top 3 mac spoofing challenges you cannot afford to ignore
TRANSCRIPT
!Top 3 MAC Spoofing Challenges !You Cannot Afford to Ignore
Data breaches are increasing
Identity Theft Resource !Center reports in 2014 • 18.3% increase in data breaches • 783 data breaches in the U.S. • 85+ million records were affected
Verizon’s 2014 Data !Breach Investigations Report • Internationally 1,367 confirmed data breaches in 2013 • Over 10,000 data breaches in the last 10 years
Source: Informa.on is Beau.ful World’s Biggest Data Breaches
Data breaches are costly
Ponemon’s 2014 report !Cost of Data Breach: Global Analysis • Average data breach costs $3.5 million U.S. dollars • 15% increase in cost over previous year
The research reveals that reputation and the loss of customer loyalty does the most damage to the bottom line.
Data breaches are increasing
Figure from Verizon’s 2014 Data Breach Investigation Report
MAC spoofing
Definition:
Connecting to the network with a falsified media access!control (MAC) address
History of MAC spoofing
• Whitelisting as a form of security
• Falsifying MAC address was too easy for hackers
• Use MAC address as first line of defense, and combine it with a more contextual understanding of the device
Top 3 MAC spoofing challenges Lack of visibility
Unable to keep a complete, real-time inventory of what is on the network and where each endpoint is located
Internet of Things trend Increase in headless and non-traditional devices on the
network
Trusting the device Security that relies on the device being the sole source
of information
Challenge 1: Lack of visibility
The problem
• Don’t know where unauthorized access or entry points into the system might be
• Don’t know if there is an unauthorized device touching the network (whether it is misconfigured, etc.)
• Don’t know if security measures are protecting entire network
The solution
• Complete visibility of all endpoints on the network – Deeper historical and contextual understanding of
all devices on the network
Challenge 1: Lack of visibility
This is not as simple as it sounds • Time intensive task
• Constantly changing landscape – Increased mobility – Guest access
• BYOD initiatives
• Need for user convenience
Challenge 1: Lack of visibility
To really solve the problem you need:
• Automated technology to create an inventory • Access to contextual data • Continuous, real-time monitoring for an ever-changing network
Challenge 1: Lack of visibility
Challenge 2: Internet of Things The trend • Increase in devices that use your network data to do
amazing things!
Fire extinguishers that tell you when they are in use
Sprinklers that use weather information to determine how often to run
Trash cans that alert you when they are full
The trend
VOIP Phones HVAC Systems Security Cameras
Challenge 2: Internet of Things
The problem
• These devices are outside of the norm, meaning that current solutions may have limited contextual information about them
– If the MAC address is spoofed the lack of context can make it difficult to identify that a rogue device has been added to the network
Challenge 2: Internet of Things
The solution
• Visibility of all devices, including headless devices • Agentless or clientless security solution (since these often
have specific operating systems dependencies)
Challenge 2: Internet of Things
The problem
• Trusting the device by MAC address or MAC OUI !alone is risky
– The MAC address is not enough information
MAC spoofing is based on a device being dishonest
Challenge 3: Trusting the device
“Communicating externally”
“Running Windows apps”
176.16.232.134
The solution Warehouse of context
Challenge 3: Trusting the device
What is the device?
How is the device! behaving?
Where is the device?
HOW WE CAN HELP?
The Beacon suite of solutions Identify. Ensure every endpoint accessing the network is accounted for to eliminate vulnerable blind spots.
Monitor. Know how endpoints are behaving at all times to easily identify and address potential threats quickly.
Enforce. Control access to the network to allow what should be on the network on, and keep what shouldn’t off.
“As far as seeing what’s "on the network, it’s "all about visibility and troubleshooting. When you’re trying to figure out, ‘what’s plugged into this port?’ and you can go and see that in Beacon, it saves you time.” "" –Patrick Printz, "
current Beacon user
• Comprehensive. !Our software provides you with complete visibility. We detect and profile all device types touching your network, including headless devices.
• Contextual. !Our technology provides you with historical and real-time detailed context.
– What is the endpoint – Where is it located – Is it behaving uncharacteristically
• Scalable. !Great Bay Software’s technology!has been proven to scale to satisfy !the largest of enterprise customers.
• Simple. !Our technology is a sophisticated application that is actually easy to deploy and manage. !
Why Beacon?
Contact Us 1.800.503.1715
Find more resources and information at www.greatbaysoftware.com
QUESTIONS?