Threat Landscape for Data Security Bipin Kulkarni Security Evangelist Seed Infotech Threat Landscape for Data Security
What is Data? Identify Data Data is any type of stored digital information Every company needs places to store institutional knowledge and data. Frequently that data contains proprietary information - Personally Identifiable Data Employee HR Data Financial Data The security and confidentiality of this data is of critical importance. What is Data?
Data Classification Expensive and time consuming process In today’s world mandatory due to regulatory and compliance reasons – especially PII and other confidential data. Incorrect data classification can lead to disaster – not only compliance but technical data security may suffer due to incorrect access controls or data leakage. Data Classification
Category 1: Data that may be freely disclosed with the public. Category 2: Internal data that is not meant for public disclosure. Category 3: Sensitive internal data that if disclosed could negatively affect operations. Category 4: Highly sensitive corporate and customer data that if disclosed could put the organization at financial or legal risk Data Classification
Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. These are software products that help a network administrator control what data end users can transfer. DLP software products use business rules to classify and protect confidential and critical information so that unauthorized end users cannot accidentally or maliciously share data whose disclosure could put the organization at risk. For example, if an employee tried to forward a business email outside the corporate domain or upload a corporate file to a consumer cloud storage service like Dropbox, the employee would be denied permission. Data Loss Prevention
Phishing (spear phishing, vishing) and ransomware represented the top two most significant threats to hit organizations in the 2017. Ransomware was also listed as their “most surprising threat”. DDoS replaced advanced persistent threats (APTs) as the third-most significant threat. Top Threats in 2017
Credential compromise Scripting attacks Process exploits Malicious binaries Malware-less threats
The Threat Landscape Source: SANS Threat Landscape 2017
Malware-less threats Source: SANS Threat Landscape 2017
Threat Landscape – Top Vectors Source: SANS Threat Landscape 2017
Threat Impact Source: SANS Threat Landscape 2017
Tools Used for discovering threats Source: SANS Threat Landscape 2017
Tools for Detection Endpoint Security IDS/IPS/UTM SIEM DPI (Deep Packet Inspection) Threat Intelligence Endpoint Detection and Response (EDR) Tools for Detection
Artificial Intelligence Blockchains Artificial Intelligence Machine Learning Where Next -
Blockchain has the potential to improve everything from improving data integrity and digital identities to enabling safer IoT devices to prevent DDoS attacks. Indeed, blockchain might play across the ‘CIA triad’ of confidentiality, integrity and availability, offering improved resilience, encryption, auditing and transparency. Blockchain
Artificial Intelligence and Machine Learning Machine learning is a branch of artificial intelligence (AI) that refers to technologies that enable computers to learn and adapt through experience. It emulates human cognition – i.e. learning based on experience and patterns, rather than by inference (cause and effect). Today, deep learning advancements in machine learning allow machines to teach themselves how to build models for pattern recognition (rather than relying on humans to build them).
Thank YOu