abhilash sonwane - security leadership in an economic downturn - interop mumbai 2009
DESCRIPTION
In a period of economic downturn, the fear and uncertainty of layoffs are strong precursors to enhanced threats as they make employees easy victims for attackers, or prompt them to cause data leakage or network crashes due to malicious intent. Employees with internal knowledge of a company’s data, processes and vulnerabilities pose the single largest threat to organizations. In a downturn-related context, security leadership has to be redefined by a Layer 8 approach where CIOs focus on the individual user, and work closely with functional departments to create security risk profiles of all employees.TRANSCRIPT
Security Leadership in an Era of Economic Downturn
By Abhilash Sonwane, Cyberoam
Presentation Sketch
Security Issues During a Downturn
Methods of Data Leakage
CIOs and Security Leadership
Identity-based Security on Layer 8
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Security Issues During a Downturn
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Scaling back on IT Security Expenses during downturn lay-offs?
� 59% of laid-off employees admitted to stealing confidential data
� 67% used their former firm information in a new job
(SURVEY: Pokemon Institute, January 2009)
Yesterday’s insiders are today’s outsidersCost-cutting means companies are less confident in addressing newly emerging threats
� In a survey of 200 organizations, 32% reduced information security budgets in 2008.
� CONSEQUENCE: 60% admit increasing vulnerability to new, emerging security threats
(SURVEY: Global Security Survey for the Technology,
Media and Telecommunications Industry, May 2009 )
Bad Idea
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Causal Factors behind Data Leakage by Employees
Ignorant User
� Vulnerable to Targeted attacks by
� Hackers, Phishing, Spam
� Social Engineering attacks by ex-employees
� Social Network exploits: Facebook, Myspace
� Lack of awareness about company security policies
� E.g. By survey, 63% employees believed there are no restrictions in using USB memory sticks at work
(SURVEY: Prefix Security Report, UK)
User with Malicious Intent
� Apathetic employee
� Ignores system alerts and virus warnings
“Why should I care about this company?”
� Angry, disgruntled employee
� Sabotages, schemes, teams up with competitor
“I’ll destroy these people, serves them right!”
� Opportunistic, cunning employee
� Motivated by personal and financial gain
“I’ll steal this data for use in my next job.”
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
An Example of Data Leakage
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Ex-employee extracting data from current employees
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Ex-employee extracting data from current employees-The Twist in the Tale
� Yahoo! Messenger is a standard mode of support communication for the corporation
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Ex-employee extracting data from current employees
A disgruntled former employee sends a chat message on Yahoo! casually
Asking his ex-colleague to look at his new photos on his Geocities Website
� The attacker now had the ability to log on at will under the guise of his former colleagues
� Misguides customers and put the organization at risk
Dan_m24
*********
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
How has this become easier?
Hackers on easy street
� Publicly available vulnerability information
� The Toolkit business
� Research – Easy access to information from public and internal resources
Today’s network scenario
�Fluidity of the network perimeter which
opens it to partners, customers and more�Employees have access to business critical
information�One cannot help not being (i)n the “Net”
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
CIOs and Security Leadership
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
CIO Strategy during Downturn1111
Seeking balance Secure corporate information while supporting business agility
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
CIOs must step out of The Traditional Security Approach
Problem: Viruses, Worms, DoS attacks, Spyware
Solution: Firewall, IPS, Anti-Virus, Anti-Spam
The Current Scenario
• Increasing Network complexity
• Departments pose differing levels/types of data security concerns
• Increasingly mobile environments in enterprises
• Regulatory Compliance
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Head Office
BranchOffice
BranchOffice
RoadWarrior
Whatever the Security Solution, Does it have Identity?
• Enterprise Security
– Firewall / VPN / IPS
– AV / AS
– Content Filtering, Bandwidth
Management, Multiple Link Management
– Endpoint Security
• Branch Office and Remote User Security
• The 2 questions to ask are –
– Does it recognize the user?
– Can it control the user – anytime,
anywhere in the network (or outside)?
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Summary of Measures to be taken
Identity-based Security
Secure Remote Access
Basic Security• Secure the Desktop• Secure the Network
� Protecting Data & Securing the enterprise- Managing Remote Access
- Remote Offices and Partners Network- Managing the user
- The Employee & the Partner
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Identity-based Security
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Evolving Towards Identity-Based Heuristics
User identity – An additional parameter to aid decision making
� Who is doing what?� Who is the attacker?� Who are the likely targets? � Which applications are prone to attack – who
accesses them?� Who inside the organization is opening up the
network? How?
Building patterns of activity profiles –User Threat Quotient
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
User Threat Quotient - UTQ
Calculating the UTQ
� Rating users on susceptibility to attack� Nature of user activity� History of activity – normal record access –
number and type (customer data / research reports/..)
� Current status – new employee, terminated , etc.
� Analyze Who is doing What and When� Use of anonymous proxy� Downloading Hacker Tools� Accessing data off-hours� Amount of data accessed
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Technical Preventive Measures
Use Network Activity coupled with user identity information to:
�Identify deviations from the normal acceptable user behavior�Red flag malicious activity based on UTQ� Context of activity – repeated wrong password
attempts by new vs. old employee�Get Intrusion alerts with user identity information
� To Ease the data interpretation� To Determine how to fine tune the security
policies�Correlate data, e.g. using Bayesian inference network
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Use UTQ for Soft Measures
� Individualized education based on UTQ information
� Educating to Key persons – having access to business critical information
� Educating the employees as their role evolves – joiner, moving up, quitter
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Questions?!?
Cyberoam - Unified Threat ManagementUnified Threat ManagementCyberoam
www.cyberoam.com Copyright 2007 Elitecore Technologies Ltd. All rights reserved. Privacy PolicyC
Thank You!
For further info, please contact [email protected]
To Know more about Cyberoam visit www.cyberoam.com