proactive measures to prevent data theft

www.tectia.comCOPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED.

Proactive Measures to Prevent Data TheftSecuring, Auditing and Controllingremote access to your critical data

Kalle Jääskeläinen, CISSP

Director, Solutions Management

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED.

Customer and market challenges

2. Growing concern of insider threat and related data leakages

1. Growing pressure and need to secure existing legacy environments

3. Lack of visibility and control in outsourcedand other external operations


1. Growing pressure and need tosecure existing legacy environments

3

• 79% of victims subject to PCI-DSS had not achieved compliance

• Weakest level of compliance

Encrypt transmission of cardholder data across open public networks (PCI-DSS req. 4)

• Where Data was Targeted

67% In Transit

• Methods used to enter target systems

55% Remote Access Applications

Cyber-criminality against cardholder’s data. PCI-DSS council meeting, October 2010


• Solution: Tectia ConnectSecure• The fastest track to securing legacy business applications

and legacy file transfers

4

Legacy client application, e.g.

CRM

Legacy Server application

Tectia ConnectSecure

UserID and password sent in cleartext

SSHv2 server

UserID, password and application traffic

secured through SSH

SFTP server

FTP converted to SFTP

Legacy File Transfer client,

FTP

How to secure existing legacy environment fast and cost efficiently?


2. Growing concern of data leakages and insider threat

• 48% of the data breaches were caused by insiders (+26% increase compared to last year)

• The attack pathway of 34% of breaches are related to remote access and control services.

“Recently, many have hypothesized that insider crime would rise due to financial strain imposed by global economic conditions. Hard times breed hard crimes as they say”

5

Source: Verizon data breach report 2010


Biggest challenges regarding data leakagesand insider threat

6

• Administrators have the biggest operational power with the least accountability

• In general, user activities are not effectively audited

• 90% of the time logs are available but discovery via log analysis remains under 5%.

”In general, we find that employees are granted more privileges than they need to perform their job duties and the activities of those that do require higher privileges are usually not monitored in any real way.”



• The fastest track to

• enforce security controls and auditing

• meeting security standards

• ensuring business continuity

DENIED!

AUDIT

Tectia Guardian

• End-to-end encrypted remote access ,such as SSH and RDP

• No tools to audit and control the content of the secured connections

How to audit and control remote system access, also the encrypted sessions?


How to prevent and notice data leakages?

Business partner,Cloud service etc.

Onl

y Fi

leTr

ansf

ers

IPSDLP

Only defineddestinations,users and times


Customer Challenge:•Security and audit requirement to inspect all the traffic to critical services

•How to inspect encrypted connections?

Solution:•Tectia Guardian

•Deployment: Tectia combined with Intrusion Detection System provides a solution that enables customer to inspect and control all the connections, encrypted or not

Customer ROI•Fulfilled security requirement and passed audit

•Minimal impact to existing business processes and daily work

•Improved integrity and security of critical services and confidential information

Space exploration and aeronautics research organizationHow to ensure integrity, security and availability of critical services?

Example customer case:


3. Lack of visibility and control in outsourcedand other external operations

• Increasing trend for outsourcing IT management and operations

• 47% of the breaches within partner agents were conducted by remote IT management

• Partners that manage systems are by far the most common offenders, whether their role is accidental or deliberate.

10



Biggest challenges in outsourced operations

11

• End-to-end encryption of remote connections provides security, but prevents auditing or control

• No control or guarantees of the security level or processes of the external entity

• Systems are accessed by internal and external users• Who did what, when and how?

Organizations that outsource their IT management and support also outsource a great deal of trust to these partners.

In the end, what we said last year remains true; poor governance, lax security, and too much trust is often the rule of the day.

Outsourcing should not mean ”Out of sight, out of mind”



How to ensure visibility and control for oursourced and other external operations?

3rd party remote access to critical internal services

Internal IT Security/ Auditing4-EYES


Customer 1

Customer 1

Customer 1

System integrators and service providers.

How to ensure visibility and control?How to manage UserID/password nightmare (n x m)?

Service provider adminstrators

AD/ LDAPRADIUS

User1User2User3

Admin1


14

Tectia Guardian

Your fastest track to...

enforcing security controls

meeting security standards

ensuring business continuity


Tectia Guardian

• Comes as a pre-tested appliance or virtual appliance

• Supports multiple operation modes to fit any enterprise environment: router, bridge and bastion Host

• Transparent operation: minimal changes to existing operations

• Provides a true 3rd party for auditing: System administrators do not have access to Tectia Guardian or audit logs

• Comprehensive protocol support: SSH/SFTP, RDP, VMWare View, VNC, X11, Telnet, and TN3270

• Real time IDS and DLP data feed

• Extensive security functions such as gateway authentication and 4-eyes authorization

• Tamperproof log and audit trails with extensive content search and reports

15

Key Functionalities

Tectia Guardian Technical Overview

proactive measures to prevent data theft

Documents