Threat Landscape for Data Security

Slides:



Advertisements
Similar presentations
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.
Advertisements

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
Security Issues and Challenges in Cloud Computing
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.
Securing Information Systems
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Computer Crime and Information Technology Security
Dell Connected Security Solutions Simplify & unify.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
The Changing World of Endpoint Protection
ACM 511 Introduction to Computer Networks. Computer Networks.
Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.
BEN ROBINSON, ACCOUNT EXECUTIVE, PALO ALTO NETWORKS SAFELY ENABLE YOUR SAAS APPLICATIONS.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
© 2009 WatchGuard Technologies WatchGuard XCS Data Loss Prevention Ensuring Privacy & Security of Outbound Content.
Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.
© 2015 IBM Corporation John Guidone Account Executive IBM Security IBM MaaS360.
Neil Thacker, Information Security & Strategy Officer, EMEA EU DATA PROTECTION -
Information Management System Ali Saeed Khan 29 th April, 2016.
Computer Security Keeping you and your computer safe in the digital world.
Cyber Security for the real world Tim Brown Dell Fellow and CTO Dell Security Solutions.
Chapter 40 Internet Security.
Advanced Endpoint Security Data Connectors-Charlotte January 2016
Leverage the Cloud to Minimize the Impact of Ransomware
The time to address enterprise mobility is now
Internal Security Threats
Insiders are Today’s Biggest Security Threat
The Game has Changed… Ready or Not! Andrew Willetts Technologies, Inc.
Journey to Microsoft Secure Cloud
Systems Security Keywords Protecting Systems
Rules of Thumb to Mathematical Rule- A Cyber Security Journey
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
Understand Core Security Principles
Understanding best practices in classifying sensitive data
Forensics Week 11.
Data Loss Prevention in O365:The Basics
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Prevent Costly Data Leaks from Microsoft Office 365
Cybersecurity Awareness
CIS 333 RANK Education for Service-- cis333rank.com.
Unit 1.6 Systems security Lesson 3
Cyber Security in the Mortgage Industry
Skyhigh Enables Enterprises to Use Productivity Tools of Microsoft Office 365 While Meeting Their Security, Compliance & Governance Requirements Partner.
Strong Security for Your Weak Link:
cyberopsalliance.com |
Securing the Threats of Tomorrow, Today.
Information Sensitivity
Anatomy of a Large Scale Attack
DATA LOSS PREVENTION Mr. Collins Oduor.
How to address security, cost, IT and migration concerns
Lorenzo Biasiolo 3°AI INFORMATION SECURITY.
By: Dorian Lockhart Wilston Johnston
AI-Powered Information Governance
Protect data in core business applications
Comodo Dome Data Protection
Security in SharePoint and Teams with DLP, IRM, and AIP
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Presentation transcript:

Threat Landscape for Data Security Bipin Kulkarni Security Evangelist Seed Infotech Threat Landscape for Data Security

What is Data? Identify Data Data is any type of stored digital information Every company needs places to store institutional knowledge and data. Frequently that data contains proprietary information - Personally Identifiable Data Employee HR Data Financial Data The security and confidentiality of this data is of critical importance. What is Data?

Data Classification Expensive and time consuming process In today’s world mandatory due to regulatory and compliance reasons – especially PII and other confidential data. Incorrect data classification can lead to disaster – not only compliance but technical data security may suffer due to incorrect access controls or data leakage. Data Classification

Category 1: Data that may be freely disclosed with the public. Category 2: Internal data that is not meant for public disclosure. Category 3: Sensitive internal data that if disclosed could negatively affect operations. Category 4: Highly sensitive corporate and customer data that if disclosed could put the organization at financial or legal risk Data Classification

Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. These are software products that help a network administrator control what data end users can transfer. DLP software products use business rules to classify and protect confidential and critical information so that unauthorized end users cannot accidentally or maliciously share data whose disclosure could put the organization at risk. For example, if an employee tried to forward a business email outside the corporate domain or upload a corporate file to a consumer cloud storage service like Dropbox, the employee would be denied permission. Data Loss Prevention

Phishing (spear phishing, vishing) and ransomware represented the top two most significant threats to hit organizations in the 2017. Ransomware was also listed as their “most surprising threat”. DDoS replaced advanced persistent threats (APTs) as the third-most significant threat. Top Threats in 2017

Credential compromise Scripting attacks Process exploits Malicious binaries Malware-less threats

The Threat Landscape Source: SANS Threat Landscape 2017

Malware-less threats Source: SANS Threat Landscape 2017

Threat Landscape – Top Vectors Source: SANS Threat Landscape 2017

Threat Impact Source: SANS Threat Landscape 2017

Tools Used for discovering threats Source: SANS Threat Landscape 2017

Tools for Detection Endpoint Security IDS/IPS/UTM SIEM DPI (Deep Packet Inspection) Threat Intelligence Endpoint Detection and Response (EDR) Tools for Detection

Artificial Intelligence Blockchains Artificial Intelligence Machine Learning Where Next -

Blockchain has the potential to improve everything from improving data integrity and digital identities to enabling safer IoT devices to prevent DDoS attacks. Indeed, blockchain might play across the ‘CIA triad’ of confidentiality, integrity and availability, offering improved resilience, encryption, auditing and transparency. Blockchain

Artificial Intelligence and Machine Learning Machine learning is a branch of artificial intelligence (AI) that refers to technologies that enable computers to learn and adapt through experience. It emulates human cognition – i.e. learning based on experience and patterns, rather than by inference (cause and effect). Today, deep learning advancements in machine learning allow machines to teach themselves how to build models for pattern recognition (rather than relying on humans to build them).

Thank YOu