The Bad Guys are using IT. Are You?

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 1

The Bad Guys are using IT. Are You?

Picture credit: www.wearelegionthedocumentary.com

Koh Hong Eng

Vice President (Corporate), POLCYB The Society for the Policing of Cyberspace

Global Lead, Justice & Public Safety (JPS)

Oracle Corporation


The Safe Harbor

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.


Oracle Global Justice & Public Safety Team

Jorge Medina

Cindy Schwimer Tim Wallace Jeff Penrose David Shepherd

Udi Nessimyan

Koh Hong Eng

Global Lead

Twitter Gives Occupy Wall Street Tweets To New York Judge 14 Sep 2012

“We talk on the Internet about what happened in Egypt, about our structure, about our organization, how to organize a flash mob, how to organize a sit-in”

Ahmed Maher, one of the founders of Egypt’s Facebook Revolution on 6 Apr 08,

on advising the Occupy activists

Why BlackBerry Messenger was rioters' communication method of choice 7 Dec 2011

Crime-Sourcing Criminals Turn to Outsourcing to Launch Distributed Denial of Service Attacks 3 Dec 2013

Man-In-The-Middle

How a Hacker Intercepted FBI and Secret Service Calls With Google Maps 27 Feb 2014

US Government Agency Compromised by Social Engineering 4 Nov 2013

2009: “Robin Sage” (The Security Blogger)!Information and intelligence obtained from US military personnel!

2011: “Emily Williams”!“What else can happen outside of data being leaked over social networks?”!

Emily Williams Social Engineering

Massive data theft hits 40% of South Koreans

21 Jan 2014

“Customer details appear to have been swiped by a worker at the Korea Credit Bureau, a company that offers risk management and fraud detection services.”

1 April 2013

UK sex crimes via Facebook, Twitter increased 400% since 2009

“Personal data on Twitter and Facebook are being utilized by sexual predators to identify susceptible females and gain their confidence.”

Ransomware


Adapted from Kuppinger Cole Presentation, March 2013

COORDINATED ATTACKS

HACKING

DATA THEFT

DENIAL OF SERVICE BLACKMAIL

•  PRIVILEGE

ABUSE •  DELIBERATE

LEAKAGE •  CURIOSITY

•  ACCIDENTAL

ERASURE

•  ACCIDENTAL DISCLOSURE

Cloud Mobile Social


PEOPLE Employees, Contractors Costumers & Partners

THE NETWORK IS NO LONGER THE POINT OF CONTROL

DEVICES Phones, Servers, Laptops, Tablets

DATA Unstructured & Structured

THE NEW PERIMETER PREVENTIVE

DETECTIVE


SECURITY

SECURITY

SECURITY

SECURITY

SECURITY

SECURITY

SECURITY

Oracle Engineered

Systems


S E C U R I T Y S E C U R I T Y

S E C U R I T Y S E C U R I T Y

S E C U R I T Y

S E C U R I T Y

S E C U R I T Y

SECURITY INSIDE OUT BUILT-IN AT EVERY LAYER


Governance, Risk and Compliance

Identity Management

Mobile Security

Cloud Security

Infrastructure Security

SECURITY INSIDE OUT


Infrastructure Security

§ Ensure confidentiality of medical and patient data through comprehensive database security with centralized configuration, unified interface, and simplified deployment across platforms.

§ Monitor access to sensitive data regarding global bidding, medical licenses, medical supplies, human resources, financials, etc.

§ Provide detailed information about every user who accesses the databases, including requests for applications or IP addresses, and report these details on demand to facilitate efficient audit detection.

Kingdom of Saudi Arabia Ministry of Health

•  Exadata •  Audit Vault •  DB Firewall


Identity Management

§ Grocery retailing and food logistics. § More then 2,200 stores and about 2,500 franchises. § 2,200 iPads for store managers.

SUPERVALU

•  Identity Management •  Access Management •  Directory Server

"Through Oracle’s forward-thinking approach to identity management, we can provide our employees with the technology they need to be more productive and bolster customer relationships, while enabling the company to securely leverage the latest social and mobile innovations.” – Phillip Black, IT Director for Identity and Access Management, SUPERVALU


Governance, Risk and Compliance

§ Established in 1817 with total assets of $658B; 35,000 employees. § Challenges:

–  User access was too broad. –  Privacy Act violations. –  No audit trail. –  Segregation of Duties (SoD) process was expensive and ineffective.

§ Results: –  Resolved 85% of SoD conflicts across ERP system; mitigating controls for the rest. –  Resolved privacy issues with access to Social Security Numbers. –  Created detailed access rules and comprehensive audit trails.

USA Department of Health & Human Services

•  GRC Control Suite


Cloud Security USA Federal Emergency Management Agency

•  RightNow Government Cloud

Hurricane Sandy


Cloud Security

§ Engage the community as part of community policing.

§ Better understanding of public sentiments.

§  Improve crime analysis over social networks.

§ Early detection of suspicious activities and crime suspects.

§  Incorporate new techniques in crime investigation process.

Federal Police of a Latin America country


CONTAINER EXPERIENCE CONTROL

Isolate corporate data, support remote wipe, restrict

data transfer

Secure applications & communication, corporate

application store

Role based access, self service request, sign-on,

fraud detection

MOBILE SECURITY SUITE

Mobile Security Oracle’s Strategy

A top 50 bank in USA with few million customers

across few states


What about Social Engineering? Big Data to the Rescue

Oracle Big Data Appliance

NoSQL DB Driver

Application

HDFS, Hadoop, CDH

Map ReduceORCH -‐ Stats

Map ReduceHive -‐ Activities

Map ReducePig -‐ Sessionize

Cyber Information Discovery

Complex EventProcessing

Expert SystemDecisionEngine

Cyber Real-‐time Analysis

API/NBI SIEM/SOC

Mass Analysis\Algorithm

s Layer

Probe/Switch

LAN

Probe/switch

Real-‐time Access

Batch Processing

System M

onitoring & M

anagement

§ Cyber Intelligence § Network Behavior

Anomaly Detection (NBAD)

§ Analytics & Reporting § DPI-based Router

•  Big Data Appliance •  Oracle Event Processing •  Real-Time Decisions •  Endeca Information Discovery


Cyber Intelligence Countering Social Engineering








DON’T SECURE YOURSELF OUT OF BUSINESS

•  You can’t defend everything •  Re-assess, Re-evaluate

•  People, Data, Devices

•  Prevent. Detect. Assume breached •  Security inside out

•  Protect your most valuable assets •  Have a plan and execute the plan


Internet of Things 2010 2015 2020

PEOPLE More DEVICES Than

Source: Cisco IBSG, Apr 2011

50 Billion

25 Billion

12.5 Billion


[email protected]

@he_koh

linkedin.com/in/hekoh

Thank You!

Technology

The Bad Guys are using IT. Are You?