Presentation is loading. Please wait.

Presentation is loading. Please wait.

Do you know who your employees are sharing their credentials with

Similar presentations


Presentation on theme: "Do you know who your employees are sharing their credentials with"— Presentation transcript:

1 Do you know who your employees are sharing their credentials with
Do you know who your employees are sharing their credentials with? Do they? Yair Grindlinger, CEO and Co-Founder

2 There are 1,358,671 data records stolen every day…

3 Just ask…

4 Network – Devices - Servers
Corp Control No Control Loss of control of the server side (shared resp.) – that was OK, we could still route everyone thru VPN & control their devices Loss of control of the client side (consumerization) – that was OK by itself, lets do MDM….enable only (exchange) Combined, how do we use our security infrastructure to manage a world we don’t control nor the clients nor the application? Employee Device – Network - App Corporate Network – Devices - Servers

5 Breaches We’ve Met A16Z: Stolen data from Box by junior intern
ADMIN HIJACK Unmanaged internal/external sharing leading to misappropriated data used for insider trading Administrator account hijacked leaving key operations vulnerable; passwords, permissions and etc 3rd PARTY APP COMPLIANCE User cases and stories : A16Z: Stolen data from Box by junior intern Caesars: Fake Wifi next to the office Public: Wifi hijacking Google Apps Admin account hijacking Compliance: multiple cases SSN and CC # in cloud apps (Box, Google, at rest) Change management for financial related applications Smartphone 3rd App that still all corporate data to their servers Google 2FA for GApps vulnerability that allowed hacking in to all google apps properties Inside trading before EoQ Account Hijack: Ashley Madison or other compromised sites iCloud Celebrity Nudes – Security Questions compromised thru online research for password recovery Visibility & Auditing: Amdocs / AT&T – AT&T is 10% shareholder and major revenue driver, wanted access to our Salesforce. Visibility & Auditing over their activities was a major blocker…(why we developed API integration to SFDC back in 2012…) Access Control Aiport WiFi: install certificates on your phone, break SSL; Airplane browsing – install certificates, break SSL! Information Disclosure: Smartphone 3rd App that still all corporate data to their servers (Mailbox, Boxer, Outlook Mobile app!) Compliance: Multiple cases SSN and CC # in cloud apps (Box, Google, at rest) CUECS/SOX (Complementary User Entity Controls) mostly overseen by Cloud Customers (e.g. Perion employee changing product prices) 3rd-Party app steals confidential data and stores it on their servers PCI/PHI, like SSN and credit card numbers, insecurely stored on the cloud PUBLIC WIFI PHISHING Fake messages sent to capture login credentials for use in identifying fraud activities Hackers leveraged public wifi to steal critical data and login credentials

6 Cloud Apps Security Solution Overview
Cloud App Limitations Mitigations All Un-managed application adoption Discovery Corporate Unified auditing, usage analysis, and alerts Analyze Sanctioned Sanctioned Context/risk based access, data and usage controls Control Integrate security to cloud applications Sanctioned Protection

7 Secure Sanctioned Apps
Threat Detection Risk-Based Authentication Threat Detection & Prevention 3rd Party IT and Security Tools

8 Full Stack Security DLP, Exfiltration, Advanced Threat Protection
CONTENT DLP, Exfiltration, Advanced Threat Protection APP SPECIFIC APP Deep App Insight & Audit, Adaptive App Control IDENTITY Risk Based Authentication, Account Hijack Protection CLIENT Anti Phishing, MiTB Protection OS Host State Verification (OS, Browser, End point Sec.) APP AGNOSTIC Device Session Pinning, Device Fingerprinting DEVICE IP Session Pinning, IP Reputation, SSL Enforce NETWORK

9 Risk-Based Authentication
THREAT PREVENTION RISK ENGINE EVENT (RISK SCORE) ALLOW BLOCK NETWORK DEVICE LOCATION ROLE BEHAVIOR MITIGATION USER AUTH DEVICE AUTH REDUCE PRIVILEGES THREAT DETECTION pre- authentication post-authentication

10 Cross Application Threat Detection
Dashboard Alerts Auditing Anomalies

11 Prevention can confuse users and false positives can stop business

12 communicate with users enable business
Security tools should communicate with users and enable business

13 Here’s whatcha need… Context Based, central, cross application platform Threat Detection + Prevention Real time user centric mitigation Complete control of the entire cloud / web application security stack Leverage APIs & 3rd party security solutions

14 Thank You Yair Grindlinger, CEO & Co-Founder yairg@firelayers.com


Download ppt "Do you know who your employees are sharing their credentials with"

Similar presentations


Ads by Google