For companies that have critical information assets such as customer data, intellectual property, trade secrets, and proprietary corporate data, the risk of a data breach is now higher than ever before. In fact, more electronic records were breached in 2008 than in the previous four years combined.
In a world where data is everywhere, it has become harder than ever for organizations to protect their confidential information. Complex, heterogeneous IT environments make data
protection and threat response very difficult. Yet today's businesses depend on their security teams to ensure that collaboration and sharing by an increasingly mobile workforce remains safe and secure.
Why data breaches happen:
Third-party research into the root causes of data breaches.
protection and threat response very difficult. Yet today's businesses depend on their security teams to ensure that collaboration and sharing by an increasingly mobile workforce remains safe and secure.
Why data breaches happen:
Third-party research into the root causes of data breaches.
Main types: well-meaning insiders, targeted attacks, and malicious insiders.
Well-meaning insiders
Company employees who inadvertently violate data security policies
involved incidents resulting from negligence.
1)Data exposed on servers and desktops
2)Lost or stolen laptops
3)Email, Web mail, and removable devices.
4)Third-party data loss incidents
Targeted attacks
Such attacks are often automated using malicious code that can penetrate into an organization undetected and export data to hacker sites.
The malicious insider
1)White collar crime.
Well-meaning insiders
Company employees who inadvertently violate data security policies
involved incidents resulting from negligence.
1)Data exposed on servers and desktops
2)Lost or stolen laptops
3)Email, Web mail, and removable devices.
4)Third-party data loss incidents
Targeted attacks
Such attacks are often automated using malicious code that can penetrate into an organization undetected and export data to hacker sites.
The malicious insider
1)White collar crime.
The employee who knowingly steals data
2)Terminated employees.
2)Terminated employees.
How to stop data breaches?
1)Proactively protect information
Implement "define once, enforce everywhere" policy management with incident remediation workflow, reporting, system management, and security.
• Find sensitive information located on file servers, databases, email repositories, websites, laptops, and desktops, and protect it with automatic quarantine capabilities as well as support for policy-based encryption.
• Inspect all network communications, such as email, IM, Web, FTP, P2P, and generic TCP, and enforce policies to proactively block confidential data from leaving the organization through these network exits.
• Proactively block confidential data from leaving the organization from endpoints via print, fax or removable media.
2)Automate the review of entitlements to sensitive data. Data breach is often the result of a targeted attack that uses malware to find and export the data—and use of improper credentials is the leading cause of such attacks. By automating regular checks on passwords and other entitlement controls, organizations can reduce the risk of such a breach. In addition, failure to lock down the entitlements of terminated employees in a timely manner is a major
contributor to breaches caused by malicious insiders. Automated entitlement reviews can stop such breaches before they happen. Survey tools, controls assessment automation, and security event management solutions enable organizations to prevent breaches that stem from unenforced entitlements.
• Automatically check technical controls on entitlements assigned to the terminated employee, such as Active Directory and Exchange access.
• If, after a termination, the disabled credential is used in an attempt to access restricted data or systems, flag the incident for investigation and prevent a potential data loss incident.
3) Identify threats by correlating real-time alerts with global security intelligence.
• Security intelligence services analyze data from billions of email messages and monitor millions of systems worldwide on a daily basis.
4) Stop incursion by targeted attacks. The top three means of hacker incursion into a company's network are default password violations, SQL injections, and targeted malware
1)Proactively protect information
Implement "define once, enforce everywhere" policy management with incident remediation workflow, reporting, system management, and security.
• Find sensitive information located on file servers, databases, email repositories, websites, laptops, and desktops, and protect it with automatic quarantine capabilities as well as support for policy-based encryption.
• Inspect all network communications, such as email, IM, Web, FTP, P2P, and generic TCP, and enforce policies to proactively block confidential data from leaving the organization through these network exits.
• Proactively block confidential data from leaving the organization from endpoints via print, fax or removable media.
2)Automate the review of entitlements to sensitive data. Data breach is often the result of a targeted attack that uses malware to find and export the data—and use of improper credentials is the leading cause of such attacks. By automating regular checks on passwords and other entitlement controls, organizations can reduce the risk of such a breach. In addition, failure to lock down the entitlements of terminated employees in a timely manner is a major
contributor to breaches caused by malicious insiders. Automated entitlement reviews can stop such breaches before they happen. Survey tools, controls assessment automation, and security event management solutions enable organizations to prevent breaches that stem from unenforced entitlements.
• Automatically check technical controls on entitlements assigned to the terminated employee, such as Active Directory and Exchange access.
• If, after a termination, the disabled credential is used in an attempt to access restricted data or systems, flag the incident for investigation and prevent a potential data loss incident.
3) Identify threats by correlating real-time alerts with global security intelligence.
• Security intelligence services analyze data from billions of email messages and monitor millions of systems worldwide on a daily basis.
4) Stop incursion by targeted attacks. The top three means of hacker incursion into a company's network are default password violations, SQL injections, and targeted malware
• Automate polling of administrators to make sure that default passwords are deleted and ACLs are updated.
• Use host-based intrusion detection and intrusion prevention systems on servers to safeguard host integrity in case of SQL injection attack and to stop malware from writing to core systems.
• Use messaging security to monitor and block the inbound flow of targeted malware.
5) Prevent data exfiltration. In the event that a hacker incursion is successful, it is still possible to prevent a data breach by using network software to detect and block the exfiltration of confidential data.
• Use host-based intrusion detection and intrusion prevention systems on servers to safeguard host integrity in case of SQL injection attack and to stop malware from writing to core systems.
• Use messaging security to monitor and block the inbound flow of targeted malware.
5) Prevent data exfiltration. In the event that a hacker incursion is successful, it is still possible to prevent a data breach by using network software to detect and block the exfiltration of confidential data.
Using technology to monitor and protect information, the security team should be able to continuously improve the plan and progressively reduce risk based on a constantly expanding knowledge of threats and vulnerabilities.
• Integrated solutions for data loss prevention, system protection, compliance, and security management enable customers to create an operational model for security that is risk-based, content-aware, responsive to threats in real time, and workflow-driven to automate day-to-day processes and close gaps between people, policies, and technologies.
• Security services—including consulting, education, critical support, and global intelligence services—provide organizations with deep security knowledge and broad security product expertise.
• Integrated solutions for data loss prevention, system protection, compliance, and security management enable customers to create an operational model for security that is risk-based, content-aware, responsive to threats in real time, and workflow-driven to automate day-to-day processes and close gaps between people, policies, and technologies.
• Security services—including consulting, education, critical support, and global intelligence services—provide organizations with deep security knowledge and broad security product expertise.
No comments:
Post a Comment