This document provides an overview and agenda for a Security Bootcamp event taking place from December 28-30, 2012. The bootcamp will cover topics related to data compliance, dynamic access control in Windows Server 2012, and demonstrations of compliance controls, expression-based auditing and access conditions, centralized access policies, and classification-based encryption. Speakers will discuss challenges around data leakage, distributed information, and regulatory compliance. The accompanying demonstration lab will showcase how to implement central access policies and conditional access rules to files on a file server based on user and device claims as well as file properties defined in Active Directory.
NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh ĐứcSecurity Bootcamp
This document discusses using big data analytics to improve upon traditional SIEM (Security Information and Event Management) solutions for network security monitoring. It notes that SIEMs have performance limits, cannot handle large varieties of data, and lack real-time correlation and analysis abilities. Big data solutions using the Hadoop ecosystem can overcome these issues through security analytics techniques like classification, correlation, clustering, affinity grouping, aggregation, and statistical analysis applied to large magnitudes of network and system data. This would allow for behavior-based anomaly detection rather than solely signature-based detection and anomaly detection of user network access. The document suggests network security managers can build their own "next-gen" network security monitoring systems using these big data analytics techniques.
The document provides an overview of an office of the chief information security officer (CISO). It discusses the CISO's focus on strategic security areas like business policy, infrastructure security, and monitoring. It also covers detection of security issues like brute force attacks, insider threats, and malware activity. Metrics for security functions like incident management, vulnerability management, and patch management are defined. The document concludes by inviting questions or comments.
In January IBM Security Systems has announced a new solution wherein it combines the security intelligence capabilities of QRadar SIEM and Big Data + analytics to
Healthcare info tech systems cyber threats ABI conference 2016Amgad Magdy
Healthcare becomes one of major economic and social problems around the world. Also security and privacy challenges in the healthcare sector is a growing issue , The psychology and sociology of information technology users in healthcare sector have problems to raise awareness about cyber security issues and the efforts that do aim to protect patient health do not equal the efforts that do to protect healthcare systems and records from daily cyber threats. Recent events have made clear that hackers will find opportunities to exploit flaws in the way healthcare organizations try to manage patient data with wrong mission and outdated approach, so it will lead to data protection failure. Healthcare organizations have lack of budget especially for information technology infrastructure and lack of staff training and monitoring systems to enhance information flow inside and outside organizations, also healthcare industry facing lack of talent who can improve systems security and thinking like hackers. It's possible to decrease gap between industry and healthcare organizations by increasing awareness about security issues depend on correct mission which focusing on patient records and health , In addition to modern approach that can detect advanced threats.
This document discusses addressing cyber security. It begins with defining cyber security and providing examples of cyber security cases. It then discusses cyber security strategies used by the UK and US. A risk-based approach to cyber security is recommended, using standards like ISO27001 and ISO27005. This involves identifying risks, implementing controls, and managing security incidents using a plan-do-check-act cycle. Tools like SIEM can help correlate events to assess risk and generate security alarms. While cyber security faces new challenges compared to information security, risk management principles remain important to understand threats and maintain security over time.
Managed Cyber Security Services allow organizations to focus on daily operations without cyber security interruptions. International studies show 98% of organizations are vulnerable to attacks, with ransomware attacks growing over 2000% in the past 3 years and costing over $20 billion in 2020. An MSSP (Managed Security Services Provider) monitors infrastructure 24/7, provides endpoint protection, data protection including automated backups and disaster recovery, network protection, security operations, and forensics to ensure confidentiality, integrity and availability of data and systems. MSSPs manage all aspects of an organization's security so they can work without interruption from cyber threats.
Managing security risks in today's digital eraSingtel
Digital transformation creates new sources of competitive advantage for businesses. The hyper-connectivity that enables digital transformation, however, comes with an increasing risk of cyber attacks that use ever-evolving methods to compromise data. Find out how you can combat complex cyber threats by adopting a holistic approach in cybersecurity planning.
2° Ciclo Microsoft Fondazione CRUI 6° Seminario: Classificazione e protezion...Jürgen Ambrosi
Proteggere le informazioni sensibili è un'esigenza primaria per molte organizzazioni, farlo in maniera intuitiva ed automatica, senza preoccuparsi di dove il dato è archiviato o con chi viene condiviso è una sfida per tutti. In questo webinar mostreremo "Azure Information Protection" per la protezione di e-mail, documenti e dati, condivisi all'interno e all'estero dell'azienda, una nuova soluzione Microsoft che copre tutto il ciclo di vita del dato. Classificazione, etichettatura, crittografia e diritti, sono solo alcuni degli argomenti chiave che affronteremo.
NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh ĐứcSecurity Bootcamp
This document discusses using big data analytics to improve upon traditional SIEM (Security Information and Event Management) solutions for network security monitoring. It notes that SIEMs have performance limits, cannot handle large varieties of data, and lack real-time correlation and analysis abilities. Big data solutions using the Hadoop ecosystem can overcome these issues through security analytics techniques like classification, correlation, clustering, affinity grouping, aggregation, and statistical analysis applied to large magnitudes of network and system data. This would allow for behavior-based anomaly detection rather than solely signature-based detection and anomaly detection of user network access. The document suggests network security managers can build their own "next-gen" network security monitoring systems using these big data analytics techniques.
The document provides an overview of an office of the chief information security officer (CISO). It discusses the CISO's focus on strategic security areas like business policy, infrastructure security, and monitoring. It also covers detection of security issues like brute force attacks, insider threats, and malware activity. Metrics for security functions like incident management, vulnerability management, and patch management are defined. The document concludes by inviting questions or comments.
In January IBM Security Systems has announced a new solution wherein it combines the security intelligence capabilities of QRadar SIEM and Big Data + analytics to
Healthcare info tech systems cyber threats ABI conference 2016Amgad Magdy
Healthcare becomes one of major economic and social problems around the world. Also security and privacy challenges in the healthcare sector is a growing issue , The psychology and sociology of information technology users in healthcare sector have problems to raise awareness about cyber security issues and the efforts that do aim to protect patient health do not equal the efforts that do to protect healthcare systems and records from daily cyber threats. Recent events have made clear that hackers will find opportunities to exploit flaws in the way healthcare organizations try to manage patient data with wrong mission and outdated approach, so it will lead to data protection failure. Healthcare organizations have lack of budget especially for information technology infrastructure and lack of staff training and monitoring systems to enhance information flow inside and outside organizations, also healthcare industry facing lack of talent who can improve systems security and thinking like hackers. It's possible to decrease gap between industry and healthcare organizations by increasing awareness about security issues depend on correct mission which focusing on patient records and health , In addition to modern approach that can detect advanced threats.
This document discusses addressing cyber security. It begins with defining cyber security and providing examples of cyber security cases. It then discusses cyber security strategies used by the UK and US. A risk-based approach to cyber security is recommended, using standards like ISO27001 and ISO27005. This involves identifying risks, implementing controls, and managing security incidents using a plan-do-check-act cycle. Tools like SIEM can help correlate events to assess risk and generate security alarms. While cyber security faces new challenges compared to information security, risk management principles remain important to understand threats and maintain security over time.
Managed Cyber Security Services allow organizations to focus on daily operations without cyber security interruptions. International studies show 98% of organizations are vulnerable to attacks, with ransomware attacks growing over 2000% in the past 3 years and costing over $20 billion in 2020. An MSSP (Managed Security Services Provider) monitors infrastructure 24/7, provides endpoint protection, data protection including automated backups and disaster recovery, network protection, security operations, and forensics to ensure confidentiality, integrity and availability of data and systems. MSSPs manage all aspects of an organization's security so they can work without interruption from cyber threats.
Managing security risks in today's digital eraSingtel
Digital transformation creates new sources of competitive advantage for businesses. The hyper-connectivity that enables digital transformation, however, comes with an increasing risk of cyber attacks that use ever-evolving methods to compromise data. Find out how you can combat complex cyber threats by adopting a holistic approach in cybersecurity planning.
2° Ciclo Microsoft Fondazione CRUI 6° Seminario: Classificazione e protezion...Jürgen Ambrosi
Proteggere le informazioni sensibili è un'esigenza primaria per molte organizzazioni, farlo in maniera intuitiva ed automatica, senza preoccuparsi di dove il dato è archiviato o con chi viene condiviso è una sfida per tutti. In questo webinar mostreremo "Azure Information Protection" per la protezione di e-mail, documenti e dati, condivisi all'interno e all'estero dell'azienda, una nuova soluzione Microsoft che copre tutto il ciclo di vita del dato. Classificazione, etichettatura, crittografia e diritti, sono solo alcuni degli argomenti chiave che affronteremo.
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...Jürgen Ambrosi
Oggi, il tema della sicurezza informatica si è spostato dal datacenter a livelli più alti. Gli attacchi e le minacce sono cresciuti notevolmente oltre ad essere più sofisticati.
Gli attackers risiedono all'interno di una rete una media di otto mesi prima di essere rilevati. La percentuale maggiore degli attacchi compromettono le credenziali utente e utlizzano strumenti legittimi piuttosto che malware, rendendo molto difficile la loro rilevazione.
In questo webinar conosceremo ATA (Advanced Threat Analytics) strumento che aiuta le aziende a tenere sotto controllo comportamenti anomali e non leciti all’interno della propria organizzazione li dove gli strumenti di sicurezza tradizionali offrono una protezione limitata contro questo tipo di attacchi.
Protecting your mission-critical data and applications in the cloud can best be accomplished through a joint effort between your organization and your cloud services provider (CSP).
Cybersecurity Ventures predicts that Ransomware damage costs will exceed $5 billion in 2017, up more than 15X from 2015. This deck by Mat Hamlin, VP of Products at Spanning, and Brian Rutledge, Spanning's Security Engineer, will help you to:
- Understand Vulnerabilities in Various Platforms
- Get Pointers to Prepare for an Attack
- Understand How and Why Backup Helps
The document discusses managing information security risks and risk management. It covers identifying valuable information assets, threats to those assets like identity theft and hacking, and vulnerabilities in existing safeguards. It also discusses how to assess security spending based on asset value and risk likelihood. The document recommends understanding risks, accepting or mitigating risks, and outlines how MPC Security Solutions can help with services like security assessments, policy reviews, and monitoring/auditing tools.
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
ในงาน THE FIRST NIDA BUSINESS ANALYTICS AND DATA SCIENCES CONTEST/CONFERENCE จัดโดย คณะสถิติประยุกต์และ DATA SCIENCES THAILAND
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
This on-demand webcast shows you how you shield your organization from such attacks – as well as how to respond if ransomware does penetrate your organization. Baseline Technologies’ Mike Crowley gives you the inside track on how ransomware works and how to lower your risk of ransomware attacks.
Recover your files from Ransomware - Ransomware Incident Response by TictacTicTac Data Recovery
In this presentation we explain how we can help you if you have been hit by Ransomware. We can handle any ransomware family and we can help you recovery your files and continue with your business as fast as possible. Also we can perform forensic investigations and protect your infrastructure from future incidents. https://tictaclabs.com https://tictac.gr
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessStorage Switzerland
Ransomware is the universal threat. No matter an organization's data center location, or its size, it can be devastated by a ransomware attack. While most organizations focus on the periphery, they also need to be prepared for a breach, something that ransomware is particularly adept. In case of a breach, an advanced backup and disaster recovery solution can ensure safe and timely recovery of data without paying ransom.
In this webinar join experts from Storage Switzerland and Micro Focus as they discuss the impact of ransomware and the core features of a backup solution that can mitigate the associated risks.
This document discusses the growing threats posed by cyber attacks and advanced persistent threats (APTs). It notes that most breaches are discovered by third parties, and targeted attacks have become the norm. The reality is that a new threat is created every second, a cyber intrusion occurs every 5 minutes, and over 90% of enterprises have malware. Analysts urge organizations to adopt advanced threat detection capabilities. The document then describes Custom Defense's solution, which provides network-wide detection, threat intelligence, custom sandboxes for analysis, and automated security updates. It provides examples of how the solution integrates with other Trend Micro products and third-party technologies.
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Collin Miles
Fluency’s vision empowers decisions through a holistic view of the network, fusing the ability to monitor traffic with SIEM-like capability. Fluency provides clarity & measurable value by leveraging Big Data & Packet Monitoring to provide more information, not less; additionally Fluency is open & integrates with existing deployed security solutions protecting investments made while providing measurable, complementary value & an extremely quick ROI from the day implemented.
****Fluency In The Press:
- RSA Selected as 1 of 9 Most Innovative Security Products of 2015 (Only Breach Offering Selected) - 04/15
- CRN Selected #6 of the 10 Coolest Security Startups of 2015 - 07/15
- CRN Selected as 1 of the Top 25 Disrupters (Across all IT Disciplines) of 2015 - 08/15
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
The document discusses big data security analytics and how HP addresses related challenges. It notes that big data analytics for security requires real-time analysis of high-volume, diverse data streams. While many big data solutions focus on batch analytics, security demands real-time correlation and detection of threats. The document outlines how HP's ArcSight platform collects, correlates, and analyzes security data from many sources in real-time. It also explains how HP uses Hadoop for long-term storage and analytics, and Autonomy for semantic analysis of unstructured data to enable predictive security.
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
The EU Global Data Protection Regulation (GDPR) and New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) represent a landmark change in the global data protection space. While they originate in different countries and apply to different organizations, their primary message is the same:
Protect your data, or pay a steep price. More specifically, protect the sensitive data you collect from customers.
With deadlines looming, is your organization ready?
The time to act is now. Read more to learn:
--Key mandates and minimum requirements for compliance
--Why a comprehensive data-centric security strategy is invaluable to all data protection and data privacy efforts
--How you can gauge your organization’s incident response capabilities
--How to extend your focus beyond the organization’s figurative four walls to ensure requirements are met throughout your supply chain
The first New York requirements deadline has arrived. With the next deadline of mandates only 6 months away, you don't want to fall behind and leave your organization at risk for potential penalties and fines.
Identity-Driven Security with Forsyte I.T. Solutions - Demos and DiscoveryForsyte I.T. Solutions
An organization's data is their most valuable asset, yet most enterprises aren’t doing enough to control access to that data.
Security requires a layered approach and that starts with a great user authentication experience with automatic, policy-based rules for access to sensitive information regardless of location or device type. Once that’s in place you can apply threat protection and security management tools to keep users, data, devices, and applications safe and optimize your security posture.
An organization’s data can be spread across multiple applications, on-premises and in the cloud, and accessed by multiple devices and users, internal and external. Identity can be the central point of control that connects it all. You need a comprehensive identity and access management solution that protects your internal and external users, but also helps your business to grow and thrive by improving the user experience and productivity.
Audit logs and trails provide important security and compliance information about systems and networks. They can be used to detect threats, investigate incidents, and ensure regulatory compliance. However, simply collecting logs is not enough - they must be consistently analyzed through a log review program to extract meaningful insights and optimize security decisions. Common mistakes include not actually reviewing logs, storing logs for too short a time period, and not normalizing logs to facilitate analysis across different sources.
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
Do you know Flexential has an extensive, robust, highly mature Professional Security Consulting team with deep and varied bench strength? In this call, you’ll get a brief overview of their portfolio, a focused discussion on Ransomware, with a very specific Solution Flexential offers for this problem. Ransomware is going to continue to be a growing challenge, each of your Customers are struggling with it, and Flexential’s offers a short engagement to help Customers be properly prepared and not pay the Ransom! These engagements can lead to not only greater Security Opportunities, but also to Disaster Recovery, backup solution and strategy discussion, and ultimately great MRR for each of our Partners!
This document discusses using data mining techniques for intrusion detection in cyber security. It defines cyber security and cyber crimes, and explains how data mining can help with intrusion detection. Specifically, it describes how classification methods like neural networks and clustering can be used to detect anomalies and build models of normal network activity that may help identify intrusions. The goal of these data mining approaches for intrusion detection is to analyze network traffic data to learn patterns and identify both known and unknown attacks.
User Behavior Analytics And The Benefits To CompaniesSpectorsoft
User behavior analytics and user activity monitoring can help organizations detect insider threats by analyzing patterns of user behavior and flagging anomalies. These tools collect user activity log data to monitor interactions with sensitive data and systems. They use algorithms and statistical analysis to identify meaningful anomalies that could indicate potential threats like data exfiltration. This provides a rich data source for investigations and helps focus an organization's security efforts on detecting insider threats, as internal actors often pose more risk than external ones.
Dr. Anton Chuvakin discusses the future of security information and event management (SIEM) technologies in 2012. He outlines five areas where SIEM is likely to expand: 1) collecting and analyzing more context data, 2) sharing intelligence between SIEM systems, 3) monitoring emerging environments like virtual systems, cloud, and mobile, 4) developing new analytic algorithms to better detect threats, and 5) expanding to monitor application security in addition to infrastructure security. Chuvakin advises organizations to start integrating more context data, collecting security feeds, and expanding SIEM coverage to prepare for these evolving capabilities.
A deck discussing the the findings from the Edgescan 2021 Vulnerability Stats Report. A full stack view of the vulnerabilities discovered in 2020 based on thousands of assessments. Host, network and application layer security metrics -Full stack
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...Jürgen Ambrosi
Oggi, il tema della sicurezza informatica si è spostato dal datacenter a livelli più alti. Gli attacchi e le minacce sono cresciuti notevolmente oltre ad essere più sofisticati.
Gli attackers risiedono all'interno di una rete una media di otto mesi prima di essere rilevati. La percentuale maggiore degli attacchi compromettono le credenziali utente e utlizzano strumenti legittimi piuttosto che malware, rendendo molto difficile la loro rilevazione.
In questo webinar conosceremo ATA (Advanced Threat Analytics) strumento che aiuta le aziende a tenere sotto controllo comportamenti anomali e non leciti all’interno della propria organizzazione li dove gli strumenti di sicurezza tradizionali offrono una protezione limitata contro questo tipo di attacchi.
Protecting your mission-critical data and applications in the cloud can best be accomplished through a joint effort between your organization and your cloud services provider (CSP).
Cybersecurity Ventures predicts that Ransomware damage costs will exceed $5 billion in 2017, up more than 15X from 2015. This deck by Mat Hamlin, VP of Products at Spanning, and Brian Rutledge, Spanning's Security Engineer, will help you to:
- Understand Vulnerabilities in Various Platforms
- Get Pointers to Prepare for an Attack
- Understand How and Why Backup Helps
The document discusses managing information security risks and risk management. It covers identifying valuable information assets, threats to those assets like identity theft and hacking, and vulnerabilities in existing safeguards. It also discusses how to assess security spending based on asset value and risk likelihood. The document recommends understanding risks, accepting or mitigating risks, and outlines how MPC Security Solutions can help with services like security assessments, policy reviews, and monitoring/auditing tools.
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA
Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ
ในงาน THE FIRST NIDA BUSINESS ANALYTICS AND DATA SCIENCES CONTEST/CONFERENCE จัดโดย คณะสถิติประยุกต์และ DATA SCIENCES THAILAND
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
This on-demand webcast shows you how you shield your organization from such attacks – as well as how to respond if ransomware does penetrate your organization. Baseline Technologies’ Mike Crowley gives you the inside track on how ransomware works and how to lower your risk of ransomware attacks.
Recover your files from Ransomware - Ransomware Incident Response by TictacTicTac Data Recovery
In this presentation we explain how we can help you if you have been hit by Ransomware. We can handle any ransomware family and we can help you recovery your files and continue with your business as fast as possible. Also we can perform forensic investigations and protect your infrastructure from future incidents. https://tictaclabs.com https://tictac.gr
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessStorage Switzerland
Ransomware is the universal threat. No matter an organization's data center location, or its size, it can be devastated by a ransomware attack. While most organizations focus on the periphery, they also need to be prepared for a breach, something that ransomware is particularly adept. In case of a breach, an advanced backup and disaster recovery solution can ensure safe and timely recovery of data without paying ransom.
In this webinar join experts from Storage Switzerland and Micro Focus as they discuss the impact of ransomware and the core features of a backup solution that can mitigate the associated risks.
This document discusses the growing threats posed by cyber attacks and advanced persistent threats (APTs). It notes that most breaches are discovered by third parties, and targeted attacks have become the norm. The reality is that a new threat is created every second, a cyber intrusion occurs every 5 minutes, and over 90% of enterprises have malware. Analysts urge organizations to adopt advanced threat detection capabilities. The document then describes Custom Defense's solution, which provides network-wide detection, threat intelligence, custom sandboxes for analysis, and automated security updates. It provides examples of how the solution integrates with other Trend Micro products and third-party technologies.
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Collin Miles
Fluency’s vision empowers decisions through a holistic view of the network, fusing the ability to monitor traffic with SIEM-like capability. Fluency provides clarity & measurable value by leveraging Big Data & Packet Monitoring to provide more information, not less; additionally Fluency is open & integrates with existing deployed security solutions protecting investments made while providing measurable, complementary value & an extremely quick ROI from the day implemented.
****Fluency In The Press:
- RSA Selected as 1 of 9 Most Innovative Security Products of 2015 (Only Breach Offering Selected) - 04/15
- CRN Selected #6 of the 10 Coolest Security Startups of 2015 - 07/15
- CRN Selected as 1 of the Top 25 Disrupters (Across all IT Disciplines) of 2015 - 08/15
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
The document discusses big data security analytics and how HP addresses related challenges. It notes that big data analytics for security requires real-time analysis of high-volume, diverse data streams. While many big data solutions focus on batch analytics, security demands real-time correlation and detection of threats. The document outlines how HP's ArcSight platform collects, correlates, and analyzes security data from many sources in real-time. It also explains how HP uses Hadoop for long-term storage and analytics, and Autonomy for semantic analysis of unstructured data to enable predictive security.
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
The EU Global Data Protection Regulation (GDPR) and New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) represent a landmark change in the global data protection space. While they originate in different countries and apply to different organizations, their primary message is the same:
Protect your data, or pay a steep price. More specifically, protect the sensitive data you collect from customers.
With deadlines looming, is your organization ready?
The time to act is now. Read more to learn:
--Key mandates and minimum requirements for compliance
--Why a comprehensive data-centric security strategy is invaluable to all data protection and data privacy efforts
--How you can gauge your organization’s incident response capabilities
--How to extend your focus beyond the organization’s figurative four walls to ensure requirements are met throughout your supply chain
The first New York requirements deadline has arrived. With the next deadline of mandates only 6 months away, you don't want to fall behind and leave your organization at risk for potential penalties and fines.
Identity-Driven Security with Forsyte I.T. Solutions - Demos and DiscoveryForsyte I.T. Solutions
An organization's data is their most valuable asset, yet most enterprises aren’t doing enough to control access to that data.
Security requires a layered approach and that starts with a great user authentication experience with automatic, policy-based rules for access to sensitive information regardless of location or device type. Once that’s in place you can apply threat protection and security management tools to keep users, data, devices, and applications safe and optimize your security posture.
An organization’s data can be spread across multiple applications, on-premises and in the cloud, and accessed by multiple devices and users, internal and external. Identity can be the central point of control that connects it all. You need a comprehensive identity and access management solution that protects your internal and external users, but also helps your business to grow and thrive by improving the user experience and productivity.
Audit logs and trails provide important security and compliance information about systems and networks. They can be used to detect threats, investigate incidents, and ensure regulatory compliance. However, simply collecting logs is not enough - they must be consistently analyzed through a log review program to extract meaningful insights and optimize security decisions. Common mistakes include not actually reviewing logs, storing logs for too short a time period, and not normalizing logs to facilitate analysis across different sources.
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
Do you know Flexential has an extensive, robust, highly mature Professional Security Consulting team with deep and varied bench strength? In this call, you’ll get a brief overview of their portfolio, a focused discussion on Ransomware, with a very specific Solution Flexential offers for this problem. Ransomware is going to continue to be a growing challenge, each of your Customers are struggling with it, and Flexential’s offers a short engagement to help Customers be properly prepared and not pay the Ransom! These engagements can lead to not only greater Security Opportunities, but also to Disaster Recovery, backup solution and strategy discussion, and ultimately great MRR for each of our Partners!
This document discusses using data mining techniques for intrusion detection in cyber security. It defines cyber security and cyber crimes, and explains how data mining can help with intrusion detection. Specifically, it describes how classification methods like neural networks and clustering can be used to detect anomalies and build models of normal network activity that may help identify intrusions. The goal of these data mining approaches for intrusion detection is to analyze network traffic data to learn patterns and identify both known and unknown attacks.
User Behavior Analytics And The Benefits To CompaniesSpectorsoft
User behavior analytics and user activity monitoring can help organizations detect insider threats by analyzing patterns of user behavior and flagging anomalies. These tools collect user activity log data to monitor interactions with sensitive data and systems. They use algorithms and statistical analysis to identify meaningful anomalies that could indicate potential threats like data exfiltration. This provides a rich data source for investigations and helps focus an organization's security efforts on detecting insider threats, as internal actors often pose more risk than external ones.
Dr. Anton Chuvakin discusses the future of security information and event management (SIEM) technologies in 2012. He outlines five areas where SIEM is likely to expand: 1) collecting and analyzing more context data, 2) sharing intelligence between SIEM systems, 3) monitoring emerging environments like virtual systems, cloud, and mobile, 4) developing new analytic algorithms to better detect threats, and 5) expanding to monitor application security in addition to infrastructure security. Chuvakin advises organizations to start integrating more context data, collecting security feeds, and expanding SIEM coverage to prepare for these evolving capabilities.
A deck discussing the the findings from the Edgescan 2021 Vulnerability Stats Report. A full stack view of the vulnerabilities discovered in 2020 based on thousands of assessments. Host, network and application layer security metrics -Full stack
The document discusses memory forensics and rootkit detection. It covers why memory forensics is important for malware analysis and incident response. Key topics include memory acquisition tools, the Volatility memory forensics framework, rootkit techniques like DLL injection, hooking, and process/driver hiding used by malware. Detection methods for these rootkit behaviors using Volatility plugins are also presented. The document appears to be from a security training presentation on memory forensics and rootkit analysis.
Dynamic access control sbc12 - thuan nguyenThuan Ng
The document discusses data access control and compliance. It introduces dynamic access control capabilities in Windows Server 2012 that can authorize only authorized individuals to access confidential data. It discusses challenges around data compliance, regulatory standards, and granular control over auditing access. The document then demonstrates how to use features like data classification, expression-based auditing and access conditions, and encryption to address these challenges. It provides examples of using these features to audit specific types of access, control access based on multiple attributes, and automatically encrypt files based on classification. Finally, it describes a demonstration lab that shows how to set up claims, resource properties, central access policies and encryption in Active Directory and a file server.
Self-Protecting Information for De-Perimiterised Electronic RelationshipsJeremy Hilton
This presentation describes the results of a project (SPIDER) that has developed a proof-of-concept for fine-grained information access control, and communication of controls using a concept derived from Creative Commons called Protective Commons.
Taxonomy Management, Automatic Metadata Tagging & Auto Classification in Shar...William LaPorte
1) The document discusses automatic metadata tagging and auto-classification in SharePoint to solve problems with manually tagging records, including inefficiencies and exposure of private information.
2) It presents COMPU-DATA International's solution of using taxonomies to automatically tag documents with metadata like security and retention tags upon upload based on the document's content.
3) The automatic tagging allows for records to be classified and stored according to retention policies, improves search precision, and reduces costs compared to manual tagging.
Integrating Information Protection Into Data Architecture & SDLCDATAVERSITY
The document discusses how integrating data protection into software development life cycles (SDLC) can help close hidden gaps where data governance is often absent. It notes that many SDLCs skip critical data classification steps until late in the process, resulting in inconsistent data protection and governance gaps. The document proposes a parallel SDLC approach that classifies regulated data early and links it to compliance actions to design roles and controls for user entitlements.
Info Security: Microsoft Dynamic Access Control McOWLMarketing
This document summarizes a presentation on Dynamic Access Control in Windows Server 2012. It introduces Dynamic Access Control and its four pillars: data classification, expression-based auditing, expression-based access conditions, and encryption. It provides examples of how data classification can automatically classify documents based on their contents. Expression-based access control allows flexible access control lists based on document classification and user attributes. Dynamic Access Control helps address challenges around data compliance, leakage, and regulatory issues by automating access control and encryption based on how data is classified.
Juan J. Celaya from COMPU-DATA International presents on automatic metadata tagging and auto classification in SharePoint. The presentation addresses problems with manual metadata tagging such as inconsistency and high costs. It proposes using taxonomies to automatically tag documents with semantic, records retention, and security metadata upon upload. This enables auto-classification of documents, enforcement of records management policies, and improved search precision. The approach involves building taxonomies aligned with business needs and outcomes include reduced costs from automatic tagging and improved information retrieval.
This document discusses challenges to database security and provides solutions. It identifies key database security issues such as exploitation of vulnerabilities, limited security expertise, unmanaged sensitive data, weak audit trails, and privilege abuse. It then proposes several mitigation strategies, including patching vulnerabilities, separating duties, cultivating security expertise, identifying and classifying sensitive data, implementing real-time monitoring and blocking of suspicious activity, and automating data archiving and encryption. The overall goal is to detect security risks and protect valuable sensitive data within databases.
The document discusses Trellix's data protection solutions. It provides an overview of the challenges organizations face in protecting data across multiple locations and devices as data grows exponentially. Trellix's data loss prevention framework uses discovery, classification, monitoring and enforcement across networks, endpoints, databases and clouds to protect sensitive data wherever it resides. Key capabilities include identifying sensitive data, user awareness and education, as well as incident response. Use cases discussed include insider threats, data privacy regulations, and security operations.
SunGard’s Data Profiling Service
The service allows organisations to review the data held in Windows environments, enabling them to determine their value to the business and to identify those which can be deleted, archived or retained in the live environment.
1. The paper proposes techniques to extract hidden databases when a user query returns many valid tuples but only some are displayed, with the others hidden.
2. It focuses on interfaces called "TOP-k-COUNT" interfaces that display some tuples and provide the count of other matching tuples.
3. The COUNT-DECISION-TREE algorithm samples the hidden database using a decision tree to generalize the attribute order, allowing different attributes at each level.
ConceptClassifier for SharePoint Turbo Charging the Public Sectormartingarland
The document discusses Concept Searching's conceptClassifier for SharePoint product. It provides examples of how several public sector organizations are using the product to improve search, records management, compliance, and information sharing through automatic metadata generation, classification, and taxonomy management of documents within SharePoint. Specific clients mentioned include the Defense Centers of Excellence, U.S. Army Records Management Declassification Agency, 711th Human Performance Wing, U.S. Air Force Human Performance Clearing House, Consumer Product Safety Commission, Care Quality Commission, Transport for London, European Bank of Reconstruction and Development, and several U.K. city councils.
This document provides an overview of data mining. It introduces data mining and its goals, which include prediction, identification, classification, and optimization. The typical architecture of a data mining system is explained, including its major components. Common data mining techniques like classification, clustering, and association are also outlined. Examples are provided to illustrate techniques. The document concludes by discussing advantages and uses of data mining along with some popular data mining tools.
Life & Work Online Protecting Your IdentityInnoTech
Microsoft's latest Security Intelligence Report focuses on the expanding threat posed by bots and botnets. The report details that botnets are growing larger in size and becoming more sophisticated, with some networks now containing over one million infected machines. Microsoft also discusses new trends seen over the past year, such as the emergence of mobile botnets targeting smartphones. Additionally, the report provides statistics on cyberattacks by country and information on new botnet command and control techniques used by cybercriminals.
Keynote Theatre. Keynote Day 2. 16:30 Evelyn de Souza CloudExpoAsia
This document summarizes a presentation on cloud data governance. It discusses why data governance is important given issues like data breaches, insider threats, and lack of control over cloud assets. It outlines different data and cloud models and challenges with compliance. It proposes establishing an executive data governance board and aligning governance with business priorities. The presentation encourages participants to join the Cloud Security Alliance's data governance working group and continue the conversation.
Data resource management involves applying information systems technology to manage data resources. It includes activities like creating, storing, organizing, and retrieving data using database management systems. There are different types of databases like operational, distributed, data warehouses, data marts, and end user databases. Data warehouses store historical data from various operational databases to help identify trends. Data mining techniques are used to better understand data through analysis, sorting, extracting patterns and relationships to gain insights. Common applications of data mining include banking, customer relationship management, targeted marketing, fraud detection, and scientific data analysis.
1. A DBMS is a collection of programs that enables users to store, modify, and extract information from a database. It provides an interface between the database and users or other application programs.
2. The traditional file-based approach has disadvantages like data redundancy, lack of data integrity, lengthy development time and limited data sharing between applications.
3. The database approach organizes data into logical relationships and provides a centralized pool of shared data that can be accessed by multiple applications. This improves data integrity, reduces redundancy and provides easier data access and sharing.
This document provides information on database security. It discusses how database security protects confidentiality, integrity and availability of databases. It also discusses the importance of database security to prevent data loss or compromise. Some of the largest data breaches in 2018 are summarized, including breaches of Aadhaar and Facebook that exposed over 1 billion and 87 million records respectively. Common attack vectors and frameworks for implementing database security are referenced. Finally, the document outlines a methodology for implementing proven database security practices around inventory, testing, compliance, eliminating vulnerabilities, enforcing least privileges, monitoring for anomalies, data protection, backup plans, and responding to incidents.
This document provides an introduction to databases and data mining. It defines what a database is and describes different types of databases, including centralized, distributed, personal, end user, commercial, NoSQL, operational, relational, cloud, and object-oriented databases. It also discusses database management systems and their role in maintaining database security, integrity, and accessibility. The document then introduces concepts related to data warehousing and data mining, including definitions and common uses.
M365 Records Management Community WebinarDrew Madelung
Information governance is necessary for enterprises. The management of content lifecycles is needed to be compliant and secure. Records management in M365 has many new features and capabilities that we will highlight in this webinar. We will also have real-world conversations on use cases of moving to modern records management in M365 and the challenges, opportunities, and overall guidance for this process. Bring your questions to this exciting webinar!
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...NextLabs, Inc.
Microsoft Server 2012 Dynamic Access Control (DAC) is a new authorization model that gives companies the ability to define central access policies to control access to files based on the classification of the data and attributes of the user. DAC greatly simplifies the administration of file server security and makes it easier to comply with SEC regulations for information barriers and protection of sensitive client data.
Attendees of this webinar will learn more about Windows Server 2012 DAC and see how it can be applied to improve compliance with SEC regulations.
In this webinar, Microsoft and NextLabs will:
• Introduce you to DAC, a powerful new security feature in Windows Server 2012.
• Map DAC functionality to critical SEC requirements for classification, access control, information barriers and record keeping.
• Demonstrate a solution where DAC is used to automate SEC compliance controls across Windows Server 2012, Microsoft SharePoint and email.
This webinar will be helpful for customers who need to meet SEC requirements, or who are interested in creating information barriers between project teams. It is also helpful for both Compliance and IT professionals looking for tools to help them reduce IT administration cost, enable information sharing, and improve corporate compliance.
Similar to SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận) (20)
Hieupc-The role of psychology in enhancing cybersecuritySecurity Bootcamp
The document discusses the role of psychology in enhancing cybersecurity, noting that humans are often the weakest link. It provides statistics on internet users and connected devices to illustrate how everything is connected and vulnerable. It then outlines principles that social engineers exploit, like social proof, reciprocity, and scarcity. Examples are given of major data breaches from companies like Equifax and Marriott that involved human factors. Recommendations are made for governments, corporations, and individuals to improve cybersecurity through education, policies, and secure product development. The role of psychology in security is emphasized, as technological and social engineering techniques combined pose real threats.
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewSecurity Bootcamp
This document discusses building a high performance web application vulnerability scanner. It begins with an introduction of the speaker and agenda. It then defines what a WAVS is and why they are needed for both penetration testers and businesses to discover vulnerabilities. The document discusses why building your own WAVS is typically not recommended and reviews common challenges. It proposes an architecture with core and plugin components and discusses approaches like crawling and fuzzing, CPE and CVE mapping, and public exploit testing. Recommendations are provided around programming languages, code design patterns, and challenges like JavaScript crawling, high overhead, false positives, and other considerations.
The document discusses insider threat and solutions from the US Department of Defense perspective. It defines insider threat, discusses motivations and past cases like Edward Snowden. It outlines government measures including the National Insider Threat Task Force and requirements around user activity monitoring. Technical solutions discussed include user and entity behavior analytics using machine learning, extensive logging and forensic capabilities, and combining internal monitoring with external threat protection.
This document discusses common techniques used in macro malware. It describes how macro malware typically works by evading analysis through spawning child processes under different process names. Specific techniques covered include spawning via WMI, ShellCOM, and parent PID spoofing. It also discusses how macro malware can create scheduled tasks to persist and avoid detection. Examples of these techniques observed in real-world macro malware samples are provided.
This document discusses using machine learning and deep learning for malware detection. It notes that over 350,000 new malware are created daily, posing a significant threat. Traditional signature-based detection has limitations in detecting new malware. The document reviews research applying machine learning and deep learning techniques to malware detection using static and dynamic analysis of features. It then describes the authors' approach of using opcode frequency models with random forest and neural networks to classify files, achieving 97-98% precision and recall on a test set. The conclusion is that machine learning and deep learning can help address limitations of traditional approaches by enabling detection of new malware.
This document discusses threat detection strategies with "zero-cost" solutions. It outlines a threat detection architecture that centralizes logging, establishes context, and enables real-time and historical analysis. It proposes using free, open-source tools like Sysmon and Elastalert for data gathering and analytics to detect threats. The document concludes with a demonstration of detecting threats using ATT&CK tactics.
Xin chân thành cảm ơn các nhà tài trợ. Chúng tôi rất biết ơn sự hỗ trợ tài chính quý báu của quý vị dành cho chương trình này. Chúng tôi xin hứa sẽ sử dụng mọi nguồn lực được cấp phát một cách hiệu
Xin chân thành cảm ơn các nhà tài trợ. Chúng tôi rất biết ơn sự hỗ trợ tài chính quý báu của quý vị dành cho chương trình này. Chúng tôi xin hứa sẽ sử dụng mọi nguồn lực được cấp phát một cách hiệu
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectorySecurity Bootcamp
The document discusses an untold story from the Vietnam War. It thanks sponsors for their support. The document focuses on an aspect of the Vietnam War that has not been widely shared or discussed.
Five simple strategies are proposed for securing APIs:
1. Validate all parameters from consumers to prevent injection attacks.
2. Apply explicit threat detection such as blacklisting dangerous tags and virus scanning.
3. Enable SSL encryption everywhere to protect against man-in-the-middle attacks.
4. Apply rigorous authentication and authorization using multiple identity factors and OAuth.
5. Use proven security solutions like an API gateway to separate the API implementation from security concerns and provide access control, monitoring, and auditing.
The document discusses various tactics, techniques and common knowledge for detecting cyber attacks. It outlines general security problems like authenticity, authorization, confidentiality, integrity and availability. It then discusses specific techniques used in cyber attacks like escalation of privilege, credential dumping, modifying file system permissions and disabling security tools. It provides details on how each technique works and potential ways to detect them, such as monitoring specific Windows registry keys or processes. The overall document serves as a guide on common cyber attack vectors and approaches for detection.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
2. Microsoft SharePoint Most Valuable
Professional (2011,2012)
Author, Writer, Trainer & Public Speaker
Founder & Editor in Chief of SharePointVN
Publisher
Focus on Microsoft Security & Federation
Identity, Infrastructure, Methodologies and
Architecture.
3. Data Compliance
Understand the new Dynamic Access Control
capabilities built into Windows Server 2012
Demonstration
4. Compliance is generally a response to governmental regulation, but
it can also be a response to industry or internal requirements.
The U.S. Health Insurance Portability and Accountability Act
(HIPPA) for health providers
Sarbanes-Oxley Act (SOX)
The European Union Data Protection Directive
U.S. state data breach laws
I’m not talking about in-depth Data compliance
and privacy.
5. Can you make sure that only authorized individuals can access confidential data?
Do you have granular control over auditing access?
How to reduce the number of security groups your organization has?
Deal with regulatory standard?
…. There are many questions come up when it comes to data access control.
Content Owner Information
CSO/CIO Infrastructure
Workder
department Support
““Is my important
data
“I need to have
appropriately “I don’t know if I
the right “I don’t know
protected and am complying
compliance what data is in my
compliant with with my
controls to keep repositories and
regulations – how organization’s
me out of jail” how to control it”
do I audit this” polices”
6. Distributed Regulatory
Storage growth Information compliance Data leakage
45%: File based storage Corporate information is New and changing 246,091,423: Total
CAGR. everywhere: Desktops, regulations (SOX, HIPPA, number of records
Branch Offices, Data GLBA…) containing sensitive
MSIT cost $1.6
Centers, Cloud… personal information
GB/Month for managed International and local
involved in security
servers. MSIT 1500 file servers regulations.
breaches in the US since
with 110 different groups
>70%: of stored data is More oversight and January 2005
managing them
stale tighter enforcement.
$90 to $305 per record
Very hard to consistently
Cloud cost would be $15M: Settlement for (Forrester: in “Calculating
manage the information.
approximately 25 cents investment bank with the Cost of a Security
GB/Month SEC over record Breach”)
retention.
7. Expression-based Expression-based
Data Classification auditing access conditions Encryption
Classify your documents Targeted access auditing Flexible access control Automatic RMS
using resource properties based on document lists based on document encryption based on
stored in Active classification and user classification and document classification.
Directory. identity. multiple identities
(security groups).
Automatically classify Centralized deployment
documents based on of audit policies using Centralized access
document content. Global Audit Policies. control lists using Central
Access Policies.
8.
9. Data Classification
File Classification Infrastructure provides insight into your data by
automating classification processes.
Data Classification File Classification Infrastructure uses classification rules to
automatically scan files and classify them according to the contents
Classify your documents of the file.
using resource properties Some examples of classification rules include:
stored in Active
Directory.
Classify any file that contains the string “SBC12 Confidential” as
having high business impact.
Automatically classify
documents based on Classify any file that contains at least 10 social security
document content. numbers as having personally identifiable information.
10. A content classification rule that searches a set of files for the string
“SBC12 Confidential”. If the string is found in a file, the Impact
Data Classification resource property is set to High on the file.
A content classification rule that searches a set of files for a regular
Classify your documents expression that matches a social security number at least 10 times
using resource properties in one file. If the pattern is found, the file is classified as having
stored in Active
Directory.
personally identifiable information and the Personally Identifiable
Information resource property is set to High.
Automatically classify
documents based on
document content.
11.
12. Expression-based access condition
Manage fewer security groups by using conditional expressions
Expression-based
access conditions
Country x 30
Flexible access control
lists based on document
classification and
multiple identities
(security groups). Department x 20
Centralized access
control lists using Central
Access Policies.
Sensitive/Confidential documents
13. What is Central Access Policy?
You can think of Central Access Policies as a safety net
that your organization applies across its servers to
enhance the local access policy
14. Expression-based access rules
Active Directory File server
Domain Services
User claims Device claims Resource properties
User.Department = Finance Device.Department = Finance Resource.Department = Finance
User.Clearance = High Device.Managed = True Resource.Impact = High
Access policy
Applies to: @File.Impact = High
Allow | Read, Write | if (@User.Department == @File.Department) AND (@Device.Managed == True)
15. Central access policies
Active Directory
Domain Services Corporate
High business file servers
Organizational
impact policy policies Characteristics
• High business impact • Composed of central access rules
• Personally identifiable
Personally information • Applied to file servers through Group Policy
identifiable objects
information policy
Finance department • Supplement (not replace) native file and folder
policies access control lists from New Technology File
System (NTFS)
• High business impact
Finance policy • Personally identifiable
information
• Finance
User folders
Finance folders
16. Central access policy workflow
Active Directory Create claim definitions
Active Directory
Create file property definitions
Domain Services Create central access policy Domain Services
Send central access policies to file
Group Policy servers
Claim definitions User
Apply access policy to the
shared folder File property definitions
File Server Identify information Allow or
deny
Audit policy
User’s computer User tries to access information
File server
17. Central access policy examples
Organization-wide Specific data
authorization management
Departmental
authorization Need-to-know
18. Expression-based Auditing
Expression-based
Limit auditing to data that meets specific
auditing classification criteria.
Targeted access auditing
Limit auditing by action and by identity
based on document
classification and user
Add contextual information into the audit
identity. events.
Centralized deployment
of audit policies using
Global Audit Policies.
19. Security auditing
Active Directory Active Directory
Create claim types
Domain Services Create resource properties Domain Services
Group Policy Create global audit policy
Claim definitions User
Select and apply resource
properties to the shared File property definitions
File Server folders Allow or
deny
Audit policy
User’s computer User tries to access information
File server
20. Audit policy examples
Audit everyone who does not have a high security Audit all vendors when they try to access
clearance and who tries to access a document that documents related to projects that they are not
has a high impact on business working on
Audit | Everyone | All-Access | Audit | Everyone | All-Access |
Resource.BusinessImpact=HBI AND User.EmploymentStatus=Vendor AND User.Project
User.SecurityClearance!=High Not_AnyOf Resource.Project.
21. Data Encryption Challenges
How do I protect sensitive information after it leaves my
protected environment?
I cannot get the users to encrypt their sensitive data.
22. Classification-based encryption process
Process to encrypt a file based on
1
classification
Active Directory Claim definitions, file property definitions, and access
Domain Services policies are established in Active Directory Domain
Controller.
A user creates a file with the word “confidential” in the
User
text and saves it. The classification engine classifies
4 the file as high-impact according to rules configured.
2
On the file server, a rule automatically applies RMS
protection to any file classified as high-impact.
3 The RMS template and encryption are applied to the
RMS server file on the file server and the file is encrypted.
Classification
engine
File server
24. Demonstration Lab
There are two virtual machines that are involved in the
demonstration lab.
AD-Srv (Active Directory Domain Controller)
File-Srv (File Server)
There are two security groups
Finance
System Integration
There are two domain users:
thuan@sbc12.local (Finance)
thang@sbc12.local (System Integration)
25. Steps
Create a new claim
Department
Create resources properties and add it to resource property list
Finance Department
Create a new central access rule/central policies
Resource Finance Department Exists
Resource Finance Department Equals Value Finance
Publish central access policy
Configure Group Policy and enable KDC
Install File Server Resource Manager on File server
Update-FSRMClassificationPropertyDefinition
Add Central Access Policy to shared folder
Validate