Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Slides:



Advertisements
Similar presentations
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Advertisements

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
Security for Today’s Threat Landscape Kat Pelak 1.
© 2009 Verizon. All Rights Reserved. PTEXXXXX XX/09 Matthijs van der Wel MBA CISSP® CISA® RON® QSA® QFI® Managing Principle Forensics EMEA Data breaches.
Auditing Computer-Based Information Systems
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Security Controls – What Works
Security+ Guide to Network Security Fundamentals
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
Computer Security: Principles and Practice
ORACLE ON VERIZON CLOUD Proprietary & Confidential, Verizon Enterprise Solutions Oracle OpenWorld September, Anne Plese, Verizon Enterprise.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Network security policy: best practices
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
AICC Overview November 21, 2011.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
© 2011 Verizon. All Rights Reserved. Reserved Net Conference for Cisco WebEx Event Center Presenter Name Presenter Title Month XX, 2013.
Marketing of Information Security Products. The business case for Information Security Management.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Symantec Managed Security Services The Power To Protect Duncan Evans Director, Cyber Security Services 1.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
© 2010 Verizon. All Rights Reserved. PTE / DBIR.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Consistency in Reporting Data Breaches
© 2008 Verizon. All Rights Reserved. PTE /08 GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Verizon Instant Net Conference powered by Cisco-WebEx T26.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for.
Security Mindset Lesson Introduction Why is cyber security important?
Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.
Health Information Delivery Services and Solutions Peter Tippett, MD, PhD, Chairman Information Risk & Security in Healthcare Data Breach Investigation.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
2015 TCPA WASHINGTON SUMMIT | SEPT. 27TH-29TH | WASHINGTON DC The Anatomy of a Breach Phillip Naples, Pritchard & Jerden, Inc. Jeremy Henley, ID Experts.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
Verizon Intelligent Track and Trace: Serialization and Cold Chain
Defining your requirements for a successful security (and compliance
Proactive Incident Response
CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.
2016 Data Breach Investigations Report
Joe, Larry, Josh, Susan, Mary, & Ken
BOMGAR REMOTE SUPPORT Karl Lankford
SAM GDPR Assessment <Insert partner logo here>
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Information Security Awareness
Incident response and intrusion detection
Strategic threat assessment
Microsoft Data Insights Summit
6. Application Software Security
Anatomy of a Common Cyber Attack
Presentation transcript:

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Picking Over The Corpse: The Value Of Forensics Matthijs van der Wel MBA CISSP® CISA® RON® QSA® QFI® Managing Principle Forensics EMEA Verizon Business Security Solutions

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement Data Breach Investigations Report US TEAM EMEA TEAM Matthijs van der Wel Jelle Niemantsverdriet Thijs Bosschert Ben van Erck Paul Wright APAC TEAM

3 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. PROPRIETARY STATEMENT This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners.

4 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. R I S K Team ESPONSEESPONSE NTELLIGENCENTELLIGENCE OLUTIONSOLUTIONS NOWLEDGENOWLEDGE Response – Incident response and investigation services. Intelligence – Gather, analyze, and correlate intel from a wide range of sources and then provide appropriate data, alerts, analysis and recommendations to our clients. Solutions – Innovation and prototyping of new products and services. Knowledge – Develop and disseminate risk knowledge and capabilities throughout the company, to our customers, and to the public. The DBIR is the result of collaboration between the Response and Intelligence groups

5 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Investigative Response IT Investigative Support (On-demand or Retainer-based) Incident Response Training (CIRT) Computer Forensic Training Electronic Data Recovery / Destruction Expert Witness Testimony Mock-Incident Testing Corporate IR Program Development Litigation Support & eDiscovery Tactical Management Briefings Principal investigators for a majority of the largest breaches ever reported* Caseload includes roughly ¼ of publicly disclosed breaches between * Services *Source:

6 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. RISK Intelligence: Our Goal Practice Knowledge Products & Services √ ∫ ∑ Framework Models Data = ∩ Goal: Every product and service creates revenue but also contributes and consumes intelligence

7 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. RISK Intelligence: Our Model External Data Internal Data (Products & Services) Collection Analysis Distribution Risk Intel Team Public Personnel Products

8 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 7 Types of RISK Intel External Threat & Vulnerability Data - We continuously track new vulnerabilities and related attacks to assess how they impact information risk. Underground Intelligence - Surveillance of numerous online groups help us know what the bad guys are discussing, sharing, planning and doing. Net Intelligence - Over one million sensors are dispersed throughout our Internet backbone, enabling us to gather information on nefarious activity around the globe. Managed Security Services - Verizon Business manages and monitors firewalls, IDS, IPS, and other network devices for many of the world’s largest companies. Global Services - Internal data collection across Verizon’s extensive range of IT and security services. This is “real-world” data harvested as a byproduct of delivery. Investigative Response – Forensics & computer crime Investigations. Extensive metrics are systematically recorded on hundreds of data breach cases per year. ICSA Labs - ICSA Labs, an independent division of Verizon Business, performs vendor-neutral testing of hundreds of security products.

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Results and Analysis 2009 Data Breach Investigations Report

10 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement DBIR: What’s New? Periodic data collection allowed for more detail –Much more info within the Hacking and Malware sections Responded to public requests and questions –Results also shown in % of records (was just % of breaches) New lines of study –PCI, Incident detection and response practices More thorough treatment and analysis More mature presentation –Better charts and graphs –No more pastel colors Plus, the bad guys were really busy (and, unfortunately, really successful) After a 4-year study of 500 breaches, what makes the 1-year sequel interesting?

11 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. IR Case Data All data collected during cases worked by the Verizon Business Investigative Response team during 2008 Objective, credible, first-hand information on actual breaches 2008 Caseload: 90 confirmed breaches (>150 total engagements) 285 million compromised records (confirmed – not “data-at-risk”) 1/3 of these cases have been publicly disclosed (so far) About 50% of caseload comprised of sets of interrelated incidents –Same attacker(s), shared connections, identical circumstances, etc 15 arrests (and counting) 31% Retail, 30% Financial, 14% Food & Bev, remaining mixed Over 1/3 of investigations conducted outside the US

12 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Breach Sources External sources –Most breaches, nearly all records –90+% of breached records attributed to organized crime activity Internal sources –Roughly equal between end-users and admins Partner sources –Mostly hijacked third-party accounts/connections Impact Likelihood

13 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Threats and Attacks Similar to previous 4 years for breach percentages Most breaches and records linked to Hacking & Malware Misuse is fairly common –Mostly admin abuse Deceit and social attacks –Involved a range of methods, vectors, and targets Physical attacks –Represent minority of caseload –Portable media in one case (but not essential to breach) Error is extremely common –Rarely the direct cause –Usually contributing factor (67%)

14 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Breakdown of Hacking (64% of breaches) Default credentials and SQL injection most common Few and old vulnerabilities exploited Web Apps & Remote Access are main vectors Techniques Vectors Vulnerability Exploits

15 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Most malware installed by remote attacker Malware captures data or provides access/control Increasingly customized Breakdown of Malware (38% of breaches)

16 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Attack Difficulty and Targeting Targeted attacks doubled Highly difficult attacks did not increase but are responsible for nearly all breached records Message: Some attacks are difficult to pull off, but the payout appears worth it

17 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Compromised Assets and Data Most data breached from online systems –Different than public disclosures Criminals seek payment card data –Easily convertible to cash Other types common as well –Auth credentials allow deeper access –Intellectual property at 5-year high

18 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 18 Amount of pre-attack research varies Data compromised within hours/days after breaching perimeter Breaches go undiscovered for months It typically takes days to weeks to contain a breach Breach Timeline

19 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Breach Discovery Most breaches discovered by a third party Event monitoring caught few breaches

20 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Unknown Unknowns Unknown data lower than ’04-’07 rates, but still accounts for 2/3 of compromised records –Discovery and classification Unknown privileges up –Account review An asset unknown to the organization Data unknowingly stored on an asset Unknown or forgotten external IT connections Accounts and Privileges not known to exist

21 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. PCI DSS Is PCI a Failure? NO! Then why were 19% breached? Self-attestation Study includes failures only Scope / Unknowns Assessment Sampling Partners (transitive trust)

22 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Recommendations Recap from previous report (They still apply) Align process with policy Achieve “Essential” then worry about “Excellent” Secure Business Partner Connections Create a Data Retention Plan Control data with transaction zones Monitor event logs Create an Incident Response Plan Increase awareness Engage in mock incident testing

23 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Recommendations, Cont’d New recommendations (Based on 2008 cases) Changing default credentials is key Avoid shared credentials User Account Review Application Testing and Code Review Smarter Patch Management Strategies Human Resources Termination Procedures Enable Application Logs and Monitor Define “Suspicious” and “Anomalous” (then look for whatever “It” is)

24 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Summary 2008 saw much of the same, but new twists and trends were observed Sources: Similar distribution; organized crime behind most large breaches –Organized criminal groups driving evolution of cybercrime Attacks: Criminals exploit errors, hack into systems, install malware –2008 saw more targeted attacks, especially against orgs processing or storing large volumes of desirable data –Highly difficult attacks not common but very damaging –Large increase in customized, intelligent malware Assets and Data: Focus is online cashable data –Nearly all breached from servers & apps –New data types (PIN data) sought which requires new techniques and targets Discovery: Takes months and is accomplished by 3 rd parties Prevention: The basics–if done consistently–are effective in most cases –Increasing divergence between Targets of Opportunity and Targets of Choice ToO: Remove blatant opportunities through basic controls ToC: Same as above but prepare for very determined, very skilled attacks –Initial hack appears the easiest point of control

25 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Questions?