Proven Practices to Protect Critical Data - DarkReading VTS Deck

© 2010 NetIQ Corporation. All rights reserved.

Proven Practices to Protect Critical Data

Matt MosleySr. Product Manager

Matt UleryDirector, Product Management


Information Security Trends

2

Increasingly heterogeneous & dynamic IT environments

Dynamic workforce that is being increasingly stretched

New and complex threat vectors

• Multiple delivery models (private / public / hybrid cloud) • Virtualization & capacity optimization• IT under increasing pressure to support consumerization

• Diversity (employees, contractors, outsourcing, partners)• Mergers & acquisitions • Skills generalization

• Multiple delivery models (private / public / hybrid cloud) • Virtualization & capacity optimization

Business

People

Technology


Is This You?

Identifying and securing data is difficult.

Environment and threats are increasingly complex.

Workload is high and staffing is low.

Many point solutions with poor integration.

Difficult to gain a meaningfulpicture of what is happening.

3


The New Security Team

Protection of sensitive data and mission-critical systems remains a key business objective.

Regulatory compliance has provided funding but increased the workload.

Compliance programs should (but don’t always) provide meaningful security benefits.

4


Dai Nippon Printing reports client data theftReuters | 12 March 2007

TOKYO, March 12 (Reuters) -Japan's Dai Nippon Printing Co. said on Monday a former contract worker stole nearly 9 million pieces of private data on customers from 43 clients including Toyota Motor Corp.

Dai Nippon, one of Japan's largest commercial printing companies, said the confidential information included names, addresses and credit card numbers intended for use in direct mailing and other printing services.

Dai Nippon said the employee stole client data between May 2001 and March 2006 by copying information on to floppy disks and other recording media.

When It All Goes Wrong…

Supermarket Chains Hit By Data Theft

Robert McMillan | IDG News Service | March 18, 2008

Data thieves broke into computers at supermarket chains

Hannaford Brothers and Sweetbay, stealing an estimated 4.2

million credit and debit card numbers, Hannaford said

Monday….

The Associated Press reported Monday that more than 1,800

cases of fraud had been linked to the theft, which affects 4.2

million credit and debit card numbers…

Payment Processor Breach May Be Largest EverBy Brian Krebs | Washington Post | 20 January 2009

A data breach last year at Princeton, N.J., payment

processor Heartland Payment Systems may have

compromised tens of millions of credit and debit card

transactions, the company said today.

If accurate, such figures may make the Heartland

incident one of the largest data breaches ever reported.

“In filings for the Securities and Exchange Commission, Heartland said that it lost $2 million in the second quarter of this year, and that the 2008 data security breach cost it $32 million as of June 30 (2009)” – Credit Union Times

5


Back to BasicsGood Security Makes Compliance Easier.

Compliance is a process, not a project.

The best way to achieve compliance is to get the security basics right.

Use compliance programs to help focus security, refine processes, and document what’s done.

Relying simply on compliance to provide security leaves organizations open to attack.

6


Cloud computing, virtualization and the consumerization of IT have led us to ask:

Who has access to our data?

Where are they accessing it from?

How do I monitor privileged activity?

It’s a Brave New World

7


What are we trying to protect?

− Identify and classify sensitive data and assets.

Who or what are we protecting it from?

− Vulnerabilities can be technical or non-technical.

− Accidents or errors often cost more than malicious attacks.

What would happen if we fail?

− Failure to meet regulatory mandates can be costly.

− Lost business opportunity or interruption of activity.

Start by Understanding Risk

8


Identify and Protect Critical Data

Finding the data

− Data may be in files, on physical media, in databases, or in the cloud.

− Most breaches involve data that the victim did not know was there.

Categorizing data

− What data is sensitive and at risk?

Monitoring access

− Can I identify abnormal access?

− Who is really accessing the information?

9


Monitor User and Resource Access

10

“Authorized” users are a major threat to data:

− Theft, fraud and abuse remain significant problems.

− Accidental exposure or loss of data.

Privileged users represent the greatest risk:

− Can insert malicious code just about anywhere.

− Have the ability to override system controls without detection.

“Out-of-date and/or excessive privileged and access control rights for users are viewed as having the most financial impact on organizations.”

– IDC Insider Risk Management, August 2009


The Importance of User (De-)Provisioning

Rajendrasinh Makwana, 35, of Frederick, Maryland, was indicted on January 27 for the attempted malware attack.

“Despite Makwana’s termination, [his] computer access was not immediately terminated.”

- FBI agent Jessica A. Nye stated in the affidavit.

Makwana created a malicious script:

- Designed to propagate to all 4,000 servers.

- Damage would have cost millions of dollars to repair.

Nearly 80% of terminated employees take data with them

that they know is against company policy. – Dark Reading Tech Center – Insider Threat: March 2009

11


Control and Monitor Privileged Access

Monitor system and file integrity

− Changes to key system files.

− Modification of rarely accessed data.

Investigate unusual changes

− Changes to key system files.

− Modification of rarely accessed data.

Audit individual actions

− Focus on privileged and “high risk” users/accounts.

12


Capture and Monitor Log Data

Security and network devices generate lots of data

− OS, Network, Virtual, P&A, User Activity, DAM, IAM.

Compliance mandates capture and review of logs

Logs can often provide early warning signs

− 82% of the time, evidence was visible in logs beforehand.

Failure to monitor is costly

− Breaches often go undiscovered and uncontained for weeks or months.

13


Virtualization brings its own challenges to maintaining compliance

Maintain and extend security for critical system into the virtual environment

Audit and configuration are just as important

Log management is still required

Physical, Virtual, Hybrid

14


Some Questions to Ask Yourself…

How do I monitor privileged users?

How do I detect changes?

How can I see what has changed, and who changed it?

How do I see when someone accesses sensitive information?

How do I know if someone copies sensitive data?

What about protecting Active Directory and Group Policy Objects?

What about relational databases?

15


Summary

Complexity is increasing; capacity is not.

Criminals are having success exploiting weaknesses in process as much as technology.

Hybrid service delivery models simply change the threat vector but do not reduce the risk.

Focus on basic good practices to get ahead of the bad guys.

16


Security & Compliance

Identity & Access

Performance & Availability

1717 © 2010 NetIQ Corporation. All rights reserved.

Our Areas of Focus and Expertise

• Manage and audit user entitlements

• Track privileged user activity

• Protect the integrity of key systems and files

• Monitor access to sensitive information

• Simplify compliance reporting • Monitor and manage heterogeneous environments including custom applications

• IT Service validation and end-user performance monitoring

• Dynamic provisioning of large-scale monitoring with exceptions

• Functional and hierarchical incident escalation

• Deliver and manage differentiated service levels

• User Provisioning Lifecycle Management

• Centralize Unix account management through Active Directory

• Reduce number of privileged users

• Secure delegated administration

• Windows and Exchange migration


Learn More in Our Virtual Booth

Complete our survey.

− For a chance to win one of two Apple iPads.

Chat with our product experts.

Download analyst research reports:

− “Build Security Into Your Network’s DNA: The Zero Trust Network Model” - Forrester

View recent webinars with industry experts:

− “Combating the Insider Threat: Vulnerabilities and Countermeasures” with Ira Winkler

Access informative whitepapers, including:

− “Address the Insider Threat of Privileged Users”, co-authored by Dr. Eric Cole

18

Worldwide Headquarters

1233 West Loop South, Suite 810Houston, Texas 77027 USAWorldwide: 713.548.1700N. America Toll Free: [email protected] NetIQ.com

NetIQ, an Attachmate business.


Thank You For Attending!