The Anatomy of a Cloud Data Breach
•Télécharger en tant que PPTX, PDF•
60 j'aime•5,071 vues
With more than 700 cloud apps being used by a typical enterprise, what is the risk associated with all this cloud usage? There is a catch-22 between using the cloud and being safe. The question is should you block everything to mitigate your risk? That may not be the best solution as many people rely on the cloud for anytime, anywhere, access to data and to help them be more productive. Netskope believes that Allow is the New Block and you should allow cloud applications, but block the risky activities instead.
Recommandé
Recommandé
Contenu connexe
En vedette
En vedette (16)
Plus de Netskope
Plus de Netskope (20)
Dernier
Dernier (20)
The Anatomy of a Cloud Data Breach
- 1. THE ANATOMY of a CLOUD DATA BREACH
- 2. 80 million records Anthem 500K records IRS 18 million records OPM 37 million records Ashley Madison 4.5 million records UCLA Med Center
- 3. Some say we have Breach Fatigue
- 4. Sources and per record cost of a data breach Malicious or criminal attack Human error System glitch Source: 2015 Ponemon cost of a data breach
- 5. Most Data Breaches Involve Advanced Persistent Threats (APTs) • An APT is a set of stealthy and continuous computer hacking processes, often orchestrated by human(s) targeting a specific entity. • Usually targets organizations and/or nations for business or political motives. • Processes require a high degree of covertness over a long period of time. From Wikipedia APT lifecycle (Gartner)
- 6. APT lifecycle simplified • Infiltration – Attempt to gain a foothold in the environment • Command and Control – Injects a payload into the compromised system to direct malware on what to do • Exfiltration of Data - Unauthorized transfer of sensitive data Infiltration Command & Control Exfiltration of Data APT
- 7. INSERT A CLOUD GRAPHIC What role does the cloud play in data breaches?
- 8. If your organization had 100 cloud apps and added 25 more in a 12-month period, you would increase your probability (and expected economic impact) of a data breach by 75%* Increase use and increase probability *source: 2014 Ponemon report cost of a data breach
- 9. 9 apps • 700+ cloud apps per enterprise • 90% are not enterprise-ready users • Malicious or non- intentional • 15% of corporate users have had their account credentials compromised
- 11. 11 apps • 700+ cloud apps per enterprise • 90% are not enterprise-ready users • Malicious or non- intentional • 15% of corporate users have had their account credentials compromised data • 18% of files in cloud apps constitute a policy violation • 22% of those files are shared publicly activities • Cloud makes it easy to share • When is an activity an anomaly?
- 12. Cloud Usage and APT lifecycle APT
- 13. Data Breach Study: Phase 1 - Infiltration CLOUD APP USED FOR MALWARE DELIVERY Step 1 Upload your file to uploading.com
- 14. Data Breach Study: Phase 1 - Infiltration CLOUD APP USED FOR MALWARE DELIVERY Step 2 Download your file
- 15. Data Breach Study: Phase 1 - Infiltration CLOUD APP USED FOR MALWARE DELIVERY Step 3 Check for Virus / Malware
- 16. Data Breach Study: Phase 2 Command & Control CLOUD APP USED FOR C&C SERVER • Initial Infection vector – spear phishing • Malware component – crafted RTF files – Exploits vulnerability CVE-2014-1761 (Microsoft Word RTF Object Confusion) • Command & Control Server – CloudMe.com (100 accts) – Data ex-filtrated to cloud storage app CloudMe.com – New payloads & instructions downloaded • Data Retrieval – network of compromised home routers source: Blue Coat
- 17. Data Breach Study: Phase 2 Command & Control CLOUD APP USED FOR C&C SERVER • Initial Infection vector – spear phishing • Malware component – crafted RTF files – Exploits vulnerability CVE-2014-1761 (Microsoft Word RTF Object Confusion) • Command & Control Server – CloudMe.com (100 accts) – Data ex-filtrated to cloud storage app CloudMe.com – New payloads & instructions downloaded • Data Retrieval – network of compromised home routers source: Blue Coat
- 18. Data Breach Study: Phase 3 Data Exfiltration CLOUD USED FOR DATA EXFILTRATION Exfiltration of Data via Personal Cloud Storage Employee Credentials Compromised 80 million records compromised
- 19. Catch-22
- 20. Allow is the new block (allow is new block green light slide) 20
- 21. 6 Steps to Mitigating Cloud Usage Risk (without blocking everything)
- 22. STEP 1: Discover the cloud apps running in your enterprise and assess risk
- 24. STEP 2: Understand cloud usage details v v Bob in accounting From his mobile phone v Uploading customer data to Dropbox v Bob’s credentials have been compromised
- 25. Traditional perimeter security is blind to cloud activity Perimeter Security Cloud Security 2.0 Number of cloud apps Hundreds Thousands Bytes ✔️ ✔️ Basic session Info ✔️ ✔️ Cloud app enterprise-readiness score ✔️ Activity-level details for all cloud apps ✔️ Content-level details for files tied to an activity or for files stored in a cloud app ✔️ © 2015 Netskope. All Rights Reserved.
- 26. © 2015 Netskope. All Rights Reserved. Perimeter security lacks activity and content visibility 26 Web session start Login as: mary@acme Browser/OS From: IP address To: IP address www.box.com URL Category: File Sharing/ Storage HTTP GET/POST/ DELETE/CONNECT HTTP headers GET and POST Body Identity App Activity Data Summary Perimeter Security Cloud Security 2.0 Web session end Login: mary@acme.com URL: Box Category: File Sharing Using: Macbook, Safari 6.0 From: IP address To: IP address Login as: mary@acme Box ID: mary@gmail Using: Macbook/Safari From: Mtn View, CA Destination: App located in Germany To user: sharing a doc with “John@Newco” App: Box Category: Cloud Storage App Instance: Corporate CCL: High Risk: High Login Upload Download Share Logout Invite Edit View… PII/PCI/PHI data Other sensitive classifications Login: mary@acme.com Box: ID mary@gmail.com App: Box Instance: Corporate Using: Macbook, Safari 6.0 From: Mountain View, CA Activities: Create Folder, Move Files (4), Share Folder w/ John@NewCo Anomalies: Downloaded a PII doc from SFDC, uploaded to box
- 27. STEP 3: Monitor activities, detect anomalies, and conduct forensics
- 29. STEP 4: Find sensitive data tied to an activity or stored in a cloud app
- 31. STEP 5:Use surgical precision in your policies, leveraging contextual data
- 32. © 2015 Netskope. All Rights Reserved. Examples of using context in your policies 32 Quarantine PII data uploaded to risky cloud storage apps Allow marketing and support teams to post to social media, but block finance team Don’t allow data marked “confidential” to be shared outside of our company Alert users using their personal Dropbox to use a sanctioned cloud app instead
- 33. STEP 6:Don’t leave users in the dark. Coach them on safe usage.
- 34. 5: Use surgical precision in your policies, leveraging contextual data 3: Monitor activities, detect anomalies, conduct forensics, and find sensitive data 2: Understand cloud usage details 4: Find sensitive data part associated with an activity or stored in a cloud app 1: Discover the cloud apps running in your enterprise and assess risk 6: Don’t leave users in the dark. Coach them on safe usage.
- 35. Thank You!