
 
RSA大会2009-2010分析
RSA大会2009-2010分析RSA大会2009-2010分析
RSA大会2009-2010分析
Jordan Pan
 
What I Learned at RSAC 2020
What I Learned at RSAC 2020What I Learned at RSAC 2020
What I Learned at RSAC 2020
Ulf Mattsson
 
314 The Open Access Education Revolution Richard Baraniuk
314 The Open Access Education Revolution Richard Baraniuk314 The Open Access Education Revolution Richard Baraniuk
314 The Open Access Education Revolution Richard BaraniukSURFfoundation
 
Mpibook1
Mpibook1Mpibook1
Mpibook1guest30f850
 

More Related Content

What's hot

Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Ulf Mattsson
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
Ulf Mattsson
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
Ulf Mattsson
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
Ulf Mattsson
 
The past, present, and future of big data security
The past, present, and future of big data securityThe past, present, and future of big data security
The past, present, and future of big data security
Ulf Mattsson
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscape
Ulf Mattsson
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Ulf Mattsson
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 
Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011 Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011
Ulf Mattsson
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacy
Ulf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
Ulf Mattsson
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
Ulf Mattsson
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
Ulf Mattsson
 
Future data security ‘will come from several sources’
Future data security ‘will come from several sources’Future data security ‘will come from several sources’
Future data security ‘will come from several sources’
John Davis
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
Ulf Mattsson
 
BigData and Privacy webinar at Brighttalk
BigData and Privacy webinar at BrighttalkBigData and Privacy webinar at Brighttalk
BigData and Privacy webinar at Brighttalk
Ulf Mattsson
 
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data security
Ulf Mattsson
 
Next generation data protection and security for oracle users - gdpr blockc...
Next generation data protection and security for oracle users - gdpr blockc...Next generation data protection and security for oracle users - gdpr blockc...
Next generation data protection and security for oracle users - gdpr blockc...
Ulf Mattsson
 
RSA大会2009-2010分析
RSA大会2009-2010分析RSA大会2009-2010分析
RSA大会2009-2010分析
Jordan Pan
 
What I Learned at RSAC 2020
What I Learned at RSAC 2020What I Learned at RSAC 2020
What I Learned at RSAC 2020
Ulf Mattsson
 

What's hot (20)

Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonAtlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
Atlanta ISSA 2010 Enterprise Data Protection Ulf Mattsson
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
 
The past, present, and future of big data security
The past, present, and future of big data securityThe past, present, and future of big data security
The past, present, and future of big data security
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscape
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011 Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacy
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
 
Future data security ‘will come from several sources’
Future data security ‘will come from several sources’Future data security ‘will come from several sources’
Future data security ‘will come from several sources’
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 
BigData and Privacy webinar at Brighttalk
BigData and Privacy webinar at BrighttalkBigData and Privacy webinar at Brighttalk
BigData and Privacy webinar at Brighttalk
 
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data security
 
Next generation data protection and security for oracle users - gdpr blockc...
Next generation data protection and security for oracle users - gdpr blockc...Next generation data protection and security for oracle users - gdpr blockc...
Next generation data protection and security for oracle users - gdpr blockc...
 
RSA大会2009-2010分析
RSA大会2009-2010分析RSA大会2009-2010分析
RSA大会2009-2010分析
 
What I Learned at RSAC 2020
What I Learned at RSAC 2020What I Learned at RSAC 2020
What I Learned at RSAC 2020
 

Viewers also liked

314 The Open Access Education Revolution Richard Baraniuk
314 The Open Access Education Revolution Richard Baraniuk314 The Open Access Education Revolution Richard Baraniuk
314 The Open Access Education Revolution Richard BaraniukSURFfoundation
 
414 Meerwaarde Web 2.0, Van Vliet, Onstenk
414 Meerwaarde Web 2.0, Van Vliet, Onstenk414 Meerwaarde Web 2.0, Van Vliet, Onstenk
414 Meerwaarde Web 2.0, Van Vliet, OnstenkSURFfoundation
 
718 Lichtpaden Hbo En Mbo Rutten En Van Der Vorst
718 Lichtpaden Hbo En Mbo Rutten En Van Der Vorst718 Lichtpaden Hbo En Mbo Rutten En Van Der Vorst
718 Lichtpaden Hbo En Mbo Rutten En Van Der VorstSURFfoundation
 
Beurs Slim Gebruik Van Acrobat En Pdf In Het Onderwijs, Colin Van Oosterhout
Beurs Slim Gebruik Van Acrobat En Pdf In Het Onderwijs, Colin Van OosterhoutBeurs Slim Gebruik Van Acrobat En Pdf In Het Onderwijs, Colin Van Oosterhout
Beurs Slim Gebruik Van Acrobat En Pdf In Het Onderwijs, Colin Van OosterhoutSURFfoundation
 
Target Breach Analysis
Target Breach AnalysisTarget Breach Analysis
Target Breach Analysis
Tal Be'ery
 

Viewers also liked (6)

314 The Open Access Education Revolution Richard Baraniuk
314 The Open Access Education Revolution Richard Baraniuk314 The Open Access Education Revolution Richard Baraniuk
314 The Open Access Education Revolution Richard Baraniuk
 
Mpibook1
Mpibook1Mpibook1
Mpibook1
 
414 Meerwaarde Web 2.0, Van Vliet, Onstenk
414 Meerwaarde Web 2.0, Van Vliet, Onstenk414 Meerwaarde Web 2.0, Van Vliet, Onstenk
414 Meerwaarde Web 2.0, Van Vliet, Onstenk
 
718 Lichtpaden Hbo En Mbo Rutten En Van Der Vorst
718 Lichtpaden Hbo En Mbo Rutten En Van Der Vorst718 Lichtpaden Hbo En Mbo Rutten En Van Der Vorst
718 Lichtpaden Hbo En Mbo Rutten En Van Der Vorst
 
Beurs Slim Gebruik Van Acrobat En Pdf In Het Onderwijs, Colin Van Oosterhout
Beurs Slim Gebruik Van Acrobat En Pdf In Het Onderwijs, Colin Van OosterhoutBeurs Slim Gebruik Van Acrobat En Pdf In Het Onderwijs, Colin Van Oosterhout
Beurs Slim Gebruik Van Acrobat En Pdf In Het Onderwijs, Colin Van Oosterhout
 
Target Breach Analysis
Target Breach AnalysisTarget Breach Analysis
Target Breach Analysis
 

Similar to Key note in nyc the next breach target and how oracle can help - nyoug

The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
Ulf Mattsson
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
Ulf Mattsson
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonUlf Mattsson
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
galagirishp
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
10 things you should know about cybersecurity
10 things you should know about cybersecurity10 things you should know about cybersecurity
10 things you should know about cybersecurity
United Technology Group (UTG)
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special Edition
CBIZ, Inc.
 
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and AdaptabilityPat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
itnewsafrica
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
Accenture Insurance
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
NetIQ
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptx
RambilashTudu
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
TechBiz Forense Digital
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Argyle Executive Forum
 
Combating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCombating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced Analytics
Cognizant
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloud
Ulf Mattsson
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...
Ulf Mattsson
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
Santiago Cavanna
 
5 Security Trends to Watch in 2020
5 Security Trends to Watch in 20205 Security Trends to Watch in 2020
5 Security Trends to Watch in 2020
Dharmendra Rama
 

Similar to Key note in nyc the next breach target and how oracle can help - nyoug (20)

The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattsson
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
10 things you should know about cybersecurity
10 things you should know about cybersecurity10 things you should know about cybersecurity
10 things you should know about cybersecurity
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special Edition
 
Digital Resilience flipbook
Digital Resilience flipbookDigital Resilience flipbook
Digital Resilience flipbook
 
Digital Resilience flipbook
Digital Resilience flipbookDigital Resilience flipbook
Digital Resilience flipbook
 
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and AdaptabilityPat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptx
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
 
Combating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCombating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced Analytics
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloud
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
5 Security Trends to Watch in 2020
5 Security Trends to Watch in 20205 Security Trends to Watch in 2020
5 Security Trends to Watch in 2020
 

More from Ulf Mattsson

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
Ulf Mattsson
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Ulf Mattsson
 
Book
BookBook
Book
Ulf Mattsson
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
Ulf Mattsson
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
Ulf Mattsson
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
Ulf Mattsson
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
Ulf Mattsson
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
Ulf Mattsson
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
Ulf Mattsson
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
Ulf Mattsson
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
Ulf Mattsson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
Ulf Mattsson
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
Ulf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
Ulf Mattsson
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Ulf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
Ulf Mattsson
 

More from Ulf Mattsson (18)

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Book
BookBook
Book
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 

Recently uploaded

GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 

Recently uploaded (20)

GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 

Key note in nyc the next breach target and how oracle can help - nyoug

  • 1. TheTheTheThe Next Breach Target andNext Breach Target andNext Breach Target andNext Breach Target and HowHowHowHow Oracle can helpOracle can helpOracle can helpOracle can help Ulf Mattsson CTO, Protegrity Ulf.Mattsson AT protegrity.com
  • 2. Working in Task Forces at Payment Card Industry Security Standards Council (PCI SSC): 1. PCI SSC Tokenization Task Force 2. PCI SSC Encryption Task Force 3. PCI SSC Point to Point Encryption Task Force 4. PCI SSC Risk Assessment SIG Ulf Mattsson & PCI Data Security Standards 5. PCI SSC eCommerce SIG 6. PCI SSC Cloud SIG 7. PCI SSC Virtualization SIG 8. PCI SSC Pre-Authorization SIG 9. PCI SSC Scoping SIG Working Group 2 10. PCI SSC 2013 – 2014 Tokenization Task Force (TkTF) 2
  • 3. 3
  • 4. Mary Ann Davidson, Chief Security Officer, Oracle Corporation 4
  • 5. 5
  • 6. Target Data Breach, U.S. Secret Service & iSIGHT Target CIO Beth Jacob resigned 6
  • 7. $ Data Protection Breach Detection $ Threat Landscape 7 Regulatory $ Compliance Big Data $ Cyber Insurance $
  • 8. Threat Landscape $ Data Protection Breach Detection $ 8 Regulatory $ Compliance Big Data $ Cyber Insurance $
  • 9. THE CHANGING THREAT LANDSCAPETHREAT LANDSCAPE 9 How have the methods of attack shifted?
  • 10. The 2014 Verizon Data Breach Investigations Report 10 Source: searchsecurity.techtarget.com/news/2240215422/In-2014-DBIR-preview-Verizon-says-data-breach-response-gap-widening The 2014 DBIR is expected to be released this spring
  • 11. Security Improving but We Are Losing Ground 11
  • 12. 360 million email accounts 1.25 billion email addresses without passwords 105 million records were stolen in a single data breach The email addresses came from • All the major providers, including Google, Microsoft and Yahoo. The Biggest Cyber Attack Detected in Feb 2014 Yahoo. • Non-profit organizations • Almost all Fortune 500 companies were affected by the attacks • Some have not made their security breaches public According to the cybersecurity firm Hold Security LLC 12
  • 14. Total Malware Samples in McAfee Labs Database Source: mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf 14
  • 15. Total Malicious Signed Malware Source: mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf 15
  • 16. Targeted Malware Topped the Threats 16 62% said that the pressure to protect from data breaches also increased over the past year. Source: 2014 Trustwave Security Pressures Report
  • 17. US and Canada - Targeted Malware Top Threat 17 In the United States and Canada, targeted malware was the top threat IT pros felt pressured to secure against, and in the U.K. and Germany, the top threat was phishing/social engineering. Respondents in each country surveyed said viruses and worms caused the lowest pressure. Source: 2014 Trustwave Security Pressures Report
  • 18. Report: “Recent Cyber Intrusion Events Directed Toward Retail Firms” FBI uncovered 20 cyber attacks against retailers in the past year that utilized methods similar to Target incident Fallout – FBI Memory-Scraping Malware Warning "We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms' actions to mitigate it." Source: searchsecurity.techtarget.com/news/2240213143/FBI-warns-of-memory-scraping- malware-in-wake-of-Target-breach 18
  • 19. Data Loss Worries IT Pros Most 19 Source: 2014 Trustwave Security Pressures Report
  • 20. July 2012 - June 2013: 74 targeted cyber attacks/day • #1: Government/Public sector – 25.4% • #2: Energy sector - 16.3% Oct. 2012 - May 2013: The U.S. government's Industrial Control Systems Cyber Emergency Response Team responded to more than 200 incidents — 53% aimed at the energy sector. Energy Sector a Prime Target for Cyber Attacks energy sector. So far, there have not been any successful catastrophic attacks on the US energy grid, but there is ongoing debate about the risk of a "cyber Pearl Harbor" attack. Source: www.csoonline.com/article/748580/energy-sector-a-prime-target-for-cyber-attacks 20
  • 21. UK Energy Companies Refused Insurance 21 www.itproportal.com/2014/02/27/uk-energy-companies-refused-insurance-due-to-inadequate-cyber-defences/#ixzz2ud7g2hmO
  • 22. $ Data Protection Breach Detection $ Threat Landscape 22 Regulations $ & Compliance Big Data $ Cyber Insurance $
  • 23. Cyber Insurance Increases 5x Globally Companies view on cyber risk http://www.strategic-risk-global.com/popularity-of-cyber-insurance-increases-five-fold-in-eight-years/1407324.article23 76% (up 19%)
  • 24. Organizations worldwide are not "sufficiently protected" against cyber attack Cyber attack fallout could cost the global economy $3 trillion by 2020 The report states that if "attackers continue to get Cyber Attacks are a Real and Growing Threat better more quickly than defenders," as is presently the case, "this could result in a world where a 'cyberbacklash' decelerates digitization." 24 Source: McKinsey report on enterprise IT security implications released in January 2014.
  • 25. TARGET DATA BREACHBREACH 25 What can we learn from the Target breach?
  • 26. Memory Scraping Malware – Target Breach Payment Card Terminal Point Of Sale Application Memory Scraping Malware Authorization, Settlement … Web Server Memory Scraping Malware Russia 26
  • 27. Credentials were stolen from Fazio Mechanical in a malware- injecting phishing attack sent to employees of the firm by email • Resulted in the theft of at least 40 million customer records containing financial data such as debit and credit card information. • In addition, roughly 70 million accounts were compromised that included addresses and mobile numbers. The data theft was caused by the installation of malware on How The Breach at Target Went Down the firm's point of sale machines • Free version of Malwarebytes Anti-Malware was used by Target The subsequent file dump containing customer data is reportedly flooding the black market • Starting point for the manufacture of fake bank cards, or provide data required for identity theft. Source: Brian Krebs and www.zdnet.com/how-hackers-stole-millions-of-credit- card-records-from-target-7000026299/ 27
  • 28. It’s not like other businesses are using some special network security practices that Target doesn’t know about. They just haven’t been hit yet. No number of traps, bars, or alarms will keep out the determined thief. 28
  • 29. $ Data Protection Breach Detection $ Threat Landscape 29 Regulations $ & Compliance Big Data $ Cyber Insurance $
  • 30. THINKING LIKE A HACKERHACKER How can we shift from reactive to proactive thinking? 30
  • 31. What if a Social Security number or Credit Card NumberCredit Card Number in the Hands of a Criminal was Useless? 31
  • 32. TURNING THE TIDE 32 What new technologies and techniques can be used to prevent future attacks?
  • 33. Coarse Grained Security • Access Controls • Volume Encryption • File Encryption Fine Grained Security Evolution of Data Security Methods Time Fine Grained Security • Access Controls • Field Encryption (AES & ) • Masking • Tokenization • Vaultless Tokenization 33
  • 34. Old and flawed: Minimal access levels so people can only carry Access Control Risk High – can only carry out their jobs 34 Access Privilege Level I High I Low Low –
  • 35. Applying the Protection Profile to the Structure of each Sensitive Data Fields allows forSensitive Data Fields allows for a Wider Range of Granular Authority Options 35
  • 36. Risk High – Old: Minimal access levels – Least New : Much greater The New Data Protection - Tokenization Access Privilege Level I High I Low Low – levels – Least Privilege to avoid high risks Much greater flexibility and lower risk in data accessibility 36
  • 37. Reduction of Pain with New Protection Techniques High Pain & TCO Strong Encryption AES, 3DES Format Preserving Encryption DTP, FPE Input Value: 3872 3789 1620 3675 !@#$%a^.,mhu7///&*B()_+!@ 8278 2789 2990 2789 37 1970 2000 2005 2010 Low Vault-based Tokenization Vaultless Tokenization 8278 2789 2990 2789 Format Preserving Greatly reduced Key Management No Vault 8278 2789 2990 2789
  • 38. Research Brief Tokenization Gets Traction Aberdeen has seen a steady increase in enterprise use of tokenization for protecting sensitive data over encryption Nearly half of the respondents (47%) are currently using tokenization for something other than cardholder data Over the last 12 months, tokenization users had 50% fewer security-related incidents than tokenization non- users 38 Source: http://www.protegrity.com/2012/08/tokenization-gets-traction-from-aberdeen/
  • 39. Security of Different Protection Methods High Security Level I Format Preserving Encryption I Vaultless Data Tokenization I AES CBC Encryption Standard I Basic Data Tokenization 39 Low
  • 40. Fine Grained Data Security Methods Tokenization and Encryption are Different Used Approach Cipher System Code System Cryptographic algorithms Cryptographic keys TokenizationEncryption 40 Cryptographic keys Code books Index tokens Source: McGraw-HILL ENCYPLOPEDIA OF SCIENCE & TECHNOLOGY
  • 41. 10 000 000 - 1 000 000 - 100 000 - 10 000 - Transactions per second* Speed of Different Protection Methods 10 000 - 1 000 - 100 - I Format Preserving Encryption I Vaultless Data Tokenization I AES CBC Encryption Standard I Vault-based Data Tokenization *: Speed will depend on the configuration 41
  • 42. Different Tokenization Approaches Property Dynamic Pre-generated Vaultless Vault-based 42
  • 43. $ Data Protection Breach Detection $ Threat Landscape 43 Regulations $ & Compliance Big Data $ Cyber Insurance $
  • 44. Use Case How Should I Secure Different Data? Simple – PCI PII Encryption of Files Card Holder Data Tokenization of Fields Personally Identifiable Information Type of Data I Structured I Un-structured Complex – PHI Protected Health Information 44 Personally Identifiable Information
  • 45. Examples: De-Identified Sensitive Data Field Real Data Tokenized / Pseudonymized Name Joe Smith csu wusoj Address 100 Main Street, Pleasantville, CA 476 srta coetse, cysieondusbak, CA Date of Birth 12/25/1966 01/02/1966 Telephone 760-278-3389 760-389-2289 E-Mail Address joe.smith@surferdude.org eoe.nwuer@beusorpdqo.org SSN 076-39-2778 076-28-3390 CC Number 3678 2289 3907 3378 3846 2290 3371 3378 Business URL www.surferdude.com www.sheyinctao.com Fingerprint Encrypted Photo Encrypted X-Ray Encrypted Healthcare / Financial Services Dr. visits, prescriptions, hospital stays and discharges, clinical, billing, etc. Financial Services Consumer Products and activities Protection methods can be equally applied to the actual data, but not needed with de-identification 45
  • 46. USA law, originally passed in 1996 Defines “Protected Health Information” (PHI) Updated by the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 Health Information Portability and Accountability Act (HIPAA) Most recently, the Omnibus final rule came into effect September 2013 Now requires both organizations that handle PHI and their business partners to protect sensitive information 46
  • 47. 1. Names 2. All geographical subdivisions smaller than a State 3. All elements of dates (except year) related to individual 4. Phone numbers 5. Fax numbers 11. Certificate/license numbers 12. Vehicle identifiers and serial numbers 13. Device identifiers and serial numbers 14. Web Universal Resource Locators (URLs) US Heath Information Portability and Accountability Act – HIPAA 6. Electronic mail addresses 7. Social Security numbers 8. Medical record numbers 9. Health plan beneficiary numbers 10. Account numbers 47 15. Internet Protocol (IP) address numbers 16. Biometric identifiers, including finger prints 17. Full face photographic images 18. Any other unique identifying number
  • 48. $ Data Protection Breach Detection $ Threat Landscape 48 Regulations $ & Compliance Big Data $ Cyber Insurance $
  • 49. THE CHANGING TECHNOLOGYTECHNOLOGY LANDSCAPE What effect, if any, does the rise of “Big Data” have on breaches? 49
  • 50. Holes in Big Data… 50 Source: Gartner
  • 51. Many Ways to Hack Big Data 51 Hackers & APT Rogue Privileged Users Unvetted Applications Or Ad Hoc Processes
  • 52. Many Ways to Hack Big Data MapReduce (Job Scheduling/Execution System) Pig (Data Flow) Hive (SQL) Sqoop ETL Tools BI Reporting RDBMS Avro(Serialization) Zookeeper(Coordination) Hackers Unvetted Applications Or Ad Hoc Processes Source: http://nosql.mypopescu.com/post/1473423255/apache-hadoop-and-hbase 52 HDFS (Hadoop Distributed File System) Hbase (Column DB) Avro(Serialization) Zookeeper(Coordination) Privileged Users
  • 53. Big Data (Hadoop) was designed for data access, not security Security in a read-only environment introduces new challenges Massive scalability and performance requirements Big Data Vulnerabilities and Concerns Sensitive data regulations create a barrier to usability, as data cannot be stored or transferred in the clear Transparency and data insight are required for ROI on Big Data 53
  • 54. BIG DATA 54 Protecting the data flow & Catching attackers
  • 55. $ Data Protection Breach Detection $ Threat Landscape 55 Regulations $ & Compliance Big Data $ Cyber Insurance $
  • 56. Oracle’s Big Data Platform 056 123456 123456 1234 123456 999999 1234
  • 57. Tokenization Reducing Attack Surface 123456 123456 1234 Tokenization on Each Node 57
  • 58. $ Data Protection Breach Detection $ Threat Landscape 58 Regulations $ & Compliance Big Data $ Cyber Insurance $
  • 59. Current Breach Discovery Methods 59 Verizon 2013 Data-breach-investigations-report & 451 Research
  • 60. Use Big Data to Analyze Abnormal Usage Pattern Payment Card Terminal Point Of Sale Application Memory Scraping Malware Authorization, Settlement … Web Server Memory Scraping Malware Russia Big Data Analytics ?
  • 61. You must assume the systems will be breached. Once breached, how do you know you've been compromised? You have to baseline and understand what 'goodness' looks like and look for deviations from goodness McAfee and Symantec can't tell you what normal looks like in your own systems. CISOs say SIEM Not Good for Security Analytics own systems. Only monitoring anomalies can do that Monitoring could be focused on a variety of network and end-user activities, including network flow data, file activity and even going all the way down to the packets Source: 2014 RSA Conference, moderator Neil MacDonald, vice president at Gartner 61
  • 62. $ Data Protection Breach Detection $ Threat Landscape 62 Regulations $ & Compliance Big Data $ Cyber Insurance $
  • 63. Open Security Analytics Framework & Big Data 63 Source: Emc.com/collateral/white-paper/h12878-rsa-pivotal-security-big-data-reference-architecture Enterprise Data Lake
  • 64. Conclusions What happened at Target? • Modern customized malware can be very hard to detect • They were compliant, but not secure Changing threat landscape & challenges to secure data: • Attackers are looking for not just payment data – a more serious problem. • IDS systems are lacking context needed to catch data theft 64 • SIEM detection is too slow in handling large amounts of events. How can we prevent what happened to Target and the next attack against our sensitive data? • Assume that we are under attack - proactive protection of the data itself • We need to analyze event information and context to catch modern attackers • The Oracle Big Data Appliance can provide the foundation for solving this problem
  • 65. Protegrity Summary Proven enterprise data security software and innovation leader • Sole focus on the protection of data • Patented Technology, Continuing to Drive Innovation Cross-industry applicability • Retail, Hospitality, Travel and TransportationTransportation • Financial Services, Insurance, Banking • Healthcare • Telecommunications, Media and Entertainment • Manufacturing and Government 65
  • 66. Thank you!Thank you! Questions? Please contact us for more information http://www.protegrity.com/news-resources/collateral/ Ulf.Mattsson AT protegrity.com