Presentation is loading. Please wait.

Presentation is loading. Please wait.

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Published bySilas Lawrence Modified over 9 years ago

Similar presentations

Presentation on theme: "Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted."— Presentation transcript:

1 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. IT Forensics Lessons learned from 285 million data records stolen Matthijs van der Wel Matthijs.vanderwel@verizonbusiness.com

2 2 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. PROPRIETARY STATEMENT This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners.

3 3 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Data Breach Investigations Report http://verizonbusiness.com/databreach http://securityblog.verizonbusiness.com

4 4 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Methodology Data Source Verizon Business Investigative Response Team Collection and Analysis Case metrics collected during and after investigation Anonymized then aggregated for analysis Risk Intelligence team provides analytics Data Sample 5 years of paid forensic investigations –Not internal Verizon incidents ~ 600 breaches in sample –Actual compromise rather than data-at-risk –Both disclosed and non-disclosed –Most of the largest breaches ever reported

5 5 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. VERiS

6 6 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. External sources 90+% of stolen records linked to organized crime Internal sources Roughly equal between end-users and IT admins Partner sources Mostly hijacked third-party accounts/connections Breach Sources

7 7 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Breach Sources Insider breaches typically larger… …but overall, outsiders more damaging

8 8 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Breach Methods Most breaches and records linked to Hacking & Malware Misuse is fairly common –Mostly abuse of authorized access Physical attacks –Theft and tampering most common Deceit and social attacks –Varied methods, vectors, and targets Error is extremely common –Usually contributory (62%) rather than direct cause (3%) –Mostly omissions followed by misconfigurations

9 9 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Breakdown of Hacking (60% of breaches) Patch availability prior to breach < 1 month0% 1-3 months4% 3-6 months6% 6-12 months16% >1 year74% Default credentials, SQL injection, weak ACLs most common methods Minority of attacks exploit patchable vulns; Most of them are old Web applications & remote access connections are main vectors **Vulns expl in 16% of breaches *2008 Data

10 10 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Most malware installed by remote attacker Malware captures data or provides access/control Increasingly customized Breakdown of Malware (32% of breaches)

11 11 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Attack Difficulty and Targeting Highly difficult & sophisticated attacks not the norm –Difficulty usually malware rather than intrusion Fully targeted attacks in minority but growing –% doubled in 2008 Difficult and targeted attacks increasingly damaging –Shows ROI is good for skilled attackers Percentage of Records Breached ‘04-’072008 Highly Difficult68%95% Fully Targeted14%90%

12 12 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Compromised Assets and Data Most data breached from online systems –Conflicts with public disclosures Cybercrime is financially motivated –Cashable data is targeted Other types common as well –Auth credentials allow deeper access –Intellectual property at 5-year high

13 13 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 13 Data compromised within hours/days after breaching perimeter –Actually good news for detection & prevention Breaches go undiscovered for months –Ability to detect breaches woefully inadequate (or at least inefficient) It typically takes days to weeks to contain a breach –Poor planning and response procedures Breach Timeline

14 14 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Breach Discovery Methods Most breaches discovered by a third party Majority of internal discoveries are accidental Effectiveness of event monitoring far below potential –Evidence found in existing log files for 80% of breaches

15 15 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Unknown Unknowns An SYSTEM unknown to the organization DATA unknowingly stored on an asset Unknown or forgotten ICT CONNECTIONS Accounts and PRIVILEGES not known to exist “Yes, we’re positive all sensitive data of that type is confined to these systems.”

16 16 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Attack Commonalities The last year shows much of the same but new twists and trends as well Sources: Similar distribution; organized crime behind most large breaches –Organized criminal groups driving evolution of cybercrime Attacks: Criminals exploit errors, hack into systems, install malware –2008 saw more targeted attacks, especially against orgs processing or storing large volumes of desirable data –Highly difficult attacks not common but very damaging –Large increase in customized, intelligent malware Assets and Data: Focus is online cashable data –Nearly all breached from servers & apps –New data types (PIN data) sought which requires new techniques and targets Discovery: Takes months and is accomplished by 3 rd parties Prevention: The basics–if done consistently–are effective in most cases –Increasing divergence between Targets of Opportunity and Targets of Choice ToO: Remove blatant opportunities through basic controls ToC: Same as above but prepare for very determined, very skilled attacks –Initial hack appears the easiest point of control

17 17 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Victim Commonalities False assumptions regarding information assets Low awareness of network and system activity Do not necessarily have a terrible security program Fail to consistently and comprehensively follow “the basics” Lack of assurance and validation procedures Cost of prevention orders of magnitude less than impact An inefficient approach to security –Focus too much on things that don’t happen –Focus too little on the things that do happen

18 18 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Recommendations Align process with policy Achieve “Essential” then worry about “Excellent” Secure Business Partner Connections Create a Data Retention Plan Control data with transaction zones Monitor event logs Create an Incident Response Plan Increase awareness Engage in mock incident testing Changing default credentials is key Avoid shared credentials User Account Review Application Testing and Code Review Smarter Patch Management Strategies Human Resources Termination Procedures Enable Application Logs and Monitor Define “Suspicious” and “Anomalous” (then look for whatever “It” is)

19 19 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Download ppt "Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted."

Similar presentations

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
© 2009 Verizon. All Rights Reserved. PTEXXXXX XX/09 Matthijs van der Wel MBA CISSP® CISA® RON® QSA® QFI® Managing Principle Forensics EMEA Data breaches.

© 2009 Verizon. All Rights Reserved. PTEXXXXX XX/09 Matthijs van der Wel MBA CISSP® CISA® RON® QSA® QFI® Managing Principle Forensics EMEA Data breaches.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
ORACLE ON VERIZON CLOUD Proprietary & Confidential, Verizon Enterprise Solutions Oracle OpenWorld September, Anne Plese, Verizon Enterprise.

ORACLE ON VERIZON CLOUD Proprietary & Confidential, Verizon Enterprise Solutions Oracle OpenWorld September, Anne Plese, Verizon Enterprise.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Similar presentations

Ads by Google