Big Data, Flow Analysis Techniques to Evaluate Data Leakage Risks

Problem Statement• Data has BUSINESS VALUE, Business Processes DEPEND on

DATA, Organizations CAN NOT FUNCTION without data • Increased DISTRIBUTION of data creates substantial

management challenges • Increased OUTSOURCING and BUSINESS PARTNERING

creates more requirements for data to move IN and OUT of your ORGANZATION

• Your strategic data may be stored INSIDE or OUTSIDE your organization; usually BOTH

• Organizations, and networks, are therefore INCREASING IN COMPLEXITY

• DATA PROTECTION, therefore, becomes more difficult

Problem Statement – Big Data

• “Big Data” has unique characteristics that present substantial control challenges

• VOLUME; large-scale distributed systems architectures generate substantial levels of descriptive data including transactional logs, automated system activity, and user activity.

• VELOCITY; Operational systems often produce large volumes of data output and do so at a very rapid pace. The combination of veracity and volume in large-scale systems quickly creates scenarios of data production that far outstrips prevailing approaches to analytics.

Problem Statement – Big Data • VARIETY; large data resources may exhibit substantial

variety in data types, such as the inclusion of structured and unstructured data, various multimedia formats, and integrations of technical and social data.

• VERACITY; Uncertainty may exist in large databases as a result of data inconsistency, incompleteness, ambiguity, and deception. Veracity may be characterized as a problem of “data in doubt”.

• VISUALIZATION; the visual representation of data is intended to facilitate communication about a system clearly and effectively by application of appropriate graphical methods. Visualization is often presented as a potential answer to the problems of volume and velocity, in particular.

Big Data – Security Challenges

Securing Big Data • Protection of distributed, large-scale data

resources requires new methods to identify risk profiles and subsequent development of control strategies that consider the unique challenges presented by the characteristics of Big Data.

This presentation focuses here

Common Risk Factors

• Mobile Devices • Clear Text E-Mail • System Break-In • Insider • Passwords • Paper

Familiar threats have bigger IMPACT in the Big Data Environment and can engage ANYWHERE in the complex system

Risk #1 – Theft or Loss of Mobile Device

• Laptop, Smartphone, Tablets, any type of USB Storage

• Data PHYSICALLY RESIDES on the device • The device may be used by unauthorized party as

a PATHWAY to company data • Technical controls are available, but may be

unevenly applied, and are sometimes misconfigured

• Improper DISPOSAL of devices is a factor • BYOD – the EMPLOYEE owns the asset!

Risk #2 – Clear Text E-Mail• E-mail is part of our culture, ROUTINELY used to transit

SENSITIVE CONSUMER DATA! • Messages are not encrypted unless you TAKE STEPS to

actually encrypt them! Otherwise the messages are in CLEAR TEXT!

• Secure messaging technology is widely available but typically requires USER COMPLIANCE to send the message in the secured channel, keyword scanning systems are available to FORCE encryption, OUTBOUND messages can be scanned to DETECT leakage

• Improper configuration of email on smartphone/tablets is COMMON!

Risk #3 – System Break-In

• Need an example? Check this week’s news! • System breaches are executed with a

PURPOSE, including THEFT OF DATA as well as THEFT OF FUNDS

• Motives may VARY, and therefore the data that is at risk may not be as obvious as you may think.

Risk #4 – Insider• Some studies indicate it as the MOST COMMON scenario

leading to data loss • Renders Access Control Systems IRRELEVANT • Special knowledge of company IT and access privileges may

allow for long-term, wide-spread breaches • Insider Threats can derive from varying MOTIVES;

Malicious/Disgruntled • Theft / Sale of Data • Negligence

• Insider tactics can vary but all leverage TRUST USB Storage or “USB-Wifi to connect to MiFi”

Risk #5 – Passwords

• The most COMMON access control mechanism • Can be Too EASY, or easily GUESSED • Sometimes NO PASSWORD is established! • ADMINISTRATOR passwords often not changes

from DEFAULT values • Users like to WRITE THEM DOWN! • Once breached, attacker is free to Create, Read,

Update, Delete

Risk #6 – Paper

• Organizations continue to produce and store large volumes of PAPER DOCUMENTS

• Storage of SENSITIVE paper documents is often not secured within the office suite

• DISPOSAL of paper via shredders or shredding services requires EMPLOYEE CONSISTENCY in policy compliance

Summary of Risks - State of Affairs

Verizon: Worry about External “Hackers” • 92% of breaches involved external actors • 52% involved hacking • 40% involved malware • 76% exploited weak or stolen credentials • 29% leveraged social tactics • 75% had apparently financial motives

Summary of Risks - State of Affairs• Cisco: Worry about Internal Threats “…data security is

comprised through the unintentional and unwise behavior of employees and IT professionals.”

• “Mitigating data leakage from insider threats is a difficult challenge. Businesses must take advantage of every opportunity to better understand how employee behavior and intent relates to security issues, and to make security a priority in every aspect of business operations.”

Source: Data Leakage Worldwide White Paper: The High Cost of Insider Threats (Cisco).

Traditional Controls Approach

• General Controls • Application Controls • Process Controls • Control Design - Prevention, Detection, Response

• …Traditional Controls Design provides PIECES of the Control Puzzle… but RARELY are they viewed IN COMBINATION or IN TOTAL…

So here is the Challenge…

• We need to map ACTUAL and SPECIFIC Vulnerabilities to DATA resources within a SPECIFIC FUNCTIONAL CONTEXT

- Against -

• ACTUAL and SPECIFIC Controls over DATA Resources that may be IN TRANSIT or AT REST

Suggested Methodology

• Data Flow Analysis Techniques Can Help Identify Data Leakage Risks

• Assessment of Data Leakage Risks Requires DETAILED Analysis

• Analysis of Business Data Flows is Critical to Support Risk Analysis

• Threat Scenario Analysis is a Useful Technique to Help Identify and Evaluate Data Leakage Risks

• Data Leakage Prevention (DLP) Tools are available, but organizations need to know WHERE and WHEN to deploy them

Data Flow Analysis Method

• Investigation and Data Gathering • Process Mapping • Threat Analysis • Design the Controls • Technical Capabilities for Analysis and

Monitoring

A. Investigation and Data Gathering

• Review of: – BUSINESS PROCESS documentation – Risk-Control Matrices – Audit Reports

• Conduct Interviews and Workshops: • Request EVIDENCE: Standardized Business

Forms

B. Process Mapping Document the Basic System Flow:

– Input – Processing – Output

• Overlay Paper Business Documents

• Overlay Electronic Data / Document Exchange

• Identify Transfer Points of Data (Inflows/Outflows)

• Identify Databases / Hosts

Threat Analysis

• Workshop to include technical and business staff…

• Ask WHAT CAN GO WRONG? …PURPOSELY or ACCIDENTALLY?

• Ask “what has gone wrong here PREVIOUSLY?” • Ask “what has gone wrong at OTHER FIRMS?”

…from prior jobs, news, industry sources

• Brainstorm – think like a negligent employee, think like a malicious employee…

Design the Controls

• Electronic Data Flows IN and OUT • Paper Data Flows IN and OUT • Electronic Databases / Storage • Paper Storage • Third Party / Vendor Connections

D. Design the Controls

• Prevention; Avoid the leakage • Detection; Know a leakage occurred • Response; Take action to limit impact • Note: Data Leakage typically does not DEPRIVE

the owner of the data – the leakage almost always entails the unauthorized party gaining possession of a COPY.

• Therefore, leaks may be UNDETECTED, or COVERED UP and thereby resulting in NO RESPONSE unless SPECIFIC , EFFECTIVE CONTROLS HAVE BEEN ESTABLISHED!

E. Technical Capabilities - DLP

Emerging Technical Capabilities for Analysis and Monitoring: Data Leakage Protection (DLP) • Network Appliance-Based Solutions • Monitor Web, Email, Endpoints, USB • Policy Management and Reporting • Capability to Scan for “Office Files” or

Keyword/String Matches

Sample Deliverables

• Data Flow Mapping • Consolidated Customer Information Risk

Assessment (CIRA) • Threat Scenario Analysis

Recap: Meeting the Big Data Challenge

• Volume – layered controls to protect, detect, and where possible automatically alert/respond

• Velocity – a technical challenge, but manageable by taking a process orientation

• Variety – also manageable by using a process orientation to enable prioritization and focus

• Veracity – through effective controls • Visualization –through process mapping

27

Decouvertes

• It is not the answer that enlightens, but the question.

• No product based questions

28© VISTA InfoSec ®

Contact Us:

Email: sales@vistainfosec.com

Cell: +91-9820223497

Landline: +91-22-65236292

US: +1-415-513-5261

Visit us at: https://www.vistainfosec.com

Thank You29© VISTA InfoSec ®