© bdprotect inc. 2007 confidential isaca briefing presented by: john schuller...

© BDProtect Inc. 2007 CONFIDENTIAL

ISACA Briefing

Presented by: John Schuller

[email protected]



The Internet Paradox

With vast Opportunity

comes significant Risk


Emerging Threats

Impacting U.S. businesses today Area of risk which in a couple of years

will fall into traditional audit and control criteria

Standard controls for audit procedures for Internet monitoring and attack mitigation have not yet been developed


Reputation Management A holistic view of online threats


GROWTH EVERY SECOND

7 PCs Sold2 Million

e-mails Sent

7 People Logon For the First Time

11,000 Songs Shared

1,157 Videos Viewed on YouTube

2 New Blogs Created


Educate!

Gartner predicts that by the end of 2010, criminals will routinely use the Internet to extort funds from organizations, threatening to damage their corporate reputation by ensuring that routine online search requests will return negative or even libelous results.


Online Reputation Management

Few companies understand the brand implications of web based activities

Even fewer have a real grasp on how to deal with it

This is not just a Google search exercise


What issues do companies need to address?

Identity Theft Phishing & Malware

Sales & Marketing effectiveness Traffic Diversion Unauthorized Sales Channel Compliance issues

Corporate Integrity/Image Defamatory discussions Unauthorized Association Leaked documents

Intellectual Property abuses Domains, Trademarks & Images


Gartner

“Finding data and content is one obstacle, but being able to quickly analyze and prioritize its threat potential is critical, given the large mounds of information

likely to be returned in a search for offensive content”

Evaluating Brand Monitoring and Anti-Phishing Services: 10 September 2007: Aviva Litan and Arabella Hallawell


The Internet “Wild West”: Impunity reigns…

Identity theft Domain Names & Trademarks being “Hijacked” Online sale of counterfeit products Unauthorized agents posing as resellers False endorsement claims Traffic diversion schemes Offensive association of brands with questionable activities Reseller/agent/broker compliance issues Corporate reputation attacks Unauthorized logo use and defacement Disgruntled employee commentary on blogs, message boards, etc Document “leakage”


State Department

Recently commissioned five universities to write operating controls for managing and mitigating online threats


Why companies need “Protection”

Rights: Protect against Intellectual Property ownership dilution

Revenue and Profits: Protect SEO, online traffic, channel effectiveness

Reputation: “Erosion” due to impact on customer experienceAND… Allowing issues to go unchecked can lead to

irreversible damage, a reputation “Tipping Point”


The “Tipping Point”

"If your business depends on a positive Internet reputation, then you have little choice than to explicitly manage that reputation online. The Internet is like a bad-news Petri dish; negative information multiplies and spreads with frightening speed and becomes virtually impossible to erase.“ Jay Heiser, Research VP


Stella Artois is one of the best Beer Brands in the World Until Recently it was the most popular Beers in England

Stella’s Story


“Erosion”

Until some blogger thought it would be fun to associate the Beer with a scene in the movie: “A street Car Named Desire. “

Associating the brand with someone who beat his wife.


The Tipping Point


Disaster: Blogstorm!


Brand Impact

$400 million in lost revenue Overall damage to brand estimated at

$1 billion Storm went undetected for six months No controls or processes in place to

monitor Internet chatter, brand logos, names, links, etc.


Traffic Diversion

This website http://www.investment-fraud-info.com/merrill-lynch-fraud.html hosts links that have the Merrill Lynch name in them but do not resolve to the Merrill Lynch page. This infraction is worse because they are talking about fraud on the website.


Unauthorized Association

The website http://www.shadowyfish.com/portfolio.html is claiming to have designed the Merrill Lynch login page. If this information is not correct then they are using your good name and reputation to sell their service


Reputation Damage:

The website http://www.dealbreaker.com/2007/01/merrill_lynch_super_model_sex.php is discussing a sex scandal that took place between a Merrill Lynch employee and a super model. It is important to monitor this discussion to make sure it does not get out of control


Reputation Damage:

The website http://jeffmatthewsisnotmakingthisup.blogspot.com/2007/10/chipping-and-putting-while-merrill.html is discussing an executive playing golf while the company was in trouble. This can be damaging to the reputation of the company and the person.


Protection benefits span the organization

Marketing/Sales/Public Relations/HR Identify and address negative issues in a timely fashion SEO and Web Traffic immediate ROI! Channel partner compliance

Legal Track compliance, trademark, confidentiality & counterfeit issues

IT and Physical Security React immediately to threats against customers & facilities

Investor Relations/Public Affairs Financial information disclosure

Leadership/Risk Management Risk visibility across entire organization


Case Studies

www.bdbrandprotect.com

Teck Cominco KitchenAid


Who are we?

Founded in 2001 (Pioneers this space) Privately held with Operations in US, Canada, Asia & UK A “Company to watch”

Winner Deloitte Technology FAST 50 Winner of Always On Winner of Microsoft Technology Award One of only 5 brand monitoring firms identified by Gartner Only Member of F.I.R.S.T. in our industry

Relationships with more than 2,000 global Internet Service Providers that account for more than 85% of the traffic flowing across the Internet

Uniquely Positioned to Identify AND Eliminate Threats. Uniquely positioned to deal with both the Threat and the

Opportunity inherent with the Internet


IERM (Enterprise Internet Risk Mitigation)


Outsourcing versus in-house monitoring

Beyond purely reputation management, any new initiative must demonstrate a

clear ROI with respect to:

Higher quality of intelligence provided Cost effectiveness Ease of threat tracking & documentation


Search complexity example

91,680 sites all linking to www.bmo.com (just one site)

458 sites analyzed each day 57 sites per hour 3.82 FTEs (@$40K/FTE w/o benefits)

Cost Implications (if done in-house): $153,000

Assumes 200 days per year; 8 hour days; 15 sites /hour only review each site once per year!


Analysis and prioritization

What about:

Comprehensiveness Broad, Global search requires >> Google

Continuous monitoring New sites come on all the time and infractions “pop up”

Threat expertise What is potential impact of infractions?

Filtering capabilities > 99% of returns end up as “False positives”

Taking action Can Legal handle the volume (Can you handle the legal costs?) Do you have relationships with ISPs, authorities necessary?

Forensics How do you capture data necessary for evidence, management and

even audit trail purposes?


Building online knowledge since 2001

Own one of the world’s largest maps of the Internet which consists of:

Over 300 million domains Over 12 billion web pages or URLs Over 90 billion links Millions of images, logos, and documents Over 300 million fetched/processed pages per

month


BD-BrandProtect monitors a wide variety of Internet sources and captures raw data:

Custom feeds

RSS feeds

Search processor

Auction spider

BoardWalker™

ImageWalker™

LinkWalker™


Algorithms then eliminate irrelevant data and provide initial categorization, scoring and ranking of infractions.


The streamlined data is then closely examined by our analysts and scored to produce categorization records.


Finally, the analysts use the data to provide insight and deliver actionable recommendations.


Engagement Options

Executive Dashboard with Visibility over online “Footprint” and trending of online issues over time

Continuous Reputation Management Program Monitoring, Management, Measurement and Mitigation of issues “Readiness” program available to assess value over 90 day period

Threat Analysis Point in time study to assess likelihood and probability of being impacted

by online issues


BD-BrandProtect advantage

$40 million investment in technology, strategy and operational efficiencies

Utilizes a proprietary “learning” system that maps sites of particular interest for future reference and allows for unique value added services:

Sub-domains, which are most often used in illicit activity Image, Logo, Document & other file tracking Discussion Monitoring

Your non-core process is our core competency!


Contact Information

John SchullerRegional Sales Manager

[email protected]

Office: (216) 267-6794Cell: (216) 526-7961

© bdprotect inc. 2007 confidential isaca briefing presented by: john schuller...

Documents