SESSION ID: SPO-R08 Understanding the Data Breaches of … · Understanding the Data Breaches of...
29
SESSION ID: #RSAC Patrick Grillo Understanding the Data Breaches of 2014: Did it have to be this way? SPO-R08 Senior Director, Product Strategy Fortinet
Transcript of SESSION ID: SPO-R08 Understanding the Data Breaches of … · Understanding the Data Breaches of...
SESSION ID:
#RSAC
Patrick Grillo
Understanding the Data Breaches of 2014: Did it have to be this way?
SPO-R08
Senior Director, Product Strategy
Fortinet
#RSAC
2
Embedded Video to be placed here at RSA
#RSAC
3
Anyone Want To Add Anything?
Goodwill 868,000Michaels 2,600,000
Home Depot1
Target 70,000,000
JP Morgan/Chase 76,000,000
eBay 145,000,000
SuperValue500,000
Aaron Brothers400,000
*Milton Security
55,999,999 other ones
#RSAC
4
21st Century Bank Robbery
#RSAC
5
Not Just in the Game of Thrones
#RSAC
6
Advanced Persistent Threat Structure
*Wikipedia Commons
SocialEngineering
HOW?
#RSAC
7
Exploiting the Weak Link
#RSAC
8
The Common Thread
JP Morgan/Chase –Stolen employee credentials
http://www.computerworld.com/article/2862578/twofactor-authentication-oversight-led-to-jpmorgan-breach-
investigators-reportedly-found.html
Target -Outside contractor clicks on phishing
email http://www.bloomberg.com/bw/articles/2014-03-13/target-
missed-alarms-in-epic-hack-of-credit-card-data#p2
http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
Home Depot Stolen login credentials from
Third party vendor http://krebsonsecurity.com/2014/11/home-
depot-hackers-stole-53m-email-addreses/
http://www.eweek.com/security/home-depot-breach-expands-privilege-escalation-flaw-to-
blame.html
#RSAC
9
Cyber Crime on a Global Basis
#RSAC
10
Not Just for Consumers
#RSAC
11
Let’s Take a Closer Look
Technology
Vulnerability
Best PracticesNetwork Architecture
#RSAC
12
The Technology Side of Things
Two Factor AuthenticationAnti-Virus
Intrusion PreventionSecure Email Gateway
Web Application FirewallEnd Point Protection
#RSAC
13
Mixed Messages Only Aid the Hacker
#RSAC
14
The Technology Side of Things
Two Factor AuthenticationAnti-Virus
Intrusion PreventionSecure Email Gateway
Web Application FirewallEnd Point Protection
Botnet DetectionIP & Client ReputationSandboxing
PeopleProcess
Technology
Threat IntelligenceZero Day ResearchContinuous updates
#RSAC
15
FortiGuard Lab
FortiGuard Services
Advanced Threat Protection
FortiGate
FortiMail
FortiWeb
FortiClient
FortiSandbox
#RSAC
16
Protecting Deeper Into the Network
#RSAC
17
#RSAC
18
Internal Segmentation For Greater Control
#RSAC
19
Internal Segmentation For Greater Control
#RSAC
20
Internal Segmentation For Greater Control
#RSAC
21
So What Do We Do With Dave?
#RSAC
22
Training To Raise Awareness
http://krebsonsecurity.com/2012/01/phishing-your-employees-101/
• Policy• Procedure• Process
#RSAC
23
Just When You Thought it Was Safe
http://www.nytimes.com/2015/05/27/business/breach-exposes-irs-tax-returns.html?_r=0
#RSAC
24
Some But Not Enough Security
Stolen personal data
$$$
$50 M lost($5.8 B 2013)
200,000 attempts (Feb – May 2015)
100,000 records accessed
Multi-stepauthentication
Login to IRS web site
Obtain tax records
File fraudulent claim(s)
#RSAC
25
Some But Not Enough Security
Stolen personal data
$$$
$50 M lost($5.8 B 2013)
Multi-stepauthentication
Login to IRS web site
Obtain tax records
File fraudulent claim(s)
200,000 attempts (Feb – May 2015)
100,000 records accessed
#RSAC
26
Not a Good Summer for the US Government
http://krebsonsecurity.com/2015/06/catching-up-on-the-opm-breach/
“OPM director said stolen passwords for a federal contractor were used by
hackers in the two cyber attacks targeting federal employee data.”
"It's really no surprise that the OPM breach was traced back to a compromised credential as this is the case in nearly 80% of the breaches we have seen, including Target and Anthem,"
Idan Tendler, head of Fortscale
#RSAC
27
And At the Opposite End of the Spectrum…
#RSAC
28
Looking Forward
Technology is only part of the solution
Consider single vendor solutions but only if elements actually work together
Remember your network extends beyond you
Remote employees, third party suppliers and contractors
Your employees are the first line of defense – Equip and use them
Never assume
You’re fully protected
The network hasn’t been breached
![[MS-SPO]: SharePoint Protocols Overviewinteroperability.blob.core.windows.net/files/MS-SPO/[MS-SPO]-16022… · Release: February 26, 2016 [MS-SPO]: SharePoint Protocols Overview](https://static.fdocuments.us/doc/165x107/5f834595e55dce791d3d0e82/ms-spo-sharepoint-protocols-over-ms-spo-16022-release-february-26-2016-ms-spo.jpg)
