Downloaded 10 times
![The Importance of User (De-)ProvisioningRajendrasinh Makwana, 35, of Frederick, Maryland, was indicted on January 27 for the attempted malware attack.“Despite Makwana’s termination, [his] computer access was not immediately terminated.” - FBI agent Jessica A. Nye stated in the affidavit.Makwana created a malicious script:- Designed to propagate to all 4,000 servers.- Damage would have cost millions of dollars to repair.Nearly 80% of terminated employees take data with them that they know is against company policy. – Dark Reading Tech Center – Insider Threat: March 200911](https://image.slidesharecdn.com/darkreadingpresentationfinal-110203110611-phpapp02/75/Proven-Practices-to-Protect-Critical-Data-DarkReading-VTS-Deck-18-2048.jpg)
Uploaded byNetIQ
Proven Practices to Protect Critical Data - DarkReading VTS Deck
The document discusses the increasing complexity of protecting critical data amidst evolving threats and the challenges faced by IT departments in securing sensitive information. It highlights the impact of data breaches in various industries, the importance of monitoring user access, and the necessity of implementing basic security practices to ensure compliance and safeguard against unauthorized access. Additionally, it emphasizes the risks associated with privileged users and the importance of maintaining effective data protection measures in both physical and virtual environments.
More Related Content
Similar to Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
- 1. Proven Practices toProtect Critical DataMatt MosleySr. Product ManagerMatt UleryDirector, Product Management
- 2. Information Security Trends2BusinessMultiple delivery models (private / public / hybrid cloud)
- 3. Virtualization &capacity optimization
- 4. IT underincreasing pressure to support consumerizationPeople Diversity (employees, contractors, outsourcing, partners)
- 5. Mergers &acquisitions
- 6. Skillsgeneralization Technology Multiple delivery models (private / public / hybrid cloud)
- 7. Virtualization &capacity optimization Is This You?Identifying and securing data is difficult.Environment and threats are increasingly complex.Workload is high and staffing is low.Many point solutions with poor integration.Difficult to gain a meaningful picture of what is happening.3
- 8. The New SecurityTeamProtection of sensitive data and mission-critical systems remains a key business objective.Regulatory compliance has provided funding but increased the workload.Compliance programs should (but don’t always) provide meaningful security benefits.4
- 9. Supermarket Chains HitBy Data Theft Robert McMillan | IDG News Service| March 18, 2008Data thieves broke into computers at supermarket chains Hannaford Brothers and Sweetbay, stealing an estimated 4.2 million credit and debit card numbers, Hannaford said Monday….The Associated Press reported Monday that more than 1,800 cases of fraud had been linked to the theft, which affects 4.2 million credit and debit card numbers… Dai Nippon Printing reports client data theftReuters | 12 March 2007TOKYO, March 12 (Reuters) - Japan's Dai Nippon Printing Co. said on Monday a former contract worker stole nearly 9 million pieces of private data on customers from 43 clients including Toyota Motor Corp. Dai Nippon, one of Japan's largest commercial printing companies, said the confidential information included names, addresses and credit card numbers intended for use in direct mailing and other printing services. Dai Nippon said the employee stole client data between May 2001 and March 2006 by copying information on to floppy disks and other recording media.Payment Processor Breach May Be Largest EverBy Brian Krebs | Washington Post | 20 January 2009A data breach last year at Princeton, N.J., payment processor Heartland Payment Systems may have compromised tens of millions of credit and debit card transactions, the company said today.If accurate, such figures may make the Heartland incident one of the largest data breaches ever reported.When It All Goes Wrong…“In filings for the Securities and Exchange Commission, Heartland said that it lost $2 million in the second quarter of this year, and that the 2008 data security breach cost it $32 million as of June 30 (2009)” – Credit Union Times5
- 10. Back to BasicsGoodSecurity Makes Compliance Easier.Compliance is a process, not a project.
- 11. The best wayto achieve compliance is to get the security basics right.
- 12. Use compliance programsto help focus security, refine processes, and document what’s done.
- 13. Relying simply oncompliance to provide security leaves organizations open to attack.6
- 14. It’s a BraveNew WorldCloud computing, virtualization and the consumerization of IT have led us to ask:Who has access to our data?Where are they accessing it from?How do I monitor privileged activity?7
- 15. Start by UnderstandingRiskWhat are we trying to protect?Identify and classify sensitive data and assets.Who or what are we protecting it from?Vulnerabilities can be technical or non-technical.Accidents or errors often cost more than malicious attacks.What would happen if we fail?Failure to meet regulatory mandates can be costly.Lost business opportunity or interruption of activity.8
- 16. Identify and ProtectCritical DataFinding the dataData may be in files, on physical media, in databases, or in the cloud.Most breaches involve data that the victim did not know was there.Categorizing dataWhat data is sensitive and at risk?Monitoring accessCan I identify abnormal access?Who is really accessing the information?9
- 17. Monitor User andResource Access“Out-of-date and/or excessive privileged and access control rights for users are viewed as having the most financial impact on organizations.”– IDC Insider Risk Management, August 2009“Authorized” users are a major threat to data:Theft, fraud and abuse remain significant problems.Accidental exposure or loss of data.Privileged users represent the greatest risk:Can insert malicious code just about anywhere.Have the ability to override system controls without detection.10
- 18. The Importance ofUser (De-)ProvisioningRajendrasinh Makwana, 35, of Frederick, Maryland, was indicted on January 27 for the attempted malware attack.“Despite Makwana’s termination, [his] computer access was not immediately terminated.” - FBI agent Jessica A. Nye stated in the affidavit.Makwana created a malicious script:- Designed to propagate to all 4,000 servers.- Damage would have cost millions of dollars to repair.Nearly 80% of terminated employees take data with them that they know is against company policy. – Dark Reading Tech Center – Insider Threat: March 200911
- 19. Control and MonitorPrivileged AccessMonitor system and file integrityChanges to key system files.Modification of rarely accessed data.Investigate unusual changesChanges to key system files.Modification of rarely accessed data.Audit individual actionsFocus on privileged and “high risk” users/accounts.12
- 20. Capture and MonitorLog DataSecurity and network devices generate lots of dataOS, Network, Virtual, P&A, User Activity, DAM, IAM.Compliance mandates capture and review of logsLogs can often provide early warning signs82% of the time, evidence was visible in logs beforehand.Failure to monitor is costlyBreaches often go undiscovered and uncontained for weeks or months.13
- 21. Physical, Virtual, HybridVirtualizationbrings its own challenges to maintaining complianceMaintain and extend security for critical system into the virtual environmentAudit and configuration are just as importantLog management is still required14
- 22. Some Questions toAsk Yourself…How do I monitor privileged users?How do I detect changes?How can I see what has changed, and who changed it?How do I see when someone accesses sensitive information?How do I know if someone copies sensitive data?What about protecting Active Directory and Group Policy Objects?What about relational databases?15
- 23. SummaryComplexity is increasing;capacity is not.Criminals are having success exploiting weaknesses in process as much as technology.Hybrid service delivery models simply change the threat vector but do not reduce the risk.Focus on basic good practices to get ahead of the bad guys.16
- 24. Security & CompliancePerformance& Availability Identity & Access17Our Areas of Focus and ExpertiseManage and audit user entitlements
- 25. Track privileged useractivity
- 26. Protect the integrityof key systems and files
- 27. Monitor access tosensitive information
- 28.
- 29. Monitor and manageheterogeneous environments including custom applications
- 30. IT Service validationand end-user performance monitoring
- 31. Dynamic provisioning of large-scale monitoring with exceptions
- 32. Functional and hierarchicalincident escalation
- 33. Deliver and managedifferentiated service levels
- 34. User Provisioning LifecycleManagement
- 35. Centralize Unix accountmanagement through Active Directory
- 36. Reduce number ofprivileged users
- 37.
- 38. Windows and Exchangemigration17© 2010 NetIQ Corporation. All rights reserved.
- 39. Learn More inOur Virtual BoothComplete our survey. For a chance to win one of two Apple iPads.Chat with our product experts.Download analyst research reports:“Build Security Into Your Network’s DNA: The Zero Trust Network Model” - ForresterView recent webinars with industry experts:“Combating the Insider Threat: Vulnerabilities and Countermeasures” with Ira WinklerAccess informative whitepapers, including: “Address the Insider Threat of Privileged Users”, co-authored by Dr. Eric Cole18
- 40. Thank You ForAttending!