june 2009 securing your campus against data loss and internet threats victor c. lee director, data...
Post on 21-Dec-2015
217 views
TRANSCRIPT
June 2009
Securing Your Campus Against Data Loss and Internet Threats
Victor C. LeeDirector, Data Protection Marketing
June 2009 Copyright 2009 Trend Micro Inc.
Agenda
• Introduction and Overview of Threats to Privacy• Mass Web Hack Attacks• Insider Threats• Highlight: Two Trend Micro Solutions
– Deep Security– LeakProof
June 2009 Copyright 2009 Trend Micro Inc.3
Internal
External
THREATS
• Malicious insiders stealing company data• Worried workers proactively downloading info• Careless Insiders losing private data and IP• Increasing government regulations focusing on privacy
• Volume of attacks increasing exponentially • Hackers moving from disruption to profiteering• Increasingly sophisticated malware seeking valuable corporate data
Ponemon Institute, 2006 research Study
You are under constant attack
June 2009 Copyright 2009 Trend Micro Inc.
The Impact of Data Loss
• Cost: $6.3M per breach*
• Loss of customers/business
• Brand damage
• Stock price decrease
• Regulatory fines
• Legal defense
• Notification and compensation
• Public relations & security response
* Ponemon Institute
June 2009 Copyright 2009 Trend Micro Inc.
What Types of Data Do Enterprises Want to Protect
Privacy: Customer, Privacy: Customer, Employee & Patient DataEmployee & Patient Data
Privacy: Customer, Privacy: Customer, Employee & Patient DataEmployee & Patient Data
Regulatory Compliance
• Account Information
• Credit Card Numbers
• Contact Information
• Health Information
Regulatory Compliance
• Account Information
• Credit Card Numbers
• Contact Information
• Health Information
Intellectual PropertyIntellectual Property
Intellectual PropertyIntellectual Property
Competitive
• Source Code
• Engineering Specs
• Strategy Documents
• Pricing
Competitive
• Source Code
• Engineering Specs
• Strategy Documents
• Pricing
Company ConfidentialCompany Confidential Company ConfidentialCompany Confidential
Contracts
Reputation
• Quarterly Results
• M&A Strategy
• CEO Internal Email
• Internal Conversations
Contracts
Reputation
• Quarterly Results
• M&A Strategy
• CEO Internal Email
• Internal Conversations
5
Increased transparency makes privacy protection more difficult
June 2009 Copyright 2009 Trend Micro Inc.
Privacy Threat Landscape: Top Threats
1. Malware- Get employees to
unknowingly compromise internal systems
2. Hackers- Compromise web-based
applications to access databases
3. Insider Threats- Malicious and accidental
breaches of privacy data
June 2009 Copyright 2009 Trend Micro Inc.
Example: URL’s instead of Attachments!
June 2009 Copyright 2009 Trend Micro Inc.
Threat AnalysisTrendLabs &
Malware Database
Email Reputation
IP
URL
WebReputation
Files
FileReputation
A compromised web siteOne click in a link.Fake news by email.
Mitigation Requires Cloud Based Correlation
A fake video
June 2009
2. Hackers
June 2009 Copyright 2009 Trend Micro Inc.
“Mass Web Hack”
10© Third Brigade, Inc.
June 2009 Copyright 2009 Trend Micro Inc.
Multi Pronged Attack
• Sophisticated Attack - Numerous kinds of exploits• Six different kinds of exploits – in most cases
– SQL Injection– JavaScript Injection– Phishing– OS Vulnerability – Malware– Covert channel communication
• Added Evasion techniques such as JavaScript Obfuscation
11© Third Brigade, Inc.
June 2009 Copyright 2009 Trend Micro Inc.
The Attack
12© Third Brigade, Inc.
website
Maliciouswebsite
2b. Browser parsesinjected code
3b. Exploit unpatched vulnerability
5. Passwords, Sensitive Data
1a. SQL Injection
1b. Malicious Code Injected
<IFRAME src=“xyz.com/1.js>
2a. Visit website
3a. Redirected to malicious site
4. Command & Control
June 2009 Copyright 2009 Trend Micro Inc.
Mitigation Strategies
Step Proactive Reactive Comments
1. Protect the web site •Fix application code•Host/Network-based IDS/IPS•App Firewall
•Monitor database content for changes•FIM/Chng Mgmt
•Google searches can be used to locate vulnerable sites; bots can also be used
13© Third Brigade, Inc.
website
1b. Malicious Code Injected
1a. SQL Injection
June 2009 Copyright 2009 Trend Micro Inc.
Mitigation Strategies
Step Proactive Reactive Comments
2. Detect outbound from webserver and Protect browser
•Turn-off or control parsing of JavaScript•Host/Network-based IDS/IPS•App Firewall
•Host/Network-based IDS/IPS•App Firewall
•Client may be outside of your control
14© Third Brigade, Inc.
2b. Browser parsesinjected code
website
Maliciouswebsite
2a. Visit website
June 2009 Copyright 2009 Trend Micro Inc.
Mitigation Strategies
Step Proactive Reactive Comments
3. Protect system •Host/Network-based IDS/IPS
•Block access to ‘known bad’ domains•Patch systems•Anti-virus•Host/Network-based IDS/IPS•FIM
•IP’s and domains used change rapidly
15© Third Brigade, Inc.
Maliciouswebsite
3b. Exploit unpatched vulnerability
3a. Redirected to malicious site
June 2009 Copyright 2009 Trend Micro Inc.
Mitigation Strategies
Step Proactive Reactive Comments
4. Monitor and detect malware
•Host/Network-based IDS/IPS
•Anti-virus•Re-image systems•Host/Network-based IDS/IPS•FIM
•Update AV until it detects•Always check for ‘worst-case’
16© Third Brigade, Inc.
5. Passwords, Sensitive Data
4. Command & Control
June 2009
3. The Insider Threat
June 2009 Copyright 2009 Trend Micro Inc.18
Insider Threats: Market DynamicsEconomic Uncertainty Increases Risk
June 2009 Copyright 2009 Trend Micro Inc.
Insider Threats Increase
If you thought your job was at risk would you, as a pre-emptive move, download company/competitive information?
Cyber-Ark Survey, Nov 2008
June 2009 Copyright 2009 Trend Micro Inc.
Ex-Workers/Fired Workers
According to the 2009 Ponemon Data Loss Study, nearly 60% of ex-employees admitted to taking company data
June 2009 Copyright 2009 Trend Micro Inc.21
Regulatory Requirements Proliferating
June 2009 Copyright 2009 Trend Micro Inc.22
USB
Corporate email
Email on the public Internet
USB
Email on the public Internet
WiFi
CD / DVD
PDA
Bluetooth / infrared
Printer
Many of these concerns can ONLY be addressed via endpoint intelligence
1 2 3 4 5 6
Source: Market Research International
CD / DVD
PDA
WiFi
Bluetooth / infrared
The Importance of Endpoint Protection
Top Threat Vectors of Concern …
June 2009 Copyright 2009 Trend Micro Inc.
DLP Technology Must Haves…
• Off network enforcement and device control
• Online/Offline policies
• Policy reinforcement and education
• Optimized endpoint fingerprinting
• Full and partial fingerprint matching
• Discovery of data at rest
• Real-time content scanning of sensitive data
• Smart identifiers (i.e. SSN, DOB, account numbers)
• Regulatory compliance templates (PCI, HIPAA)
• Language independence
• Centralized management
June 2009 Copyright 2009 Trend Micro Inc.
INTERNAL NETWORK EXTERNAL NETWORK
InternetIntranet
File Server
DocumentManagement
ServerSource Control
ServerCustomer Info
Database
RemovableMedia
LeakProof™DataDNA
Server
LeakProof™ SecurityManagement
ConsoleBranch Office
Offline VPN
Anti-Leak Client
Deploying DLP
If fingerprints required, content
repositories scanned
2
Data classified, DLP policy configured
1
Policy & fingerprints
pushed to clients
3
Violations detected, logged & reported; Endpoints scanned
4
1
4
3Private SecretSecret
2
June 2009 Copyright 2009 Trend Micro Inc.
Trend Micro Data Protection
THREAT DescriptionMitigation Requires
Trend Micro Solutions
Malware
Get employees to unknowingly compromise internal systems
Cloud based correlation of web,
file, email reputation
Endpoint Security: OfficeScan with
Smart Protection Network
Hackers
Compromise web-based applications to access databases
Web application protection, Host Based IDS/IPS
(HIPS)
Deep Security: Deep Packet Inspection,
Server Firewall
Insider Threats
Malicious and accidental breaches of privacy data
Endpoint-based content filtering / Data Loss Prevention (DLP)
LeakProof, Email Encryption
June 2009 Copyright 2009 Trend Micro Inc.
Trend Micro Data Protection Solutions
26
Now with Deep Security!
June 2009 Copyright 2009 Trend Micro Inc.
Data Security + Content SecurityOn-Premise + Cloud-based Solutions
+
• Email Reputation
• Web Reputation
• File Reputation
With Global Threat Feedback
27
Now with Deep Security!
June 2009 Copyright 2009 Trend Micro Inc.
Addressing Hackers: Deep Security
Deep Packet Inspection
IDS / IPSWeb App.Protection
ApplicationControl
FirewallIntegrity
MonitoringLog
Inspection
June 2009 Copyright 2009 Trend Micro Inc.
Deep Packet Inspection
IDS/IPS– Vulnerability rules: shield
known vulnerabilities from unknown attacks
– Exploit rules: stop known attacks
– Smart rules: Zero-day protection from unknown exploits against an unknown vulnerability
– Microsoft Tuesday protection is delivered in synch with public vulnerability announcements.
– On the host/server (HIPS)
Web Application Protection – Enables compliance with PCI DSS 6.6
– Shield vulnerabilities in custom web applications, until code fixes can be completed
– Shield legacy applications that cannot be fixed
– Prevent SQL injection, cross-site scripting (XSS)
Application Control– Detect suspicious inbound/outbound
traffic such as allowed protocols over non-standard ports
– Restrict which applications are allowed network access
– Detect and block malicious software from network access
June 2009 Copyright 2009 Trend Micro Inc.
Integrity Monitoring
Monitors files, systems and registry for changes
• Critical OS and application files (files, directories, registry keys and values, etc.)
• On-demand or scheduled detection
• Extensive file property checking, including attributes (PCI 10.5.5)
• Monitor specific directories • Flexible, practical monitoring
through includes/excludes • Auditable reports
June 2009 Copyright 2009 Trend Micro Inc.
Log Inspection
Getting visibility into important security events buried in log files
• Collects & analyzes operating system and application logs for security events
• Rules optimize the identification of important security events buried in multiple log entries
• Events are forwarded to a SIEM or centralized logging server for correlation, reporting and archiving
June 2009 Copyright 2009 Trend Micro Inc.32
Advanced
Standard
LeakProof Server 5.0
Privacy Protection &Regulatory Compliance
LeakProof Standard + Intellectual Property Protection
Data Leak Prevention: LeakProof 5.0
LeakProof 5.0
June 2009 Copyright 2009 Trend Micro Inc.33
Compliance templates:• PCI• SB-1386• HIPPA• GLBA• US PII
Source Code Templates:• C/C++• Java• C#• Perl• COBOL• VB
HR Keyword Template:• Adult• Weapon• Racism
LeakProof 5.0 StandardPrivacy Protection/Regulatory Compliance
Validators
• LUHN checksum
•Social Security No.
•Credit Card Number
•US Phone number
•US Date
•PRC National ID
•Taiwan ID number
•ROK (South Korean) Reg.#
•Canadian Social Insurance #
•Norwegian Birth number
•American Names
•ABA Routing number
•UK Date
•UK NHS Number
•German Tax ID (eTIN)
•IBAN
•National Provider Identifier (NPI)
•HIC (Health Insurance Claim) Number
•ISO Date
•Swift BIC
•France INSEE Code
•Spanish Fiscal Identification Number (NIF)
•Irish PPSN
•Polish ID Number
•Finish ID
June 2009 Copyright 2009 Trend Micro Inc.34
LeakProof 5.0 Advanced: Intellectual Property Protection via Unique Fingerprinting Technology• Fast
• Small
• Accurate
• Language independent
June 2009 Copyright 2009 Trend Micro Inc.
LeakProof Server• Centralized Management
• Policy
• Visibility
• Workflow
LeakProofServer
Monitor
ACME Customer Privacy ProtectionEmployees of ACME are expectedto protect sensitive informationcontaining customer information such as names, account numbers,social security numbers etc. Please report any …Call the helpdesk or email.
Protect
Educate/Self Remediation
DiscoverLeakProof Client• Intelligent
– Fingerprint, Regex, Keyword, Meta-data
• Small Footprint
• Invisible
• Independent
• Robust
LeakProofClient
LeakProof 5.0 Product Components
June 2009 Copyright 2009 Trend Micro Inc.
Protecting Privacy: What To Do?
DO’s• Identify top Privacy Data, Location,
and Channel (Threat)• Engage data/information owners• Understand what regulations are on
the horizon• Start monitoring/discovering privacy
data usage
DON’Ts• Try to boil the ocean – classify everything,
everywhere• Monitor or prevent EVERY possible threat• Forget to address people/process
improvements Citizen Data Web Aps
Legal Cases, Desktop/Laptop
Legal Cases, WebMail/USB
Privacy Email
June 2009 Copyright 2009 Trend Micro Inc.
Think Again….You May Qualify for a Free Threat Assessment
Trend Micro Tabletop Display• What’s being offered?: We are offering a free, no obligation
assessment of your enterprise network to qualified applicants!• What do I get?: You will receive a two week trial of the Threat
Detection portion of the Threat Management Solution. We even provide onsite installation!
• How does it benefit me?: We will provide a detailed executive report which shows actual vulnerabilities and penetrations of your network, down to the individual PC level. We will provide advice about how to close any security holes we find. No purchase required
• If you think your network is safe – THINK AGAIN!
June 2009
Questions and Discussion