the data breach –it’s no longer if, but when! · symantec internet security threat report vol...
TRANSCRIPT
![Page 1: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/1.jpg)
Cyber Threat WorkshopThe data breach – it’s no longer if, but when!
![Page 2: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/2.jpg)
![Page 3: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/3.jpg)
Measuring Trust and Risk in Cloud: A New Perspective
Muttukrishnan Rajarajan
Professor of Security Engineering
Contact: [email protected]
![Page 4: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/4.jpg)
SLIDES NOT DISPLAYED
DUE TO CONFIDENTIALITY AND
PUBLICATION RESTRICTIONS.
ANY QUERIES, PLEASE CONTACT:
Muttukrishnan Rajarajan
Professor of Security Engineering
Contact: [email protected]
![Page 5: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/5.jpg)
Cyber Threat WorkshopThe data breach – it’s no longer if, but when!
![Page 6: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/6.jpg)
PRESENTED BY
Ray Dalgarno
Empowering the Human Elementwithin the Security Eco-system
![Page 7: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/7.jpg)
Agenda
Phishing – General Background
Why Phish5
Phish5 Service - Features & Functionalities
Q&A
Live demonstration (post presentations)
![Page 8: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/8.jpg)
Phishing & Spear Phishing
Phishing refers to emails utilising a shotgun, indiscriminate
approach. Designed to trick recipients into opening
attachments which have malicious code embedded,
submitting credentials or visiting a website which hosts
malicious code
Spear Phishing aims are similar to Phishing but are in an
increasingly sophisticated & targeted form that, to the
recipient, appears to come from a legitimate, trusted source
![Page 9: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/9.jpg)
No-one is Safe
USA - White House systems
USA retailers - Target, Home Depot
Sony Pictures
NATO Conference – Wales (October 2014)
Chartered Institute for Securities and Investment
![Page 10: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/10.jpg)
UK Cyber Security
90% of large businesses & 74% of smaller ones
surveyed suffered a cyber security attack in 2014
the average cost of a breach to business has
increased dramatically since 2014,
£1.46m - £3.14m
Cost to larger organisations
£75k - £311k
Cost to SMB organisations
PWC-Information Security Breaches Survey 2015
![Page 11: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/11.jpg)
Distribution of Spear-Phishing Attacks
Small & Medium Businesses1-250 Employees
34% 30%2014 2013
41% 39%2014 2013
Large Enterprises2,500 + Employees
Symantec Internet Security Threat Report Vol 20-2015
![Page 12: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/12.jpg)
Growing International Exposure
+/-100 International Banks (est. losses to-date £650M)
Inga Beale, CEO Lloyds of London…”UK companieslose up to £268 million per year”…”the situation is onlyworsening” CMI online
07 April 2015
New data protection laws being finalised in the EU“… general data breach notification obligation…”,
European Data Protection Supervisor, Giovanni Buttarelli April 2015
Only 14% of breaches publicly declared…however…(PWC Survey)
![Page 13: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/13.jpg)
Verizon Global Breach Statistics
70 contributing organisations;
CERT UK, CERT EU, US Secret Service, A.F.P
61 countries represented;
U.K, U.S.A, Japan
70% of attacks included a secondary victim
Hackers gain access to a secure environment via a less secure environment
![Page 14: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/14.jpg)
Phishing Breach Acceleration
82
90%
seconds from start of
phishing attack to first bite
chance or greater that at
least 1 person will become
the phishing criminals prey
Verizon Breach Report 2015
![Page 15: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/15.jpg)
Aberdeen Group Report
Want to significantly reduce your organisation’s IT
security-related risks?
Before-and-after click rates show that investment in
user awareness and training reduces infections
(breaches) from user behaviour by…
www.Aberdeen.com: The last mile in IT security – Changing User Behaviours Oct 2014
- Change the behaviour of your end-users
45% to 70%
![Page 16: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/16.jpg)
Vulnerabilities Growth Rate
National Institute of Standards and Technology US Dept of Commerce Feb 2015
![Page 17: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/17.jpg)
Cyber-Security Environment
9 Threat Platforms listed; from the Internet of Things to
BOTS, 4 of these 9 platforms identified for phishing attacks
3 Security “Effect” levels;
Harden Defences,
Enhance Detection,
Reduce Impact
20 Priorities; From Inventory of Authorised and
Unauthorised devices to Penetration Testing
Use simulated attacks to improve readiness: Conduct regular internal and external penetration tests that mimic an attack
The Council on Cybersecurity - 20 Critical Security Controls…http://www.counciloncybersecurity.org
![Page 18: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/18.jpg)
Why Phish5
On demand scalability in a highly secure, cloud service
Developed by a dedicated team lead by respected
international cyber-security consultants
Campaigns executed by customer or business partner
Ease-of-use by non-technical people
![Page 19: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/19.jpg)
Why Phish5
Rapid phishing attack simulation = Pro-Active
Immediate management awareness leads to
training & other remedial action
Enhances existing security immediately
Highly competitive pricing - Great value for money
Global customers’ experiences in both the publicand private sectors
![Page 20: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/20.jpg)
Phish5 Features
MS Office Macro based campaigns:
Know which users open attached Office documents &enabled macros
Campaign Scheduling:
One or many campaigns in staggered launchesSchedule campaigns’ launching to the second
Mx Over-ride:Bypass message filtering provider such as Mimecast& Messagelabs
![Page 21: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/21.jpg)
Phish5 Features cont.
PDF reporting:
Flexible PDF reporting at the click of a button having the ability to fine-grain reports
User management:
Easily tag and target groups of users e.g. HR, Sales, Legal, Management, Divisions, Branches, Regions
Anonymous Campaigns: Know the number of users that were caught, with all
of the supporting campaign info, without identifying individual users
![Page 22: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/22.jpg)
Phish5 Features cont.
Template options: HTTPS-based phishing sites DKIM backed sender domainsDifferent lures for different user groups
Staggered Delivery:Avoid alerting through every office phone beeping at once
Browser and plug-in vulnerabilities:Interrogates the status of each client-side machine attacked and reports by vendor/product and release
![Page 23: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/23.jpg)
Phish5 – Example Pie Charts
Vulnerable browser distribution
Vulnerable plug-indistribution
![Page 24: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/24.jpg)
Activity Monitoring & Reporting
Real-time Dashboard
10 users - opened attachments
50 users - provided credentials
49 users - vulnerable to browser or plugins issues
7 users - been previously phished
Summary and Detail reporting
Statistical graphs and charts
![Page 25: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/25.jpg)
Activity Monitoring & Reporting
![Page 26: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/26.jpg)
Code build; development
&
on-going maintenance
costs, people dependency
Phish5 research and development
costs spread over multiple users
globally, cross-industry experiences
Skilled knowledge
typically required for
changing attack profiles
Industry recognised templates with
easily customisable lures or
messages
Attack execution needs
skilled staff availability
Immediate availability – you execute
when you wish as often as you wish
Quantifiable campaign measurements
with comprehensive reporting
Unique / In House Phish5 Package
![Page 27: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/27.jpg)
Free Assessment.
To all participants in today’s Kingston Smith Cyber Event
We are pleased to offer a free, 50 email user account
From a single 50 email anonymous “baseline”
campaign to a number of smaller campaigns –
your choice
Test the Phish5 range of options – your choice
Register interest at
https://phish5.com/enquiries
Insert words “KS Cyber Event” in the Message
block
![Page 28: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/28.jpg)
Empowering the Human Element within the Security Eco-system…..
Thank you.Ray [email protected]://phish5.com
![Page 29: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/29.jpg)
Cyber Threat WorkshopThe data breach – it’s no longer if, but when!
![Page 30: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/30.jpg)
Dimension Data today
2014 global
revenues of
USD 6.7
billion
72% of Global Fortune 100 and
60% of Global Fortune 500
are Dimension Data clients
Client-centric,
services-focused
business
Extensive experience in
emerging
markets
Over 28,000 employees
with operations in
58 countries
across 5 regions
Over
6,000enterprise clients
across all
industry sectors
![Page 31: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/31.jpg)
Enabling Robust Protection for the
Next Generation Data Centre
Used properly, it can be transformed into knowledge for guiding
strategy, making key business decisions and managing day-to-day
operations
Digital information is the lifeblood of every modern organisation
![Page 32: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/32.jpg)
accelerate your ambition 32
Applications
& Infrastructure
Data Centre transformation that we are in today…
Site Selection
DC Design
DC BuildRelocation
Optimize & Consolidate
Applications
& Infrastructure
Managed and Operate
Public
Private
Data Centre
IT supporting Business Applications and Infrastructure
Business
Applications
Public
SAAS
Business
Data Centre
Data Centre operating model aligning to business
Applications
&
Infrastructure
Co-locate
![Page 33: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/33.jpg)
Governance
Architecture principle
and model
N-tier architecture
Service-oriented
architecture
Virtualised security
SaaS
Security
architecture
Strategy
Role and
responsibility
Risk management
Legal and regulatory
Compliance
Policy
Security operation
Change
management
Incident
management
Configuration
and asset
management
Forensics
investigation
Event
monitoring and
management
Application security
Internet
facing web
server
Data
warehouseEmail
Identity
manage-
ment
Instant
messaging
Data
encryptionSSO
Server and endpoint security
Antivirus and
HIPS
Patch
managementDLP Wireless
Vulnerability
managementDLP
Perimeter and infrastructure
Network
security
Virtualised
F/W and
IPS
Network
admission
control
WirelessNetwork
antivirus
Web
gateway
solutions
DLP
Virtualised IT platform
Application platforms Collaboration Assess management
AuthenticationServer and endpoint
Private cloud Public cloud Hybrid cloud
Heightened threat
potential
► Potential hackers
► State- and corporation-
sponsored
► Highly targeted attacks
![Page 34: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/34.jpg)
accelerate your ambition 34
Enterprise Security Architecture Layers
Contextual
Architecture
Conceptual
Architecture
Logical
Architecture
Physical
Architecture
Component
Architecture
Operational
Architecture
The business, its assets to be protected and business needs for information security.
(Business assets, goals, objectives and initiatives)
The importance of protection translated into control objectives derived from risk analysis.
(Security domains, accountability/responsibility, frameworks/strategies, risk appetite)
Security requirements, translated into technical and non-technical controls.
(Information assets, domain policies, information flows and associations)
The physical interpretation of policies per domain to protect information assets.
(Applications, systems, security mechanisms, host platforms, layout and networks)
The necessary components to enable the physical protection of information assets.
(Security products, tools, protocols, identities, nodes, addresses and locations)
The assurance of operational continuity, efficiency and excellence.
(Risk assessments, auditing, reviews, support and management)
In our Policy Driven Security Architecture Approach we consider all layers of Enterprise Security Architecture
![Page 35: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/35.jpg)
Data Centre Development Model | Overview
Spanning 11 Domains
Next-generation desktop and enterprise mobilityMaturity
Business
Aligned
Service-based
Automated
Standardised
Basic
Data Centre Architecture
Service Architecture
Virtualisation Platform
Storage
Platform
Compute
Platform
Security
Platform
Network
Platform
Data Centre
Interconnect
Cloud
Services
Facilities
Security Architecture
Applications and workloads
![Page 36: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/36.jpg)
Gain Insight
Data Centre Development Model | Process
Assess MaturityBest practices
and roadmap
Identify where to start,
what to do next, key
internal actions on
skills, partnerships
Discovery of data
centre on
infrastructure,
operations,
organisation and
strategy
Understand client
maturity from an ‘as-is
and ‘to-be’ perspective
based on stated
business outcomes
Understand clients
business needs, data
centre overview,
terminology,
approaches, industry
trends, standards, etc.
![Page 37: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/37.jpg)
What we deliver to clients - intelligent security
PROTECTIONTo architect, build,
implement, integrate and
maintain the correct policy,
process and architecture
for a robust, reliable
security posture
VISIBILITYTo qualify and quantify
actual threats and remove
the cloud of uncertainty, fear
and doubt
AWARENESSTo have knowledge of and remain ahead of the
constantly evolving threat landscape
AGILITYTo embrace new and innovative ways to do
business (mobility, cloud, ITO) while protecting
their assets, information and brand reputation
Managed Services
Consulting
Security Policy
IT Governance Risk and Compliance
Vulnerability Management
En
d P
oin
t
Pro
tectio
n
Netw
ork
&
Data
Cen
tre
Pro
tectio
n
Ap
plic
ation
Pro
tectio
n
Data
Pro
tectio
n
Security Monitoring
![Page 39: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/39.jpg)
Cyber Threat WorkshopThe data breach – it’s no longer if, but when!
![Page 40: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/40.jpg)
Data Centric Security
What’s wrong and what to do about it
Mike Shanahan
Regional Sales Manager
Albert Dolan
Senior Systems Engineer, EMEA
![Page 41: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/41.jpg)
IT’s Dirty Little Secret
30+
100%
1
Years super users have been managing our
servers, their configurations, and data.
Percent of data that super users have access to
in the systems they manage.
Number of compromised users required to cause
havoc.
![Page 42: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/42.jpg)
Why is privilege so important?
![Page 43: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/43.jpg)
Threat Protection – Transparent
Encryption
Application/Utility
Database
FS Agent
Storage
File Systems
VolumeManagers
Storage
Valid Users
DBAsSysAdmin
s
Outsourced/Cloud Admins
Storage Admins
Disk Theft/ Negligence
Storage
APT
![Page 44: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/44.jpg)
New TechnologiesOffer Business Advantage …. But come with additional risks
Cloud
Big Data
Flexibility
Cost efficiency
Deep customer profiling and relationships
Business trend analysis and correlations
New RisksBusiness Advantage
Higher Data Breach Risk
Data Residency/Privacy
Compliance violations
Sensitive data is everywhere
Reports and results
![Page 45: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/45.jpg)
What if …You could use cloud IaaS without enhanced data breach risk?
VPN Link
Enterprise Data Center Environment
Policies &Logs
Keys
Encryption and Access Control - only the enterprise has access to their data
Data access logs – provide audit and insight into enterprise data access patterns
Data cannot be legally compelled from the cloud provider
Management Appliance or Software
Data Access Policy and Encryption Key
management
![Page 46: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/46.jpg)
What if …You could use cloud and still meet Data Residency/Privacy requirements?
UK – Local encryption key management
Germany & Spain
• Local encryption key management for all data
• Tokenize PII … Private Information never leaves the countryFrance – Local
encryption key management
![Page 47: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/47.jpg)
What if …You could use SaaS Storage without risk of data exposure?
Give users access to cloud storage environments – retain local control of data
Data access by policy … All data encrypted before it leaves the enterprise
Audit Data/Access logs
Personal Computers
Mobile Devices
Servers Cloud Encryption Gateway
Enterprise Premise Cloud Storage
DSM
…
![Page 48: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/48.jpg)
What if …Big Data environments were safe for data –inside and out?
Encryption, access controls, tokenization protect data from inside-out and outside-in
Data
Data source Analytics
Big Data
Reports
Dashboards
What if queries
Database
Datawarehouse
ERP
CRM
Audio video
Excel, CSV
Social media
Logs
Un
str
uctu
r
ed
Str
uctu
r
ed
Financial Data
Healthcare Data
Credit cards
Logs
PII
Error logsDisk cache Configuration
System logs
Encrypt at OS level and Tokenize or Encrypt within application
Protect with encryption + access controls + access monitoring at OS/File system level
Encrypt at OS level and Tokenize or Encrypt within application
![Page 49: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/49.jpg)
Vormetric Data Security Platform
Vormetric DSM
Vormetric Application Encryption
Vormetric Tokenization
Vormetric Transparent Encryption
Vormetric Cloud
Gateway
Vormetric Key Management
![Page 50: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/50.jpg)
![Page 51: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/51.jpg)
2015 Vormetric Insider Threat Report
HealthcareRetail Other EnterpriseFinancial Services
Polling by Harris
2015 VORMETRICINSIDER THREAT REPORT
818 IT DECISION MAKERSUS, UK, Germany, Japan, ASEAN
100%Enterprises:
$200M + US$100M + UK, Germany,
Japan, ASEAN
Analysis and Reporting by Ovum
![Page 52: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/52.jpg)
TOP IT SPENDING PRIORITIESCOMPLIANCE IS LAST FOR THE FIRST TIME
50% PREVENTING A DATA BREACH INCIDENT
44% PROTECTION OF CRITICAL IP
41% PROTECTION OF FINANCES AND OTHER ASSETS
32% FULFILLING REQUIREMENTS FROM CUSTOMERS, PARTNERS AND PROSPECTS
32% FULFILLING COMPLIANCE REQUIREMENTS AND PASSING AUDITS
DATABREACH
![Page 53: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/53.jpg)
A Word About Vormetric
VisionTo Secure the World’s Information
Customers1500+ Customers Across 21 Countries
17 of Fortune 30
15+ Cloud and Hosting Providers
Global PresenceGlobal Headquarters - San Jose, CA, USA
EMEA Headquarters - Reading, United Kingdom
APAC Headquarters - Singapore
Data-at-Rest Protection ProductsTransparent Encryption, Application-layer Encryption
Tokenization with Dynamic Data Masking
Cloud Encryption Gateway
Key Management
![Page 54: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/54.jpg)
Cyber Threat WorkshopThe data breach – it’s no longer if, but when!
![Page 55: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/55.jpg)
Lizzie Clitheroe11th June 2015
Cyber Security and the Application Layer
![Page 56: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/56.jpg)
57
Layered SecurityAnd then there
are the layers
within the
layer…
![Page 57: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/57.jpg)
58
The software ecosystem is
big, complex and insecure.
applications
PHP
ColdFusion
C/C++C#
iOS
AndroidBlackberry
Windows Mobile
Ruby
Java
ASP.net
VB.net
J2ME
Windows
LinuxSolaris
JSP
OPEN SOURCEOUTSOURCED
MOBILE
COMMERCIAL
SAAS
![Page 58: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/58.jpg)
59
Any application utilised in
the 21st century must be
able to operate in a hostile
environment.
+ of all attacks now
target the application layer
enterprises test all of their
business-critical applications.Source: Verizon DBIR & SANS
The Challenge
![Page 59: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/59.jpg)
60
Why are there so many application-layer attacks?
![Page 60: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/60.jpg)
61
The path of least resistance
1. Lowest Hanging Fruit
![Page 61: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/61.jpg)
62
2. Cobbled togetherHybrid code from in-house development, third-party libraries & open source
![Page 62: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/62.jpg)
63
3. Never-ending coding…..
Applications are continuously being updated
![Page 63: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/63.jpg)
64
4. Constant exposure to
cyber attackers
![Page 64: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/64.jpg)
65
Why is it Hard?
![Page 65: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/65.jpg)
66
1. Tug of War
Functionality Security
![Page 66: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/66.jpg)
67
2. Parlez-Vous Francais?
![Page 67: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/67.jpg)
68
> Start with a corporate website…
3. Proliferation of Applications
![Page 68: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/68.jpg)
69
> Then add divisional websites…
![Page 69: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/69.jpg)
70
> And brand-specific websites…
![Page 70: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/70.jpg)
71
> And so on… You get to a big number very quickly
![Page 71: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/71.jpg)
72
![Page 72: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/72.jpg)
73
Most organisations do not know their application inventory. Discover all your public-
facing applications and identify the most exploitable vulnerabilities.
1. Understand your Battlefield
Global Manufacturer needed visibility into
their risk posture across thousands of web
applications — both known and unknown.
Immediately examined 30,000 domain
names and IP addresses
Assessed 3,000 applications in 8 days
Reduced risk from critical and high
vulnerabilities by 79% in eight months
![Page 73: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/73.jpg)
74
Embrace automation and multi-technique testing solutions
which can deliver results at speed and scale.
2. Rapid Identification of Application Threats
Aerospace firm implemented multi-technique
testing across a geographically-distributed &
technologically- diverse landscape; including
Static Analysis, Web Perimeter Monitoring, Mobile
& Software Composition Analysis
Before program, 90% of 3rd-party apps had
OWASP Top 10 vulnerabilities
Assessed 2,900 internal apps and 250+ third-
party apps in 16 months
1.5M flaws fixed
![Page 74: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/74.jpg)
75
Coach developers in secure coding practices and get them working with application
security experts on how to rapidly prioritise and remediate vulnerabilities.
3. Invest in Your Developers
European Bank implements scalable application security
programme, improving SDLC security processes
Remediation coaching helping to bring nearly
100 applications into compliance with corporate
policies each quarter
2,300 developers scanning/reporting on security
vulnerabilities, with consistent set of policies
Automation reduced cost to identify exploitable
vulnerabilities by over 95%
![Page 75: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/75.jpg)
76
So Who Are These Veracode People?
Veracode – the most Visionary leader in the market at 2014
GARTNER
“Veracode offers scalable SaaS and tests tens of thousands of applications per year.”
GARTNER
3 of the 4 top banks – as well as 25+ of the world’s top 100 brands now trust in Veracode
Completeness of Vision
Abili
ty t
o E
xecute
![Page 76: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/76.jpg)
77
Vendor Application
SecurityDynamic Analysis
(DAST)
Web Application
Perimeter Monitoring
Mobile Application
Security
Binary Static
Analysis (SAST)
Single Cloud-
Based Platform
Application Security
Testing Services
![Page 77: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/77.jpg)
THANK YOU
![Page 78: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/78.jpg)
Cyber Threat WorkshopThe data breach – it’s no longer if, but when!
![Page 79: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/79.jpg)
© 2014 Cyberseer Private & Confidential
80
Andrew Tsonchev
T: 0203 823 9030W: www.cyberseer.net
@CyberseerNet
Darktrace Demo: http://goo.gl/hEAjaz
By Andrew Tsonchev
Lead Cyber Security Analyst
![Page 80: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/80.jpg)
Cyber Threat WorkshopThe data breach – it’s no longer if, but when!
![Page 81: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/81.jpg)
© Pentest Limited 2015. All rights reserved
Eye-Fi
Quick, convenient, secure?
![Page 82: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/82.jpg)
© Pentest Limited 2015. All rights reserved
Card
![Page 83: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/83.jpg)
© Pentest Limited 2015. All rights reserved
Camera
![Page 84: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/84.jpg)
© Pentest Limited 2015. All rights reserved
Subject
![Page 85: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/85.jpg)
© Pentest Limited 2015. All rights reserved
As if by magic
![Page 86: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/86.jpg)
© Pentest Limited 2015. All rights reserved
What’s inside
![Page 87: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/87.jpg)
© Pentest Limited 2015. All rights reserved
Pairing
![Page 88: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/88.jpg)
© Pentest Limited 2015. All rights reserved
Software install
![Page 89: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/89.jpg)
© Pentest Limited 2015. All rights reserved
Wi-Fi setup
![Page 90: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/90.jpg)
© Pentest Limited 2015. All rights reserved
Uh oh...
![Page 91: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/91.jpg)
© Pentest Limited 2015. All rights reserved
nmap
![Page 92: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/92.jpg)
© Pentest Limited 2015. All rights reserved
Subject
![Page 93: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/93.jpg)
© Pentest Limited 2015. All rights reserved
Wireshark
![Page 94: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/94.jpg)
© Pentest Limited 2015. All rights reserved
TCP stream
![Page 95: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/95.jpg)
© Pentest Limited 2015. All rights reserved
Public info
![Page 96: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/96.jpg)
© Pentest Limited 2015. All rights reserved
eyefi-client.py
![Page 97: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/97.jpg)
© Pentest Limited 2015. All rights reserved
Upload key
![Page 98: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/98.jpg)
© Pentest Limited 2015. All rights reserved
Imitating an Eye-Fi card
![Page 99: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/99.jpg)
© Pentest Limited 2015. All rights reserved
Process monitor
![Page 100: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/100.jpg)
© Pentest Limited 2015. All rights reserved
Experimenting
![Page 101: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/101.jpg)
© Pentest Limited 2015. All rights reserved
What happens?
![Page 102: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/102.jpg)
© Pentest Limited 2015. All rights reserved
Directory traversal
![Page 103: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/103.jpg)
© Pentest Limited 2015. All rights reserved
What happens?
![Page 104: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/104.jpg)
© Pentest Limited 2015. All rights reserved
What happens?
![Page 105: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/105.jpg)
© Pentest Limited 2015. All rights reserved
Malicious payload
![Page 106: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/106.jpg)
© Pentest Limited 2015. All rights reserved
Launch Eye-Fi Center
![Page 107: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/107.jpg)
© Pentest Limited 2015. All rights reserved
Pwned
![Page 108: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/108.jpg)
© Pentest Limited 2015. All rights reserved
Weaponise
![Page 109: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/109.jpg)
© Pentest Limited 2015. All rights reserved
Man in the middle
![Page 110: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/110.jpg)
© Pentest Limited 2015. All rights reserved
Finding the helper
![Page 111: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/111.jpg)
© Pentest Limited 2015. All rights reserved
• Protects file contents
• MD5 hash
• TCP checksum
Integrity digest
![Page 112: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/112.jpg)
© Pentest Limited 2015. All rights reserved
payload.asm
![Page 113: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/113.jpg)
© Pentest Limited 2015. All rights reserved
All inside 1kb
![Page 114: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/114.jpg)
© Pentest Limited 2015. All rights reserved
![Page 115: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/115.jpg)
© Pentest Limited 2015. All rights reserved
Vendor response
![Page 116: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/116.jpg)
© Pentest Limited 2015. All rights reserved
No mention of flaw
![Page 117: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/117.jpg)
© Pentest Limited 2015. All rights reserved
Questions
![Page 118: The data breach –it’s no longer if, but when! · Symantec Internet Security Threat Report Vol 20-2015 . Growing International Exposure +/-100 International Banks (est. losses](https://reader034.vdocument.in/reader034/viewer/2022042403/5f15d480e51a8f77eb4d27bb/html5/thumbnails/118.jpg)
Cyber Threat WorkshopThe data breach – it’s no longer if, but when!