Upload
imperva
View
909
Download
2
Embed Size (px)
DESCRIPTION
As SharePoint gains traction in your organization, users quickly create new sites and add data to help them share information and work more efficiently. Before you know it, sensitive files are spread throughout SharePoint and security becomes crucial. Are you aware of - and prepared to stop - all the SharePoint security risks that are out there? SharePoint is a complex, far-reaching system that's exposed internally and externally. With increased reliance on SharePoint comes multiple security risks, some obvious and some you wouldn't have imagined. Review this presentation to learn about some of the most surprising risks in SharePoint, uncovered by Imperva's security experts, including: (1) the six most surprising SharePoint threats including compromised insiders and search engine data leakage; (2) real-world examples of each threat; (3) practical methods for addressing these risks
Citation preview
© 2014 Imperva, Inc. All rights reserved.
The 6 Most Surprising SharePoint Security Risks Webinar
Confidential 1
Carrie McDaniel - Product Marketing Manager, SharePoint Security
© 2014 Imperva, Inc. All rights reserved.
Agenda
Confidential 2
§ Discuss 6 of the most surprising SharePoint risks • An example of each risk • Ways to mitigate these threats
§ Newly released, supporting research
© 2014 Imperva, Inc. All rights reserved.
Carrie McDaniel – SharePoint Security Team
3
§ Product Marketing Manager for File Security; focus on SharePoint security
§ Previously held product marketing position at Moody’s Analytics in San Francisco
§ Past experience in finance and tech industries at Wells Fargo and NetApp
§ Holds degrees in Marketing and French from Santa Clara University
© 2014 Imperva, Inc. All rights reserved. Confidential 4
Web applications remain the proverbial punching bag of the internet. They’re beaten in one of two ways: by exploiting a weakness in the application or by using stolen credentials to impersonate a valid user. Many of the attacks in our 2013 dataset targeted off the shelf content management systems…
2014 Verizon Data Breach Investigations Report
© 2014 Imperva, Inc. All rights reserved.
SharePoint Architecture
Confidential 5
Web Servers
Application Servers
MS SQL Databases
© 2014 Imperva, Inc. All rights reserved.
SharePoint Components Hit Hard in 2013
Confidential 6
35% of data breaches resulted
from web application attacks.
88% of all incidents reported were due to
privilege abuse.
Out of all corporate assets, 25% of data
was stolen from databases.
2014 Verizon Data Breach Investigations Report
© 2014 Imperva, Inc. All rights reserved.
Reasons Why This is Happening
Confidential 7
Only 42% audit external SharePoint
access.
76% grant non-employee
SharePoint access.
Only 7% run SharePoint access
logs.
Dimensional Research. SharePoint and Security Survey. December 2013.
© 2014 Imperva, Inc. All rights reserved.
SharePoint Security Risk 1
Confidential 8
Insider Threats
© 2014 Imperva, Inc. All rights reserved.
Critical Data is Stored in SharePoint
Confidential 9
Regulated
Sensitive
2014 Verizon Data Breach Investigations Report
© 2014 Imperva, Inc. All rights reserved.
The Insider Threat is Multifaceted
Confidential 10
1. Insiders steal data by abusing excessive privileges 2. Users are compromised, and privileges are escalated
“…taking advantage of the system access privileges granted by an employer and using them to commit
nefarious acts – tops the list.” 2014 Verizon Data Breach Investigations Report
Administrators hold the keys to the kingdom.
© 2014 Imperva, Inc. All rights reserved.
SharePoint is Complex; Permissions are Challenging
Confidential 11
HR Site
Finance Site
Engineering Site
IT Contractor
HR Employee Engineer
© 2014 Imperva, Inc. All rights reserved.
Conclusions on Insider Threats
Confidential 12
1. Organizations must have a centralized view of file and folder permissions across the SharePoint platform.
2. Preventing data access based solely on an ACL-based security model is ineffective.
• Insiders are getting around these controls
3. Monitor, monitor, monitor.
© 2014 Imperva, Inc. All rights reserved.
SharePoint Security Risk 2
Confidential 13
Ineffective Log Management
© 2014 Imperva, Inc. All rights reserved.
Companies Not Monitoring SharePoint File Access
Confidential 14
However: • 29% of organizations do
not use SharePoint access logs
• 64% run them monthly
Dimensional Research. SharePoint and Security Survey. December 2013.
Facts:
• 76% of organizations allow non-employees access to SharePoint
• The majority are worried about unauthorized access from the general public and partners
© 2014 Imperva, Inc. All rights reserved.
SharePoint’s Access Logs Have Challenges
Confidential 15
1. Not typically turned on. 2. Audit logs accumulate volumes of
unnecessary data. 3. Logs are cyclic, and rollover quickly. 4. No separation of duties. 5. Not auditor-ready.
© 2014 Imperva, Inc. All rights reserved.
Conclusions on SharePoint Log Management
Confidential 16
1. Organizations need to record all access across the web, content and database layers of SharePoint.
2. Monitoring must occur in real-time to ensure data security.
3. Auditors need to ensure that appropriate data controls are in place, no matter where it’s stored.
© 2014 Imperva, Inc. All rights reserved.
SharePoint Security Risk 3
Confidential 17
Vulnerabilities in Third-party Code
© 2014 Imperva, Inc. All rights reserved. Confidential 18
More than half of organizations use or are “…planning to use third-party add-on
products in order to enhance functionality.
Only a third thinks they will stick with the vanilla product.”
AIIM 2012 Industry Watch Survey
Nowhere is this exploited on a larger scale than in Content Management Systems (CMS)…and even then, more in the added plugins than the core CMS code itself.
2012
2013
2014 Verizon Data Breach Investigations Report
© 2014 Imperva, Inc. All rights reserved.
Add-ons Defined
Confidential 19
Plug-in
A software component that adds additional functionality to the larger SharePoint system.
Example: SharePoint Outlook Integration
Web Part
A stand-alone application that is embedded into SharePoint that pulls in useful information from other Websites.
Example: Twitter feed
Optimus.com
© 2014 Imperva, Inc. All rights reserved. Confidential 20
Convenience
Collaboration
Productivity
Ease-of-use
© 2014 Imperva, Inc. All rights reserved. 21
3rd Party
According to Veracode: • “Up to 70% of internally developed code originates outside of the
development team” • 28% of assessed applications are identified as created by a 3rd
party
Confidential
© 2014 Imperva, Inc. All rights reserved. Confidential 22
IT and security teams should always assume that third-party code present in SharePoint applications contain significant vulnerabilities.
You can’t fix code you don’t own.
Organizations won’t be protected until that third-party addresses the
vulnerabilities.
What’s the risk?
© 2014 Imperva, Inc. All rights reserved. 23
OWASP Top 10 – 2013 Update
New, A9 - Using Known Vulnerable Components
Confidential
© 2014 Imperva, Inc. All rights reserved.
Classic Web Site Hacking
Confidential 24
Hacking 1. Identify Target 2. Find Vulnerability 3. Exploit
Single Site Attack
© 2014 Imperva, Inc. All rights reserved.
Classic Web Site Hacking
Confidential 25
Hacking
1. Identify Target 2. Find Vulnerability 3. Exploit
Hacking
1. Identify Target 2. Find Vulnerability 3. Exploit
Hacking
1. Identify Target 2. Find Vulnerability 3. Exploit
Hacking
1. Identify Target 2. Find Vulnerability 3. Exploit
Hacking
1. Identify Target 2. Find Vulnerability 3. Exploit
Multiple Site Attacks
© 2014 Imperva, Inc. All rights reserved.
SharePoint Application Hacking
Confidential 26
Hacking
1. Identify add-on 2. Find Vulnerability 3. Exploit
© 2014 Imperva, Inc. All rights reserved.
Imperva’s Take: Vulnerabilities in Third-party Code are Inevitable
Confidential 27
Photo Credit: cnet.com
© 2014 Imperva, Inc. All rights reserved.
SharePoint Security Risk 4
Confidential 28
Data Leakage
© 2014 Imperva, Inc. All rights reserved.
Global Site
Sensitive Data Leakage Often Occurs Accidently
Confidential 29
§ Simple SharePoint misconfigurations can expose corporate data
Head of Finance
Finance Site
HR Site
Sales Site
© 2014 Imperva, Inc. All rights reserved.
Global Site
Sophisticated Search Tools Can Uncover Sensitive Data
Confidential 30
§ Google capabilities like Indexed FTP, Search by Image, and Table Search offer new ways to discover and extract data
Web User
Finance Site
HR Site
Sales Site
© 2014 Imperva, Inc. All rights reserved.
Conclusions on SharePoint Data Leakage
Confidential 31
1. Organizations need tight controls over the content being served by SharePoint.
2. Implementing security policies that check for outgoing data can help prevent leakage.
3. As part of your security strategy, put a process in place to validate the content accessible via your SharePoint web servers.
© 2014 Imperva, Inc. All rights reserved.
SharePoint Security Risk 5
Confidential 32
Targeted Attacks / Phishing
© 2014 Imperva, Inc. All rights reserved.
Attackers Pull Data From Websites for Use in Targeted Attacks
Confidential 33
§ Site scraping – not just for undercutting competitor’s prices and republishing Website listings
80% of the Fortune 500 are using SharePoint
Source: www.topsharepoint.com
© 2014 Imperva, Inc. All rights reserved.
Conclusions on Phishing and Targeted Attacks
Confidential 34
1. Companies can protect their brand by protecting against site scrapers.
2. It’s difficult to distinguish site scrapers from legitimate users; proactive detection must be in place.
3. Organizations can rely on malicious source IP address feeds to protect against site scraping.
© 2014 Imperva, Inc. All rights reserved.
SharePoint Security Risk 6
Confidential 35
Unauthorized Access to the Microsoft SQL Database
© 2014 Imperva, Inc. All rights reserved.
An Overlooked SharePoint Security Risk
Confidential 36
Databases and file servers, both repositories of so much valuable information, are targeted regularly…
Admins unknowingly make unsupported database changes.
Malware-compromised insiders access the
database. Malicious insiders target
the database.
2014 Verizon Data Breach Investigations Report
© 2014 Imperva, Inc. All rights reserved.
Conclusions on Unauthorized Database Access
Confidential 37
1. The SharePoint SQL database holds the crown jewels, and must be protected from abuse.
2. Even unintentional changes can have a broad security impact on the SharePoint system.
3. Monitor, monitor, monitor.
© 2014 Imperva, Inc. All rights reserved.
Reduce Risk, Protect Your Data, Save Time
Confidential 38
SecureSphere for SharePoint
© 2014 Imperva, Inc. All rights reserved.
Imperva Secures the SharePoint Platform, From End-to-end
Confidential 39
1. Insider Threats
2. Ineffective Log Management
3. Vulnerabilities in Third Party Code
4. Data Leakage
5. Targeted Attacks
6. Unauthorized Access to the SQL Database
Web Application Security
File Security
Database Security
© 2014 Imperva, Inc. All rights reserved.
Audit
Enterprise Users
The Internet
SQL Injection
XSS
Web Servers
Application Servers
MS SQL Databases
Web-Application Firewall
Activity Monitoring, Permissions Management &
Access Control
Excessive Rights
Administrators
DB Activity Monitoring & Access Control
Unauthorized Changes
Audit
Unauthorized Access
Layers of SharePoint Protection
Confidential 40
© 2014 Imperva, Inc. All rights reserved.
Gartner’s Take: WAFs Are Worth the Investment
Confidential 41
Firewalls and Intrusion prevention systems don’t provide sufficient protections for most public-facing websites or internal business-critical and custom Web applications. WAFs are different from NGFWs and IPSs. WAFs protect, at a granular level, the enterprise's custom Web applications against Web attacks.
Web Application Firewalls Are Worth the Investment for Enterprises Jeremy D’Hoinne & Adam Hils; Feb 28, 2014
Gartner, Inc.
© 2014 Imperva, Inc. All rights reserved.
Webinar Materials
42
Post-Webinar Discussions
Answers to Attendee
Questions
Webinar Recording Link Join Group
Join Imperva LinkedIn Group, Imperva Data Security Direct, for…
© 2014 Imperva, Inc. All rights reserved.
www.imperva.com
43