Protect the data - Cyber security - Breaches - Brand/Reputation
description
Transcript of Protect the data - Cyber security - Breaches - Brand/Reputation
Protect The Data
Big Data and Cloud Data
You Must Protect the Data (Caveat: Slide set geared toward Executive managers & non-experts)
http://patrick642.wordpress.com from strategy, intelligence, innovation, leadership to improvements
http://patrick642nu.wordpress.com from cyber security, strategy, innovation, Intel & Intelligence to leadership
Patrick A. -- MScIA MBA CISSP-ISSEP
Intelligence Officer/Analyst – Cyber security/InfoSec SME
May 25, 2014
Champions Prior to anything else, you absolutely must have on your
side, on board and in agreement for your Data / Network Protection efforts CEO
Chairman of the Board
President
If these individuals are unwilling to Champion or Sponsor ‘necessary’ security efforts – you may as well stop here
If they are on board, they should see clear cut reasons & benefits behind protecting the data, because it means keeping: The company Brand/Reputation intact AND enhancing it
Customers happy, knowing their data is being protected
Investors happy – some of whom are altruistic and desire more than just profits…
Policies You must have Policies in place to go along with your
other efforts with executive management signing off on them
Without Policies for your management, staff, partners & vendors, you have no leg to stand on
Computer Use Policy
Internet Use Policy
Telecommunicating Policy (Work from home)
Non-Disclosure Agreement (NDA)/Policy
As well as other needed policies
Policy enforcement – you actually need to do this…
Invaders Your data is what the ‘invaders’ want
They will do whatever they can to get at it
Hackers Hacktivists Terrorists Nation states and well, even friends sometimes (allegedly)… NSA
Big Data and Cloud Data (basics) (1 of 4)
Big Data Unstructured and/or structured info your firm
receives and/or collects – multiple sources
Big Data uses algorithms and analytics to filter through all the forms of data collected to data mine and analyze for required results
The data PDFs, Images (ie - JPEGs, TIFs), Word &
Excel, Word Perfect, Google Docs, email (professional,
commercial (ie Hotmail)), HTML, HTML5, XML, Database, Video, etc.
Big Data and Cloud Data (basics) (2 of 4)
Cloud Data Info in the “Cloud”
The “Cloud” is nothing more than
Big Data or specific data sent to/from networks
Cloud – a network comprised of a number of servers with multiple CPUs and multiple attached storage devices at some location on the planet, for parallel processing or not – think of the early ‘94 Beowulf network (Becker, D.J. and Sterling, T. and Savarese, D. and Dorband, J.E. and Ranawak, U.A. and
Packer, C.V. www.phy.duke.edu/~rgb/brahma/Resources/beowulf/papers/ICPP95/icpp95.html)
Grid computing, which is similar, is the collection of computer resources from multiple locations to reach a common goal
Big Data and Cloud Data (basics) (3 of 4)
Cloud Data Service Level Agreements (SLA)
Ensure SLA explicitly covers:
Protection partnership between you & Cloud provider (you are both responsible); anti-malware, encryption, VPN access, liability, forensics for any breach, disaster recovery (provider – fire, earthquake, etc.)
Who at your firm:
Has Admin rights to the data for any kind of admin work
Can access the Cloud data (staff, partners, vendors)
Who at Cloud provider can:
Access your data for replication/back up purposes & troubleshooting ‘only’ without rights to perform any reading, data manipulation, copying or printing
Big Data and Cloud Data (basics) (4 of 4)
Access to Data
Passwords - Complex & Encrypted – Yes, painful, annoying & necessary
Better than losing $xxx,000+ of R&D data due to weak passwords (i.e. no more short 8-10 character passwords)
Must move to better authentication (who’s who)
2-factor – token & pin, smartcard & pin
Biometrics – retina, fingerprint
Provide “only” needed access (authorization) to data people need to do their job well (and protecting against insider threats)
i.e. – Are USB ports, DVD/CD writing capabilities necessary – for everyone…?
Sys Admins do not require access to all (i.e. – Snowden)
Encryption
Network & VPN AES-192 or AES-256
Wi-Fi No WEP or WPA At minimum use WPA2
Make use of security mechanisms in: IPv6, IPSec & DNSSec
Application layer to Application layer Where possible, not just endpoint endpoint
Data At Rest Servers, SANs/NAS, PCs, Laptops, Smartphones (containers)
CPUs Because of encryption & authentication, you need devices capable of higher processing demands
Laptops, PCs, Servers
Do not forget smartphones & tablets too…
Many CPU cores as possible
Highest GHz possible for:
Encrypting & decrypting data
Preventing latency & lag times
Users will not like it and ‘will’ become unproductive if they have to wait on decrypt/encrypt & transmission times
Wi-Fi Access Points (1 of 2)
For firms, the more APs, the better
Wi-Fi Access Points (2 of 2)
Strong Passwords & SSIDs No default passwords or Descriptive SSIDs
Multiple APs & multiple SSIDs Limit rights & access through the APs - Guests, Admins,
Staff, Partners, Vendors
Coverage – roaming, fewer dropped connections
Scan for rogue APs Periodically & Randomly – remove & enforce policies
Directional antennas on peripheries
Max power for APs – No Are people outside the bldg using your Wi-Fi…
VPN If you care about:
Who remotely accesses your network
Productivity of remote staff
1) Obtain a strong VPN package
Excellent admin features such as
A dashboard for drilling down to granular levels and
Includes analytics for “what if” and other scenarios
2) It will be Fast AND User friendly for your staff
3) One of the best of breed VPNs
4) Scalable to grow with you
No barebones VPN
You will pay more later if you do to gain needed features
Network Speeds (1 of 2)
Today, it is necessary for your network to have
the best throughput possible & for tomorrows’
growth
Very, very minimal latency – Staff is more productive
Latency – Staff and Management wait and they become bored…
and/or annoyed…
Network Speeds (2 of 2)
You need more:
Bandwidth into & out of your network
Throughput across your network
You will need both to handle growing
Increased speeds: Router, VPN, Switch, Wi-Fi AP & Server
10 – 100Mbps no longer cuts it for tomorrow when we will have
4K HDTV
More holographic conference calls (i.e. Cisco Telepresence)
Smartphone to Desk phone video calls
1 Tbps traffic – yes, 1 Tbps (BT & Alcatel-Lucent proved this new protocol
[Flexigrid] works – over “existing” hardware & fiber optics @ 1.4Tbps)
Anti-Malware (1 of 2)
Anti-Virus (AV) is no longer good enough, you need
a suite of detective and mitigating anti-malware
software, capable of working from the physical
layer up to the application layer.
The suite must be capable of working on and at
various points throughout your network.
Detect, Correlate, Prevent, Mitigate & Report malicious
activity
Work in conjunction with IDS/IPS/Firewalls
Anti-Malware (2 of 2)
Intelligent, best of breed
Layered – to cover multiple avenues of attack
No one vendors’ product captures all malware
If possible, obtain a second best of breed suite to run in parallel
Or, use a vendor who does this in the Cloud with multiple anti-malware
engines for real-time protection
Very fast processing capabilities
If possible, software should use:
Artificial Intelligence, Heuristics, Expert Logic or Fuzzy Logic
IDS/IPS & Firewalls
Even anti-malware is not enough by itself. You must detect & prevent as much malware (or hackers) as possible, as soon as possible, every place possible
Needed for infiltration into and exfiltration of data out of the network
Intrusion Detection Systems & Intrusion Protection Systems
NIDS – for the network, on the periphery & internally
HIDS – for servers, PCs, laptops
Firewalls
High throughput
Very fast processing
With extremely low latency & extremely low drops & false positives
Forensics You will need forensics software (not barebones) to do
multiple levels of forensics if you have an incident
High to Low level (think deep dive)
After an incident, you will need to do various forms of forensics
Financial & Auditing
Network
To see where infiltrated, how, when and what damage was done
Enough varied reporting capabilities for most situations allowing for detailed content
Look out for Anti-Forensics attempts…
Physical Security
This goes without saying, we still need Physical Security Must work with Cyber Security staff & vice versa
Physical security should have a good level of cyber security training
Your buildings need better than just good physical security, for:
Doors (all doors) Windows (all windows) Fences
Badge Access system (with a chip, no magnetic stripe)
Cameras (with great zoom & resolution & tracking & recording & storage & retrieval capabilities)
Random (and tested) physical sweeps
Innovation & Creativity
We are at the point where we need more Innovation and Creativity to protect the data, engage your: Techie staff for ideas they know or have heard of Non-techie staff for divergent ideas, which could prove
valuable
Quantum Computing is growing and that, along with Quantum Cryptography will make current cyber security efforts, obsolete
Think, Think, Think… and Adapt, rapidly
You and your firm cannot afford to go partially into Protecting The Data, skimping on cost – from this point on, this is an “all in” situation!