Lessons Learned from

CloudLock’s Cyberlab report

The 1% Who Can Take Down

Your Organization

1

Presenters

Bernd LegerVP of Marketing

Ayse Kaya FiratDirector of Customer Insights & Analytics

2

Continuing Professional Education (CPE) Credits

Claim your CPE credit for attending this webinarhttps://www.isc2.org/

For more information or questions please contact us

info@cloudlock.com

3

Q3 2015 Cloudlock Cyberlab Report

Agenda

01

02

03

04

What CISO’s care about

Account Compromise - Focus on the 1%

Data Breaches - Protect What Matters

Cloud Malware - The Backdoor

5

05 Summary

What CISOs Care About

6

IDENTITY

ACCOUNTS APPS

DATA

CLOUD

DEVICE

Cloud Cybersecurity - Where You Should Focus

7

APPSACCOUNTS

DATA

Cloud Malware(Apps Discovery &

Control)

Data Breach(Cloud DLP)

4

Compliance(Reporting/Policy)

5

SecOps & Forensics(Security Admin)

3

2

CompromisedAccounts

(UBA)

1

7

8

Scope of Cybersecurity Report

91,000APPS

DISCOVERED

10 MillionACTIVE USERS

FILESMONITORED

DAILY

1 Billion

CloudLock Confidential

The 1% who can take down your Organization: Disproportionate Cloud Risk

9

01

10

Account Compromises -

Focusing on the User

“User Behavior Analytics No Longer a Nice to Have

Gartner explains "By 2018, at least 25% of self-discovered enterprise breaches will be found using user behavior analytics (UBA)." Gartner, Best Practices and Success Stories for User Behavior Analytics, March 2015

11

1 in 4 users violate corporate security policy

12

The 1% Who Can Take Down Your Organization

13

No Industry is Immune

Customer Story -The True Risk of Data Dense Users

14

Hi-Tech customer based in the Silicon Valley

Highly confidential IP: ● Design docs● Patents● Engineering code

Customer Story - Rapid ROI

15

● US based company in the travel industry.

● 62% of decrease in public exposures in one day by leveraging UBA

● Reached out to top users with public exposures

● Rapid return on investment● Revealed gaps in employee

security training

Recommendations - Account Compromise

16

1. Identify: Who are the riskiest

users? Plus, what is typical user

behavior, what is not?

2. Segment: Understand the

composition of the riskiest top

1%

3. Prioritize: For highest ROI,

streamline automated action

upon anomaly detection

02

17

Data Breach

Identify data that matters

18

There are only two types of data that exist in your organization:

1) Data that someone wants to steal

2) Everything else

Source: Forrester Research

How successful organizations attack the problem?

19

Organizations are taking two main approaches to protect their most sensitive corporate assets:

Data Types Organizations worry about

20

● Many enterprises live in fear of suffering from a toxic data spill.

21

Exposed Sensitive Data

● Just like asbestos, certain data types becomes even more toxic when airborne.

● 6% of collaboration is occurring inbound-only, suggesting the potential malicious use of collaboration as a mechanism to execute phishing attacks.

Anatomy of a Cyber Attack

Direction of Communication Matters

22

Web of Collaborating Business & Cybercrime

23

Web of Collaborating Business & Cybercrime

24

And - the top 25 account for 75% of cloud based sharing

Customer Story - Not All Collaboration is Good Collaboration

25

● High profile government agency

● 5M Documents, 20K Users

Recommendations - Data Breaches

26

1. Monitor the environment

continuously

2. Gain deep insight into what data

is shared and how it is shared

3. Prioritize/analyze the most

collaborative domains

4. Take risk appropriate controls.

Not all files are equally important

- encrypt assets that matter the

most

Customer Story 16.3% Improvement in 1 Day

27

03

28

Cloud Malware

CloudLock focuses on the riskiest apps

29

● User enabled 3rd party apps that communicate with core, corporate SaaS platforms. These apps typically request permission via an OAuth connection to act on behalf of the user.

● Frequently targeted by cybercriminals as an entry point to organizations.

DEMO

● UK media company● 5000+ users adopted

cloud collaboration● Over 600 unique apps,

20,000 installs

Customer Case Study - Risky (App) Business

30

1% of users account for 62% of all app installs

31

● The number of 3rd party apps grew

significantly.

○ 130 to 540 in just one year!

● 52,000 app installs are done by highly

privileged users.

Top 25 Unique Apps Comprise 65% of All Installs

32

● In most instances, top apps are tied to business functions● The long tail is where the risk lies

[37%] Gaming, Entertainment, Non Productivity

33

Top Third-Party AppsGaming / Entertainment / Non-Productivity Apps

Recon - Person / Location / Activity / Relevance

Keys to the Kingdom: Third Party Apps

CloudLock focuses on the riskiest apps

● Third-party cloud apps are user-enabled SaaS apps that communicate with core, corporate SaaS platforms via an OAuth connection.

Keys to the Kingdom: Third Party Apps

CloudLock focuses on the riskiest apps

● Third-party cloud apps are user-enabled SaaS apps that communicate with core, corporate SaaS platforms via an OAuth connection.

Keys to the Kingdom: Third Party Apps

Recommendations - Cloud Malware

38

1. Understand which apps your users are leveraging -

understand the need behind

2. Prioritize highly privileged users’ app installs

3. Empower the end users by educating them on the risk

of 3rd party apps

4. Trust the insight of the security community, tap into

crowdsourced insight for 3rd party apps

03

39

Summary

Cloud Cybersecurity - Where You Should Focus

40

APPSACCOUNTS

DATA

Cloud Malware(Apps Discovery &

Control)

Data Breach(Cloud DLP)

4

Compliance(Reporting/Policy)

5

SecOps & Forensics(Security Admin)

3

2

CompromisedAccounts

(UBA)

1

40

CloudLock CyberSecurity Fabrics

IT Security

Homegrown Apps

IT Apps

ISV Cloud Apps

Enterprise

SaaS

force.com

All End - Users 41

PaaS and IaaS

force.com

IDaaS

CloudLock Confidential

Content Classification

AppsFirewall

SecurityAnalytics

EncryptionManagement

IncidentManagement

CentralAuditing

PolicyAutomation

User BehaviorAnalytics

ConfigurationSecurity

Next Step: Get a Cybersecurity Assessment

bit.ly/cloudlock-assessment

Q&A

Bernd LegerVP of Marketing

Ayse Kaya FiratDirector of Customer Insights & Analytics

43

Thank You

Questions & Answers

www.cloudlock.com info@cloudlock.com 781.996.4332

44