Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009
-
Upload
interop-mumbai-2009 -
Category
Technology
-
view
955 -
download
1
description
Transcript of Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009
![Page 1: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/1.jpg)
Security Leadership in an Era of Economic Downturn
By Abhilash Sonwane, Cyberoam
![Page 2: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/2.jpg)
Presentation Sketch
Security Issues During a Downturn
Methods of Data Leakage
CIOs and Security Leadership
Identity-based Security on Layer 8
![Page 3: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/3.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Security Issues During a Downturn
![Page 4: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/4.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Scaling back on IT Security Expenses during downturn lay-offs?
� 59% of laid-off employees admitted to stealing confidential data
� 67% used their former firm information in a new job
(SURVEY: Pokemon Institute, January 2009)
Yesterday’s insiders are today’s outsidersCost-cutting means companies are less confident in addressing newly emerging threats
� In a survey of 200 organizations, 32% reduced information security budgets in 2008.
� CONSEQUENCE: 60% admit increasing vulnerability to new, emerging security threats
(SURVEY: Global Security Survey for the Technology,
Media and Telecommunications Industry, May 2009 )
Bad Idea
![Page 5: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/5.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Causal Factors behind Data Leakage by Employees
Ignorant User
� Vulnerable to Targeted attacks by
� Hackers, Phishing, Spam
� Social Engineering attacks by ex-employees
� Social Network exploits: Facebook, Myspace
� Lack of awareness about company security policies
� E.g. By survey, 63% employees believed there are no restrictions in using USB memory sticks at work
(SURVEY: Prefix Security Report, UK)
User with Malicious Intent
� Apathetic employee
� Ignores system alerts and virus warnings
“Why should I care about this company?”
� Angry, disgruntled employee
� Sabotages, schemes, teams up with competitor
“I’ll destroy these people, serves them right!”
� Opportunistic, cunning employee
� Motivated by personal and financial gain
“I’ll steal this data for use in my next job.”
![Page 6: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/6.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
An Example of Data Leakage
![Page 7: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/7.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Ex-employee extracting data from current employees
![Page 8: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/8.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Ex-employee extracting data from current employees-The Twist in the Tale
� Yahoo! Messenger is a standard mode of support communication for the corporation
![Page 9: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/9.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Ex-employee extracting data from current employees
A disgruntled former employee sends a chat message on Yahoo! casually
Asking his ex-colleague to look at his new photos on his Geocities Website
� The attacker now had the ability to log on at will under the guise of his former colleagues
� Misguides customers and put the organization at risk
Dan_m24
*********
![Page 10: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/10.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
How has this become easier?
Hackers on easy street
� Publicly available vulnerability information
� The Toolkit business
� Research – Easy access to information from public and internal resources
Today’s network scenario
�Fluidity of the network perimeter which
opens it to partners, customers and more�Employees have access to business critical
information�One cannot help not being (i)n the “Net”
![Page 11: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/11.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
CIOs and Security Leadership
![Page 12: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/12.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
CIO Strategy during Downturn1111
Seeking balance Secure corporate information while supporting business agility
![Page 13: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/13.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
CIOs must step out of The Traditional Security Approach
Problem: Viruses, Worms, DoS attacks, Spyware
Solution: Firewall, IPS, Anti-Virus, Anti-Spam
The Current Scenario
• Increasing Network complexity
• Departments pose differing levels/types of data security concerns
• Increasingly mobile environments in enterprises
• Regulatory Compliance
![Page 14: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/14.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Head Office
BranchOffice
BranchOffice
RoadWarrior
Whatever the Security Solution, Does it have Identity?
• Enterprise Security
– Firewall / VPN / IPS
– AV / AS
– Content Filtering, Bandwidth
Management, Multiple Link Management
– Endpoint Security
• Branch Office and Remote User Security
• The 2 questions to ask are –
– Does it recognize the user?
– Can it control the user – anytime,
anywhere in the network (or outside)?
![Page 15: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/15.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Summary of Measures to be taken
Identity-based Security
Secure Remote Access
Basic Security• Secure the Desktop• Secure the Network
� Protecting Data & Securing the enterprise- Managing Remote Access
- Remote Offices and Partners Network- Managing the user
- The Employee & the Partner
![Page 16: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/16.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Identity-based Security
![Page 17: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/17.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Evolving Towards Identity-Based Heuristics
User identity – An additional parameter to aid decision making
� Who is doing what?� Who is the attacker?� Who are the likely targets? � Which applications are prone to attack – who
accesses them?� Who inside the organization is opening up the
network? How?
Building patterns of activity profiles –User Threat Quotient
![Page 18: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/18.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
User Threat Quotient - UTQ
Calculating the UTQ
� Rating users on susceptibility to attack� Nature of user activity� History of activity – normal record access –
number and type (customer data / research reports/..)
� Current status – new employee, terminated , etc.
� Analyze Who is doing What and When� Use of anonymous proxy� Downloading Hacker Tools� Accessing data off-hours� Amount of data accessed
![Page 19: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/19.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Technical Preventive Measures
Use Network Activity coupled with user identity information to:
�Identify deviations from the normal acceptable user behavior�Red flag malicious activity based on UTQ� Context of activity – repeated wrong password
attempts by new vs. old employee�Get Intrusion alerts with user identity information
� To Ease the data interpretation� To Determine how to fine tune the security
policies�Correlate data, e.g. using Bayesian inference network
![Page 20: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/20.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Use UTQ for Soft Measures
� Individualized education based on UTQ information
� Educating to Key persons – having access to business critical information
� Educating the employees as their role evolves – joiner, moving up, quitter
![Page 21: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/21.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Questions?!?
![Page 22: Abhilash Sonwane - Security Leadership in an Economic Downturn - Interop Mumbai 2009](https://reader033.fdocuments.us/reader033/viewer/2022052321/5550bbbfb4c90504628b5013/html5/thumbnails/22.jpg)
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Thank You!
For further info, please contact [email protected]
To Know more about Cyberoam visit www.cyberoam.com