Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threat Landscape for Data Security

Published byΘάλεια Κοτζιάς Modified over 6 years ago

Similar presentations

Presentation on theme: "Threat Landscape for Data Security"— Presentation transcript:

1 Threat Landscape for Data Security
Bipin Kulkarni Security Evangelist Seed Infotech Threat Landscape for Data Security

2 What is Data? Identify Data
Data is any type of stored digital information Every company needs places to store institutional knowledge and data. Frequently that data contains proprietary information - Personally Identifiable Data Employee HR Data Financial Data The security and confidentiality of this data is of critical importance. What is Data?

3 Data Classification Expensive and time consuming process
In today’s world mandatory due to regulatory and compliance reasons – especially PII and other confidential data. Incorrect data classification can lead to disaster – not only compliance but technical data security may suffer due to incorrect access controls or data leakage. Data Classification

4 Category 1: Data that may be freely disclosed with the public.
Category 2: Internal data that is not meant for public disclosure. Category 3: Sensitive internal data that if disclosed could negatively affect operations. Category 4: Highly sensitive corporate and customer data that if disclosed could put the organization at financial or legal risk Data Classification

5 Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. These are software products that help a network administrator control what data end users can transfer. DLP software products use business rules to classify and protect confidential and critical information so that unauthorized end users cannot accidentally or maliciously share data whose disclosure could put the organization at risk. For example, if an employee tried to forward a business outside the corporate domain or upload a corporate file to a consumer cloud storage service like Dropbox, the employee would be denied permission. Data Loss Prevention

6 Phishing (spear phishing, vishing) and ransomware represented the top two most significant threats to hit organizations in the 2017. Ransomware was also listed as their “most surprising threat”. DDoS replaced advanced persistent threats (APTs) as the third-most significant threat. Top Threats in 2017

7 Credential compromise
Scripting attacks Process exploits Malicious binaries Malware-less threats

8 The Threat Landscape Source: SANS Threat Landscape 2017

9 Malware-less threats Source: SANS Threat Landscape 2017

10 Threat Landscape – Top Vectors
Source: SANS Threat Landscape 2017

11 Threat Impact Source: SANS Threat Landscape 2017

12 Tools Used for discovering threats
Source: SANS Threat Landscape 2017

13 Tools for Detection Endpoint Security IDS/IPS/UTM SIEM
DPI (Deep Packet Inspection) Threat Intelligence Endpoint Detection and Response (EDR) Tools for Detection

14 Artificial Intelligence
Blockchains Artificial Intelligence Machine Learning Where Next -

15 Blockchain has the potential to improve everything from improving data integrity and digital identities to enabling safer IoT devices to prevent DDoS attacks. Indeed, blockchain might play across the ‘CIA triad’ of confidentiality, integrity and availability, offering improved resilience, encryption, auditing and transparency. Blockchain

16 Artificial Intelligence and Machine Learning
Machine learning is a branch of artificial intelligence (AI) that refers to technologies that enable computers to learn and adapt through experience. It emulates human cognition – i.e. learning based on experience and patterns, rather than by inference (cause and effect). Today, deep learning advancements in machine learning allow machines to teach themselves how to build models for pattern recognition (rather than relying on humans to build them).

17 Thank YOu

Download ppt "Threat Landscape for Data Security"

Similar presentations

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.

© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.
Securing Information Systems

Securing Information Systems
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Computer Crime and Information Technology Security

Computer Crime and Information Technology Security
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection
ACM 511 Introduction to Computer Networks. Computer Networks.

ACM 511 Introduction to Computer Networks. Computer Networks.
Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.
BEN ROBINSON, ACCOUNT EXECUTIVE, PALO ALTO NETWORKS SAFELY ENABLE YOUR SAAS APPLICATIONS.

BEN ROBINSON, ACCOUNT EXECUTIVE, PALO ALTO NETWORKS SAFELY ENABLE YOUR SAAS APPLICATIONS.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.

Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.

Similar presentations

Ads by Google