Secure Data Workflow
-
Upload
opswat -
Category
Technology
-
view
620 -
download
0
description
Transcript of Secure Data Workflow
Secure Data Workflow
CEO & Founder
Benny Czarny
2014
The Data Security Challenge
Agenda
• The data security challenge
• The data sources configuration challenge
• The user permission challenge
• Secure data workflow
• Q&A
Known threats
Threats that already exist and are known by the security
community
Key loggers
Rootkits
Backdoors
“In the wild”
Unknown threats Zero Day – Spread because they are not detected by any security
system
Targeted attacks - designed to attack a specific organization
The Data Security Challenge Type of threats
Different data types have different risks
Documents - embedded objects and macros
Executables – viruses posing as other applications
Image files - buffer overflows
Archive files - archive bombs
The Data Security Challenge Different data types represent different risks
.mp3 .pdf .txt.mp4.xls.exe
.docx.png.m4a
Web Traffic
Managed File Transfer
File Uploads
Portable Media
USB Drives
CD/DVDs
SD Cards
Mobile Phones
The Data Source Configuration Challenge Threats can come from any source where data enters
The Data Source Configuration Challenge Many different management consoles
Sourcing resources with the expertise to administrate systems
Initial Setup
Maintenance
Adding users
Changing users
Moving users between teams
Changing organization security policies
Auditing
The Data Source Configuration Challenge Many steps required to secure all types of sources
Should the front desk or
accounting have access to
executables ?
Should the whole IT team
have access to executables ?
Should the sales team have
access to presentations and
word documents ?
How can a guest user deposit
data to the organization ?
The User Permission Challenge Different users have different needs and present different
risks
Secure Data Workflow
Known threats
Scan with as many security engines as you can
Secure Data Workflow Protecting against known threats
100%
Anti-malware 2Detection Rate:
Detection Rate:
Secure Data Workflow Protecting Against Unknown Threats
Antimalware heuristics is effective
detecting unknown threats :
This graph shows the time between
malware outbreak and AV detection by six
AV engines for 75 outbreaks.
It emphasize that the heuristics algorithms
at multiple engines is different and together
effective to detect unknown threats
Data sanitization
Convert files from their original to a temporary format and
ack format to sterile the data and prevent unknown threats
Secure Data WorkflowProtecting Against Unknown Threats
Blacklisting/whitelisting
File type filtering
Data sanitization Remove embedded objects and macros from document files
Convert images to another format
Digital signatures Validate all executables are digitally signed by a trusted source
Digitally sign all files after scanning to verify they have not been changed
after scanning
Static analysis Scanning with multiple antivirus engines
Checking PE headers
Periodic re-scanning
Dynamic analysis Sandbox solutions such as FireEye, Bluecoat, ThreatTrack, others
Secure Data Workflow Protecting Against Unknown Threats
Micro Workflow Elements
Secure Data Workflow Addressing the user permission challenge
Create multiple groups and assign different data security policies for
each group
IT
Can receive executable files
Every executable needs to be scanned by 20 anti-malware engines
Accounting
Can’t receive executable files
Every document needs to be sanitized and scanned by 20 anti-malware engines
Secure Data Workflow Addressing the data source configuration challenge
1) Connect every data source to a centralized solution
2) Create security policies from this solution
3) Manage security policies from this solution
Data Security Challenge