Upload
netiq
View
807
Download
0
Tags:
Embed Size (px)
Citation preview
© 2010 NetIQ Corporation. All rights reserved.
Proven Practices to Protect Critical Data
Matt MosleySr. Product Manager
Matt UleryDirector, Product Management
© 2010 NetIQ Corporation. All rights reserved.
Information Security Trends
2
Increasingly heterogeneous & dynamic IT environments
Dynamic workforce that is being increasingly stretched
New and complex threat vectors
• Multiple delivery models (private / public / hybrid cloud) • Virtualization & capacity optimization• IT under increasing pressure to support consumerization
• Diversity (employees, contractors, outsourcing, partners)• Mergers & acquisitions • Skills generalization
• Multiple delivery models (private / public / hybrid cloud) • Virtualization & capacity optimization
Business
People
Technology
© 2010 NetIQ Corporation. All rights reserved.
Is This You?
Identifying and securing data is difficult.
Environment and threats are increasingly complex.
Workload is high and staffing is low.
Many point solutions with poor integration.
Difficult to gain a meaningfulpicture of what is happening.
3
© 2010 NetIQ Corporation. All rights reserved.
The New Security Team
Protection of sensitive data and mission-critical systems remains a key business objective.
Regulatory compliance has provided funding but increased the workload.
Compliance programs should (but don’t always) provide meaningful security benefits.
4
© 2010 NetIQ Corporation. All rights reserved.
Dai Nippon Printing reports client data theftReuters | 12 March 2007
TOKYO, March 12 (Reuters) -Japan's Dai Nippon Printing Co. said on Monday a former contract worker stole nearly 9 million pieces of private data on customers from 43 clients including Toyota Motor Corp.
Dai Nippon, one of Japan's largest commercial printing companies, said the confidential information included names, addresses and credit card numbers intended for use in direct mailing and other printing services.
Dai Nippon said the employee stole client data between May 2001 and March 2006 by copying information on to floppy disks and other recording media.
When It All Goes Wrong…
Supermarket Chains Hit By Data Theft
Robert McMillan | IDG News Service | March 18, 2008
Data thieves broke into computers at supermarket chains
Hannaford Brothers and Sweetbay, stealing an estimated 4.2
million credit and debit card numbers, Hannaford said
Monday….
The Associated Press reported Monday that more than 1,800
cases of fraud had been linked to the theft, which affects 4.2
million credit and debit card numbers…
Payment Processor Breach May Be Largest EverBy Brian Krebs | Washington Post | 20 January 2009
A data breach last year at Princeton, N.J., payment
processor Heartland Payment Systems may have
compromised tens of millions of credit and debit card
transactions, the company said today.
If accurate, such figures may make the Heartland
incident one of the largest data breaches ever reported.
“In filings for the Securities and Exchange Commission, Heartland said that it lost $2 million in the second quarter of this year, and that the 2008 data security breach cost it $32 million as of June 30 (2009)” – Credit Union Times
5
© 2010 NetIQ Corporation. All rights reserved.
Back to BasicsGood Security Makes Compliance Easier.
Compliance is a process, not a project.
The best way to achieve compliance is to get the security basics right.
Use compliance programs to help focus security, refine processes, and document what’s done.
Relying simply on compliance to provide security leaves organizations open to attack.
6
© 2010 NetIQ Corporation. All rights reserved.
Cloud computing, virtualization and the consumerization of IT have led us to ask:
Who has access to our data?
Where are they accessing it from?
How do I monitor privileged activity?
It’s a Brave New World
7
© 2010 NetIQ Corporation. All rights reserved.
What are we trying to protect?
− Identify and classify sensitive data and assets.
Who or what are we protecting it from?
− Vulnerabilities can be technical or non-technical.
− Accidents or errors often cost more than malicious attacks.
What would happen if we fail?
− Failure to meet regulatory mandates can be costly.
− Lost business opportunity or interruption of activity.
Start by Understanding Risk
8
© 2010 NetIQ Corporation. All rights reserved.
Identify and Protect Critical Data
Finding the data
− Data may be in files, on physical media, in databases, or in the cloud.
− Most breaches involve data that the victim did not know was there.
Categorizing data
− What data is sensitive and at risk?
Monitoring access
− Can I identify abnormal access?
− Who is really accessing the information?
9
© 2010 NetIQ Corporation. All rights reserved.
Monitor User and Resource Access
10
“Authorized” users are a major threat to data:
− Theft, fraud and abuse remain significant problems.
− Accidental exposure or loss of data.
Privileged users represent the greatest risk:
− Can insert malicious code just about anywhere.
− Have the ability to override system controls without detection.
“Out-of-date and/or excessive privileged and access control rights for users are viewed as having the most financial impact on organizations.”
– IDC Insider Risk Management, August 2009
© 2010 NetIQ Corporation. All rights reserved.
The Importance of User (De-)Provisioning
Rajendrasinh Makwana, 35, of Frederick, Maryland, was indicted on January 27 for the attempted malware attack.
“Despite Makwana’s termination, [his] computer access was not immediately terminated.”
- FBI agent Jessica A. Nye stated in the affidavit.
Makwana created a malicious script:
- Designed to propagate to all 4,000 servers.
- Damage would have cost millions of dollars to repair.
Nearly 80% of terminated employees take data with them
that they know is against company policy. – Dark Reading Tech Center – Insider Threat: March 2009
11
© 2010 NetIQ Corporation. All rights reserved.
Control and Monitor Privileged Access
Monitor system and file integrity
− Changes to key system files.
− Modification of rarely accessed data.
Investigate unusual changes
− Changes to key system files.
− Modification of rarely accessed data.
Audit individual actions
− Focus on privileged and “high risk” users/accounts.
12
© 2010 NetIQ Corporation. All rights reserved.
Capture and Monitor Log Data
Security and network devices generate lots of data
− OS, Network, Virtual, P&A, User Activity, DAM, IAM.
Compliance mandates capture and review of logs
Logs can often provide early warning signs
− 82% of the time, evidence was visible in logs beforehand.
Failure to monitor is costly
− Breaches often go undiscovered and uncontained for weeks or months.
13
© 2010 NetIQ Corporation. All rights reserved.
Virtualization brings its own challenges to maintaining compliance
Maintain and extend security for critical system into the virtual environment
Audit and configuration are just as important
Log management is still required
Physical, Virtual, Hybrid
14
© 2010 NetIQ Corporation. All rights reserved.
Some Questions to Ask Yourself…
How do I monitor privileged users?
How do I detect changes?
How can I see what has changed, and who changed it?
How do I see when someone accesses sensitive information?
How do I know if someone copies sensitive data?
What about protecting Active Directory and Group Policy Objects?
What about relational databases?
15
© 2010 NetIQ Corporation. All rights reserved.
Summary
Complexity is increasing; capacity is not.
Criminals are having success exploiting weaknesses in process as much as technology.
Hybrid service delivery models simply change the threat vector but do not reduce the risk.
Focus on basic good practices to get ahead of the bad guys.
16
© 2010 NetIQ Corporation. All rights reserved.
Security & Compliance
Identity & Access
Performance & Availability
1717 © 2010 NetIQ Corporation. All rights reserved.
Our Areas of Focus and Expertise
• Manage and audit user entitlements
• Track privileged user activity
• Protect the integrity of key systems and files
• Monitor access to sensitive information
• Simplify compliance reporting • Monitor and manage heterogeneous environments including custom applications
• IT Service validation and end-user performance monitoring
• Dynamic provisioning of large-scale monitoring with exceptions
• Functional and hierarchical incident escalation
• Deliver and manage differentiated service levels
• User Provisioning Lifecycle Management
• Centralize Unix account management through Active Directory
• Reduce number of privileged users
• Secure delegated administration
• Windows and Exchange migration
© 2010 NetIQ Corporation. All rights reserved.
Learn More in Our Virtual Booth
Complete our survey.
− For a chance to win one of two Apple iPads.
Chat with our product experts.
Download analyst research reports:
− “Build Security Into Your Network’s DNA: The Zero Trust Network Model” - Forrester
View recent webinars with industry experts:
− “Combating the Insider Threat: Vulnerabilities and Countermeasures” with Ira Winkler
Access informative whitepapers, including:
− “Address the Insider Threat of Privileged Users”, co-authored by Dr. Eric Cole
18
Worldwide Headquarters
1233 West Loop South, Suite 810Houston, Texas 77027 USAWorldwide: 713.548.1700N. America Toll Free: [email protected] NetIQ.com
NetIQ, an Attachmate business.
© 2010 NetIQ Corporation. All rights reserved.
Thank You For Attending!