Do you know who your employees are sharing their credentials with

Slides:

Advertisements

Similar presentations

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Stonesoft Roadmap WHAT FEATURES WILL COME IN

George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Web Services, SOA and Security May 11, 2009 Michael Burnett.

ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.

Website Hardening HUIT IT Security | Sep

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

Dell Connected Security Solutions Simplify & unify.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Michael McDonnell GIAC Certified Intrusion Analyst Creative Commons License: You are free to share and remix but you must provide.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

1 1 Securing (Accountability for) Cloud Content Peter McGoff – SVP and General Counsel.

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Identity Assurance Emory University Security Conference March 26, 2008.

BEN ROBINSON, ACCOUNT EXECUTIVE, PALO ALTO NETWORKS SAFELY ENABLE YOUR SAAS APPLICATIONS.

Free, online, technical courses Take a free online course. Microsoft Virtual Academy.

Security Version 6.1 | August Need for Complete Security Stop threats at the perimeter High volume spam, phishing, viruses and.

MobileSecurity Vulnerability Assessment Tools for the Enterprise Mobile Security Vulnerability Assessment Tools for the Enterprise Integrating Mobile/BYOD.

MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.

User and Device Management

What’s New Data Loss Prevention 14. Information is Everywhere Brings Productivity, Agility, Convenience ……and Problems Copyright © 2015 Symantec Corporation.

Craig Pringle & Derek Moir

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.

Mobile Security Solution Solution Overview Check Point Mobile Threat Prevention is an innovative approach to mobile security that detects and stops advanced.

1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.

Blue Coat Cloud Continuum

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

Implementing and Managing Azure Multi-factor Authentication

Stopping Attacks Before They Stop Business

Sophos Central for partners and customers: overview and new features

IT Security Awareness Day October 19, 2016

Your Office 365 Journey Prepare, Migrate, and Operate with Barracuda

Deployment Planning Services

Hybrid Cloud Web Filtering Platform

Cloud App Security vs. O365 Advanced Security Management

Mobile Data Solutions Inc

Real-time protection for web sites and web apps against ATTACKS

E-commerce Application Security

Power BI Security Best Practices

Wait, Microsoft is in the Security Game?

Advanced Security Architecture System Engineer Cisco: practice-questions.html.

Continuous Intelligence for Microsoft Office 365 Deployments That Reduces Risk, Raises Visibility “As more and more organizations leverage modern-day,

Understanding best practices in classifying sensitive data

Complete Cloud Security

Office 365 with confidence: security features for Office 365

Prevent Costly Data Leaks from Microsoft Office 365

BOMGAR REMOTE SUPPORT Karl Lankford

Skyhigh Enables Enterprises to Use Productivity Tools of Microsoft Office 365 While Meeting Their Security, Compliance & Governance Requirements Partner.

Protect your OneDrive and SharePoint files on mobile devices

Office 365 Identity Management

Understanding IDENTITY Assurance

11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Protect Your Microsoft Azure Cloud Assets Against Inside and Outside Threats With Balabit’s Shell Control Box Privileged User Monitoring Solution Partner.

Protecting your data with Azure AD

4/9/2019 5:05 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

4/9/ :42 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Security in mobile technologies

Microsoft Data Insights Summit

STEALTHbits Technologies, Inc.

IT Management, Simplified

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Microsoft Virtual Academy

Presentation transcript:

Do you know who your employees are sharing their credentials with Do you know who your employees are sharing their credentials with? Do they? Yair Grindlinger, CEO and Co-Founder

There are 1,358,671 data records stolen every day…

Just ask…

Network – Devices - Servers Corp Control No Control Loss of control of the server side (shared resp.) – that was OK, we could still route everyone thru VPN & control their devices Loss of control of the client side (consumerization) – that was OK by itself, lets do MDM….enable email only (exchange) Combined, how do we use our security infrastructure to manage a world we don’t control nor the clients nor the application? Employee Device – Network - App Corporate Network – Devices - Servers

Breaches We’ve Met A16Z: Stolen data from Box by junior intern ADMIN HIJACK Unmanaged internal/external sharing leading to misappropriated data used for insider trading Administrator account hijacked leaving key operations vulnerable; passwords, permissions and etc 3rd PARTY APP COMPLIANCE User cases and stories : A16Z: Stolen data from Box by junior intern Caesars: Fake Wifi next to the office Public: Wifi hijacking Google Apps Admin account hijacking Compliance: multiple cases SSN and CC # in cloud apps (Box, Google, at rest) Change management for financial related applications Smartphone 3rd App that still all corporate data to their servers Google 2FA for GApps vulnerability that allowed hacking in to all google apps properties Inside trading before EoQ Account Hijack: Ashley Madison or other compromised sites iCloud Celebrity Nudes – Security Questions compromised thru online research for password recovery Visibility & Auditing: Amdocs / AT&T – AT&T is 10% shareholder and major revenue driver, wanted access to our Salesforce. Visibility & Auditing over their activities was a major blocker…(why we developed API integration to SFDC back in 2012…) Access Control Aiport WiFi: install certificates on your phone, break SSL; Airplane browsing – install certificates, break SSL! Information Disclosure: Smartphone 3rd App that still all corporate data to their servers (Mailbox, Boxer, Outlook Mobile app!) Compliance: Multiple cases SSN and CC # in cloud apps (Box, Google, at rest) CUECS/SOX (Complementary User Entity Controls) mostly overseen by Cloud Customers (e.g. Perion employee changing product prices) 3rd-Party app steals confidential data and stores it on their servers PCI/PHI, like SSN and credit card numbers, insecurely stored on the cloud PUBLIC WIFI PHISHING Fake messages sent to capture login credentials for use in identifying fraud activities Hackers leveraged public wifi to steal critical data and login credentials

Cloud Apps Security Solution Overview Cloud App Limitations Mitigations All Un-managed application adoption Discovery Corporate Unified auditing, usage analysis, and alerts Analyze Sanctioned Sanctioned Context/risk based access, data and usage controls Control Integrate security to cloud applications Sanctioned Protection

Secure Sanctioned Apps Threat Detection Risk-Based Authentication Threat Detection & Prevention 3rd Party IT and Security Tools

Full Stack Security DLP, Exfiltration, Advanced Threat Protection CONTENT DLP, Exfiltration, Advanced Threat Protection APP SPECIFIC APP Deep App Insight & Audit, Adaptive App Control IDENTITY Risk Based Authentication, Account Hijack Protection CLIENT Anti Phishing, MiTB Protection OS Host State Verification (OS, Browser, End point Sec.) APP AGNOSTIC Device Session Pinning, Device Fingerprinting DEVICE IP Session Pinning, IP Reputation, SSL Enforce NETWORK

Risk-Based Authentication THREAT PREVENTION RISK ENGINE EVENT (RISK SCORE) ALLOW BLOCK NETWORK DEVICE LOCATION ROLE BEHAVIOR MITIGATION USER AUTH DEVICE AUTH REDUCE PRIVILEGES THREAT DETECTION pre- authentication post-authentication

Cross Application Threat Detection Dashboard Alerts Auditing Anomalies

Prevention can confuse users and false positives can stop business

communicate with users enable business Security tools should communicate with users and enable business

Here’s whatcha need… Context Based, central, cross application platform Threat Detection + Prevention Real time user centric mitigation Complete control of the entire cloud / web application security stack Leverage APIs & 3rd party security solutions

Thank You Yair Grindlinger, CEO & Co-Founder yairg@firelayers.com www.firelayers.com