Date post: | 11-May-2015 |
Category: |
Technology |
Upload: | interop-mumbai-2009 |
View: | 955 times |
Download: | 1 times |
Security Leadership in an Era of Economic Downturn
By Abhilash Sonwane, Cyberoam
Presentation Sketch
Security Issues During a Downturn
Methods of Data Leakage
CIOs and Security Leadership
Identity-based Security on Layer 8
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Security Issues During a Downturn
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Scaling back on IT Security Expenses during downturn lay-offs?
� 59% of laid-off employees admitted to stealing confidential data
� 67% used their former firm information in a new job
(SURVEY: Pokemon Institute, January 2009)
Yesterday’s insiders are today’s outsidersCost-cutting means companies are less confident in addressing newly emerging threats
� In a survey of 200 organizations, 32% reduced information security budgets in 2008.
� CONSEQUENCE: 60% admit increasing vulnerability to new, emerging security threats
(SURVEY: Global Security Survey for the Technology,
Media and Telecommunications Industry, May 2009 )
Bad Idea
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Causal Factors behind Data Leakage by Employees
Ignorant User
� Vulnerable to Targeted attacks by
� Hackers, Phishing, Spam
� Social Engineering attacks by ex-employees
� Social Network exploits: Facebook, Myspace
� Lack of awareness about company security policies
� E.g. By survey, 63% employees believed there are no restrictions in using USB memory sticks at work
(SURVEY: Prefix Security Report, UK)
User with Malicious Intent
� Apathetic employee
� Ignores system alerts and virus warnings
“Why should I care about this company?”
� Angry, disgruntled employee
� Sabotages, schemes, teams up with competitor
“I’ll destroy these people, serves them right!”
� Opportunistic, cunning employee
� Motivated by personal and financial gain
“I’ll steal this data for use in my next job.”
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
An Example of Data Leakage
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Ex-employee extracting data from current employees
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Ex-employee extracting data from current employees-The Twist in the Tale
� Yahoo! Messenger is a standard mode of support communication for the corporation
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Ex-employee extracting data from current employees
A disgruntled former employee sends a chat message on Yahoo! casually
Asking his ex-colleague to look at his new photos on his Geocities Website
� The attacker now had the ability to log on at will under the guise of his former colleagues
� Misguides customers and put the organization at risk
Dan_m24
*********
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
How has this become easier?
Hackers on easy street
� Publicly available vulnerability information
� The Toolkit business
� Research – Easy access to information from public and internal resources
Today’s network scenario
�Fluidity of the network perimeter which
opens it to partners, customers and more�Employees have access to business critical
information�One cannot help not being (i)n the “Net”
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
CIOs and Security Leadership
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
CIO Strategy during Downturn1111
Seeking balance Secure corporate information while supporting business agility
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
CIOs must step out of The Traditional Security Approach
Problem: Viruses, Worms, DoS attacks, Spyware
Solution: Firewall, IPS, Anti-Virus, Anti-Spam
The Current Scenario
• Increasing Network complexity
• Departments pose differing levels/types of data security concerns
• Increasingly mobile environments in enterprises
• Regulatory Compliance
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Head Office
BranchOffice
BranchOffice
RoadWarrior
Whatever the Security Solution, Does it have Identity?
• Enterprise Security
– Firewall / VPN / IPS
– AV / AS
– Content Filtering, Bandwidth
Management, Multiple Link Management
– Endpoint Security
• Branch Office and Remote User Security
• The 2 questions to ask are –
– Does it recognize the user?
– Can it control the user – anytime,
anywhere in the network (or outside)?
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Summary of Measures to be taken
Identity-based Security
Secure Remote Access
Basic Security• Secure the Desktop• Secure the Network
� Protecting Data & Securing the enterprise- Managing Remote Access
- Remote Offices and Partners Network- Managing the user
- The Employee & the Partner
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Identity-based Security
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Evolving Towards Identity-Based Heuristics
User identity – An additional parameter to aid decision making
� Who is doing what?� Who is the attacker?� Who are the likely targets? � Which applications are prone to attack – who
accesses them?� Who inside the organization is opening up the
network? How?
Building patterns of activity profiles –User Threat Quotient
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
User Threat Quotient - UTQ
Calculating the UTQ
� Rating users on susceptibility to attack� Nature of user activity� History of activity – normal record access –
number and type (customer data / research reports/..)
� Current status – new employee, terminated , etc.
� Analyze Who is doing What and When� Use of anonymous proxy� Downloading Hacker Tools� Accessing data off-hours� Amount of data accessed
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Technical Preventive Measures
Use Network Activity coupled with user identity information to:
�Identify deviations from the normal acceptable user behavior�Red flag malicious activity based on UTQ� Context of activity – repeated wrong password
attempts by new vs. old employee�Get Intrusion alerts with user identity information
� To Ease the data interpretation� To Determine how to fine tune the security
policies�Correlate data, e.g. using Bayesian inference network
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Use UTQ for Soft Measures
� Individualized education based on UTQ information
� Educating to Key persons – having access to business critical information
� Educating the employees as their role evolves – joiner, moving up, quitter
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Questions?!?
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Thank You!
For further info, please contact [email protected]
To Know more about Cyberoam visit www.cyberoam.com