the next breach target and how oracle can...
TRANSCRIPT
![Page 1: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/1.jpg)
The Next Breach Target and How Oracle can help
Ulf MattssonCTO, Protegrity
Ulf.Mattsson AT protegrity.com
![Page 2: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/2.jpg)
Working in Task Forces at Payment Card Industry Security Standards Council (PCI SSC):
1. PCI SSC Tokenization Task Force2. PCI SSC Encryption Task Force3. PCI SSC Point to Point Encryption Task Force4. PCI SSC Risk Assessment SIG5. PCI SSC eCommerce SIG6. PCI SSC Cloud SIG7. PCI SSC Virtualization SIG8. PCI SSC Pre-Authorization SIG9. PCI SSC Scoping SIG Working Group 2
10. PCI SSC 2013 – 2014 Tokenization Task Force (TkTF)
Ulf Mattsson & PCI Data Security Standards
2
![Page 3: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/3.jpg)
3
![Page 4: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/4.jpg)
Mary Ann Davidson, Chief Security Officer, Oracle Corporation
4
![Page 5: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/5.jpg)
5
![Page 6: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/6.jpg)
Target Data Breach, U.S. Secret Service & iSIGHT
Target CIO Beth Jacob
resigned
6
![Page 7: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/7.jpg)
$ Data Protection Breach Detection $
Regulatory$ Compliance
BigData $
Cyber Insurance $
Threat Landscape
7
![Page 8: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/8.jpg)
Threat Landscape
$ Data Protection Breach Detection $
Regulatory$ Compliance
BigData $
Cyber Insurance $
8
![Page 9: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/9.jpg)
THE CHANGING THREAT LANDSCAPE
How have the methods of attack shifted?
9
![Page 10: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/10.jpg)
The 2014 Verizon Data Breach Investigations Report
Source: searchsecurity.techtarget.com/news/2240215422/In-2014-DBIR-preview-Verizon-says-data-breach-response-gap-widening
The 2014 DBIR is expected to be released this spring
10
![Page 11: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/11.jpg)
Security Improving but We Are Losing Ground
11
![Page 12: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/12.jpg)
360 million email accounts 1.25 billion email addresses without passwords105 million records were stolen in a single data breachThe email addresses came from
• All the major providers, including Google, Microsoft and Yahoo.
• Non-profit organizations • Almost all Fortune 500 companies were affected by the
attacks• Some have not made their security breaches public
According to the cybersecurity firm Hold Security LLC
The Biggest Cyber Attack Detected in Feb 2014
12
![Page 13: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/13.jpg)
Source: mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf
New Malware
13
![Page 14: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/14.jpg)
Source: mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf
Total Malicious Signed Malware
15
![Page 15: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/15.jpg)
Targeted Malware Topped the Threats
62% said that the pressure to protect from data breaches also increased over the past year.
Source: 2014 Trustwave Security Pressures Report
16
![Page 16: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/16.jpg)
US and Canada - Targeted Malware Top Threat
In the United States and Canada, targeted malware was the top threat IT pros felt pressured to secure against, and in the U.K. and Germany, the top threat was phishing/social engineering. Respondents in each country surveyed said viruses and worms caused the lowest pressure.
Source: 2014 Trustwave Security Pressures Report
17
![Page 17: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/17.jpg)
Report: “Recent Cyber Intrusion Events Directed Toward Retail Firms”
FBI uncovered 20 cyber attacks against retailers in the past year that utilized methods similar to Target incident
"We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms' actions to mitigate it."
Source: searchsecurity.techtarget.com/news/2240213143/FBI-warns-of-memory-scraping-malware-in-wake-of-Target-breach
Fallout – FBI Memory-Scraping Malware Warning
18
![Page 18: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/18.jpg)
Data Loss Worries IT Pros Most
Source: 2014 Trustwave Security Pressures Report
19
![Page 19: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/19.jpg)
July 2012 - June 2013: 74 targeted cyber attacks/day• #1: Government/Public sector – 25.4%• #2: Energy sector - 16.3%
Oct. 2012 - May 2013: The U.S. government's Industrial Control Systems Cyber Emergency Response Team responded to more than 200 incidents — 53% aimed at the energy sector.So far, there have not been any successful catastrophic attacks on the US energy grid, but there is ongoing debate about the risk of a "cyber Pearl Harbor" attack.
Source: www.csoonline.com/article/748580/energy-sector-a-prime-target-for-cyber-attacks
Energy Sector a Prime Target for Cyber Attacks
20
![Page 20: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/20.jpg)
UK Energy Companies Refused Insurance
www.itproportal.com/2014/02/27/uk-energy-companies-refused-insurance-due-to-inadequate-cyber-defences/#ixzz2ud7g2hmO
21
![Page 21: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/21.jpg)
$ Data Protection Breach Detection $
Regulations$ & Compliance
BigData $
Cyber Insurance $
Threat Landscape
22
![Page 22: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/22.jpg)
http://www.strategic-risk-global.com/popularity-of-cyber-insurance-increases-five-fold-in-eight-years/1407324.article
Cyber Insurance Increases 5x Globally
76%(up 19%)
Companies view on cyber risk
23
![Page 23: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/23.jpg)
Organizations worldwide are not "sufficiently protected" against cyber attackCyber attack fallout could cost the global economy $3 trillion by 2020The report states that if "attackers continue to get better more quickly than defenders," as is presently the case, "this could result in a world where a 'cyberbacklash' decelerates digitization."
Cyber Attacks are a Real and Growing Threat
Source: McKinsey report on enterprise IT security implications released in January 2014.
24
![Page 24: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/24.jpg)
TARGET DATA BREACH
What can we learn from the Target breach?
25
![Page 25: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/25.jpg)
Memory Scraping Malware – Target Breach
Web Server
Payment CardTerminal
Point Of Sale Application
Memory Scraping Malware
Authorization,Settlement
…
Russia
26
![Page 26: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/26.jpg)
Credentials were stolen from Fazio Mechanical in a malware-injecting phishing attack sent to employees of the firm by email
• Resulted in the theft of at least 40 million customer records containing financial data such as debit and credit card information.
• In addition, roughly 70 million accounts were compromised that included addresses and mobile numbers.
The data theft was caused by the installation of malware on the firm's point of sale machines
• Free version of Malwarebytes Anti-Malware was used by Target
The subsequent file dump containing customer data is reportedly flooding the black market
• Starting point for the manufacture of fake bank cards, or provide data required for identity theft.
Source: Brian Krebs and www.zdnet.com/how-hackers-stole-millions-of-credit-card-records-from-target-7000026299/
How The Breach at Target Went Down
27
![Page 27: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/27.jpg)
It’s not like other businesses are using some special network security practices that Target
doesn’t know about.
They just haven’t been hit yet.
No number of traps, bars, or alarms will keep out the determined thief.
28
![Page 28: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/28.jpg)
$ Data Protection Breach Detection $
Regulations$ & Compliance
BigData $
Cyber Insurance $
Threat Landscape
29
![Page 29: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/29.jpg)
THINKING LIKE A HACKER
How can we shift from reactive to proactive thinking?
30
![Page 30: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/30.jpg)
What if a Social Security number or
Credit Card Number in the Hands of a Criminal
was Useless?
31
![Page 31: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/31.jpg)
TURNING THE TIDEWhat new technologies and techniques can be used to prevent future attacks?
32
![Page 32: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/32.jpg)
Coarse Grained Security• Access Controls• Volume Encryption• File Encryption
Fine Grained Security• Access Controls• Field Encryption (AES & )• Masking• Tokenization• Vaultless Tokenization
Evolution of Data Security Methods
Time
33
![Page 33: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/33.jpg)
Old and flawed:Minimal access levels so people can only carry out their jobs
Access Control
34
AccessPrivilege
Level
Risk
IHigh
ILow
High –
Low –
![Page 34: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/34.jpg)
Applying the Protection Profile to the
Structure of each Sensitive Data Fields allows for
a Wider Range of Granular Authority Options
35
![Page 35: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/35.jpg)
AccessPrivilege
Level
Risk
IHigh
ILow
High –
Low –
Old:Minimal access levels – Least
Privilege to avoid high risks
New :Much greater flexibility and
lower risk in data accessibility
The New Data Protection - Tokenization
36
![Page 36: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/36.jpg)
Reduction of Pain with New Protection Techniques
1970 2000 2005 2010
High
Low
Pain& TCO
Strong EncryptionAES, 3DES
Format Preserving EncryptionDTP, FPE
Vault-based Tokenization
Vaultless Tokenization
Input Value: 3872 3789 1620 3675
!@#$%a^.,mhu7///&*B()_+!@
8278 2789 2990 2789
8278 2789 2990 2789
Format Preserving
Greatly reduced Key Management
No Vault
8278 2789 2990 2789
37
![Page 37: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/37.jpg)
Research Brief
Tokenization Gets TractionAberdeen has seen a steady increase in enterprise use of tokenization for protecting sensitive data over encryptionNearly half of the respondents (47%) are currently using tokenization for something other than cardholder dataOver the last 12 months, tokenization users had 50% fewer security-related incidents than tokenization non-users
Source: http://www.protegrity.com/2012/08/tokenization-gets-traction-from-aberdeen/
38
![Page 38: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/38.jpg)
I
Format
Preserving
Encryption
Security of Different Protection Methods
I
Vaultless
Data
Tokenization
I
AES CBC
Encryption
Standard
I
Basic
Data
Tokenization
39
High
Low
Security Level
![Page 39: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/39.jpg)
Fine Grained Data Security Methods
40
Tokenization and Encryption are Different
Used Approach Cipher System Code System
Cryptographic algorithmsCryptographic keys
Code booksIndex tokens
Source: McGraw-HILL ENCYPLOPEDIA OF SCIENCE & TECHNOLOGY
TokenizationEncryption
![Page 40: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/40.jpg)
10 000 000 -
1 000 000 -
100 000 -
10 000 -
1 000 -
100 -
Transactions per second*
I
Format
Preserving
Encryption
Speed of Different Protection Methods
I
Vaultless
Data
Tokenization
I
AES CBC
Encryption
Standard
I
Vault-based
Data
Tokenization
*: Speed will depend on the configuration
41
![Page 41: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/41.jpg)
Different Tokenization Approaches
Property Dynamic Pre-generated Vaultless
Vault-based
42
![Page 42: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/42.jpg)
$ Data Protection Breach Detection $
Regulations$ & Compliance
BigData $
Cyber Insurance $
Threat Landscape
43
![Page 43: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/43.jpg)
Type ofData
Use Case
IStructured
How Should I Secure Different Data?
IUn-structured
Simple –
Complex –
PCI
PHI
PII
Encryption of Files
CardHolder Data
Tokenization of Fields
ProtectedHealth
Information
44
Personally Identifiable Information
![Page 44: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/44.jpg)
Examples: De-Identified Sensitive Data Field Real Data Tokenized / Pseudonymized
Name Joe Smith csu wusoj
Address 100 Main Street, Pleasantville, CA 476 srta coetse, cysieondusbak, CA
Date of Birth 12/25/1966 01/02/1966
Telephone 760-278-3389 760-389-2289
E-Mail Address [email protected] [email protected]
SSN 076-39-2778 076-28-3390
CC Number 3678 2289 3907 3378 3846 2290 3371 3378
Business URL www.surferdude.com www.sheyinctao.com
Fingerprint Encrypted
Photo Encrypted
X-Ray Encrypted
Healthcare / Financial Services
Dr. visits, prescriptions, hospital stays and discharges, clinical, billing, etc.Financial Services Consumer Products and activities
Protection methods can be equally applied to the actual data, but not needed with de-identification
45
![Page 45: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/45.jpg)
USA law, originally passed in 1996Defines “Protected Health Information” (PHI)Updated by the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009Most recently, the Omnibus final rule came into effect September 2013Now requires both organizations that handle PHI and their business partners to protect sensitive information
Health Information Portability and Accountability Act (HIPAA)
46
![Page 46: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/46.jpg)
1. Names2. All geographical subdivisions
smaller than a State3. All elements of dates (except
year) related to individual4. Phone numbers5. Fax numbers6. Electronic mail addresses7. Social Security numbers8. Medical record numbers9. Health plan beneficiary
numbers10. Account numbers
11. Certificate/license numbers12. Vehicle identifiers and serial
numbers13. Device identifiers and serial
numbers14. Web Universal Resource Locators
(URLs)15. Internet Protocol (IP) address
numbers16. Biometric identifiers, including
finger prints17. Full face photographic images 18. Any other unique identifying
number
US Heath Information Portability and Accountability Act – HIPAA
47
![Page 47: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/47.jpg)
$ Data Protection Breach Detection $
Regulations$ & Compliance
BigData $
Cyber Insurance $
Threat Landscape
48
![Page 48: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/48.jpg)
THE CHANGING TECHNOLOGY LANDSCAPE
What effect, if any, does the rise of “Big Data” have on breaches?
49
![Page 49: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/49.jpg)
Holes in Big Data…
Source: Gartner
50
![Page 50: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/50.jpg)
Many Ways to Hack Big Data
Hackers& APT
RoguePrivileged
Users
UnvettedApplications
OrAd Hoc
Processes
51
![Page 51: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/51.jpg)
Many Ways to Hack Big Data
Source: http://nosql.mypopescu.com/post/1473423255/apache-hadoop-and-hbase
HDFS(Hadoop Distributed File System)
MapReduce(Job Scheduling/Execution System)
Hbase (Column DB)
Pig (Data Flow) Hive (SQL) Sqoop
ETL Tools BI Reporting RDBMS
Avro
(Ser
ializ
atio
n)
Zook
eepe
r (C
oord
inat
ion)
Hackers
PrivilegedUsers
UnvettedApplications
OrAd Hoc
Processes
52
![Page 52: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/52.jpg)
Big Data (Hadoop) was designed for data access, not securitySecurity in a read-only environment introduces new challengesMassive scalability and performance requirementsSensitive data regulations create a barrier to usability, as data cannot be stored or transferred in the clearTransparency and data insight are required for ROI on Big Data
Big Data Vulnerabilities and Concerns
53
![Page 53: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/53.jpg)
BIG DATAProtecting the data flow
&Catching attackers
54
![Page 54: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/54.jpg)
$ Data Protection Breach Detection $
Regulations$ & Compliance
BigData $
Cyber Insurance $
Threat Landscape
55
![Page 55: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/55.jpg)
Oracle’s Big Data Platform
123456 123456 1234
123456 999999 1234
056
![Page 56: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/56.jpg)
Tokenization Reducing Attack Surface
123456 123456 1234
Tokenization on Each Node
57
![Page 57: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/57.jpg)
$ Data Protection Breach Detection $
Regulations$ & Compliance
BigData $
Cyber Insurance $
Threat Landscape
58
![Page 58: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/58.jpg)
Current Breach Discovery Methods
Verizon 2013 Data-breach-investigations-report & 451 Research
59
![Page 59: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/59.jpg)
Use Big Data to Analyze Abnormal Usage Pattern
Web Server
Payment CardTerminal
Point Of Sale Application
Memory Scraping Malware
Authorization,Settlement
…
Russia
Big Data
Analytics?
![Page 60: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/60.jpg)
You must assume the systems will be breached. Once breached, how do you know you've been compromised?You have to baseline and understand what 'goodness' looks like and look for deviations from goodnessMcAfee and Symantec can't tell you what normal looks like in your own systems. Only monitoring anomalies can do thatMonitoring could be focused on a variety of network and end-user activities, including network flow data, file activity and even going all the way down to the packets
Source: 2014 RSA Conference, moderator Neil MacDonald, vice president at Gartner
CISOs say SIEM Not Good for Security Analytics
61
![Page 61: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/61.jpg)
$ Data Protection Breach Detection $
Regulations$ & Compliance
BigData $
Cyber Insurance $
Threat Landscape
62
![Page 62: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/62.jpg)
Open Security Analytics Framework & Big Data
Source: Emc.com/collateral/white-paper/h12878-rsa-pivotal-security-big-data-reference-architecture
Enterprise Data Lake
63
![Page 63: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/63.jpg)
ConclusionsWhat happened at Target?
• Modern customized malware can be very hard to detect• They were compliant, but not secure
Changing threat landscape & challenges to secure data: • Attackers are looking for not just payment data – a more serious problem. • IDS systems are lacking context needed to catch data theft • SIEM detection is too slow in handling large amounts of events.
How can we prevent what happened to Target and the next attack against our sensitive data?
• Assume that we are under attack - proactive protection of the data itself • We need to analyze event information and context to catch modern attackers • The Oracle Big Data Appliance can provide the foundation for solving this problem
64
![Page 64: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/64.jpg)
Protegrity Summary
Proven enterprise data security software and innovation leader
• Sole focus on the protection of data
• Patented Technology, Continuing to Drive Innovation
Cross-industry applicability• Retail, Hospitality, Travel and
Transportation• Financial Services, Insurance,
Banking• Healthcare• Telecommunications, Media and
Entertainment• Manufacturing and Government
65
![Page 65: The Next Breach Target and How Oracle can helpnyoug.org/wp-content/uploads/2014/03/Mattsson_Next-Target.pdf · 360 million email accounts 1.25 billion email addresses without passwords](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd3dd10708a73477478889e/html5/thumbnails/65.jpg)
Thank you!Questions?
Please contact us for more informationhttp://www.protegrity.com/news-resources/collateral/
Ulf.Mattsson AT protegrity.com