The slides that were used @infosecurity 2019 when speaking for Computable. A vendor independent session where I shared some of the experiences of the last year.
2. About me ..
@vrykodee
MCSE 2003-2018
MCSD
MVA founder
David De Vos
Cybersecurity Evangelist
Solutions Architect
David@getsecure.today
MCPS
MCNPS
MCTS
CCSP 2018
CEH 2018
MCTEM
3.
4.
5. What is the weakest block in the chain?
Executives Deskless WorkersInformation Workers
6. Adversaries research ...
job roles
private life
whereabouts
hobbies
pets
Customer
Service Agent
Finance
Administrator
CIO
Methodology has evolved
7. Typical attack example
USER
Anonymous user behavior
Unfamiliar sign-in location
ATTACKER
Phishing attack
User account
is compromised
#
Attacker attempts
lateral movement
Attacker
accesses
sensitive data
Privileged
account
compromised
Anonymous user behavior
Lateral movement attacks
Escalation of privileges
Account impersonation
Data exfiltration
Attacker steals
sensitive data
Cloud data &
SaaS apps
Zero-day /
brute-force attack
9. Sensitive data is at risk
88 %
of organizations no longer have
confidence to detect and prevent loss
of sensitive data
of employees use non-approved SaaS
apps at work60%
85 %
of enterprise organizations keep
sensitive information in the cloud
58 %
Have accidentally sent sensitive
information to the wrong person
11. Scan & detect sensitive
data based on policy
MonitorDiscover Classify
Classify and label data
based on sensitivity
Protect
Apply protection actions,
including encryption,
access restrictions
Audit data access and
adjust/revoke where
applicable
Apps On-premisesCloud servicesDevices
Across
13. Do you know where your sensitive
data resides and where it’s going?
Do you have control of your data as it
travels inside and outside of your
organization?
Can you revoke access to data in cloud
applications?
Did you train key users on the subject?
Do you have a strategy
for protecting and
managing sensitive
information?
15. Cloud Access Security Brokers
Cloud Access Security Brokers (CASBs)
are defined by Gartner as:
On-premises, or cloud-based security policy
enforcement points, placed between cloud service
consumers and cloud service providers to combine
and interject enterprise security polices as the cloud-
based resources are accessed. CASBs consolidate
multiple types of security policy enforcement.
of large enterprises
will use CASBs
By
2020
16. On-premises abnormal behavior
and advanced threat detection
Identity-based attack
and threat detection
Behavioral analytics
detect & prevent data
leakage and breaches
Anomaly detection
for cloud apps
!
!
!
17. User Adoption is an important element.
Train your end-users.
There is no protection if you use one
vendor/solution. Use many security
solutions and vendors as layers of
protection. Link them together and
establish Zero Trust environment.
If you have a remote working force or
unmanaged devices, look into a CASB
solution. Implement it on top of what you
are already using: multiple layers are best!
Properly classify your sensitive data and
monitor access to your sensitive data
Inform users on these aspects, so they
don’t feel their privacy is violated.
Key Takeaways
18. Focus on protecting the data in your
environment, not only on protecting
access to data. People can produce
sensitive data starting from an empty
document as well.
Classification of files is something most
companies have been looking into. Did
you also classify and protect data inside
databases? Classify row, column and
tables as well!
Protect your backups, they are copies of
all your data. Restore processes should be
reviewed and adapted where necessary.
Learn when you should report a breach to
the privacy commission and when you
should not.
Practice & Learn
19. QUIZ
Is a ransomware attack (eg: wannacry) a
data breach that should be reported?