Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright 2013 SSH Communications Security How to Prevent Data Loss and Monitor Your Encrypted Networks Samuli Siltanen VP, EMEA SSH Communications Security.

Published byMarvin Arington Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright 2013 SSH Communications Security How to Prevent Data Loss and Monitor Your Encrypted Networks Samuli Siltanen VP, EMEA SSH Communications Security."— Presentation transcript:

1 Copyright 2013 SSH Communications Security How to Prevent Data Loss and Monitor Your Encrypted Networks Samuli Siltanen VP, EMEA SSH Communications Security samuli.siltanen@ssh.com

2 Copyright 2013 SSH Communications Security What we will cover today… About SSH Communications Security What are the problems in encrypted environments What are the business drivers to act? Introducing CryptoAuditor

3 Copyright 2013 SSH Communications Security Quick Facts We are the inventors of the SSH protocol Listed in NASDAQ OMX Helsinki (SSH1V) 50+ patents in various countries One of the most widely used protocols in the world with millions of deployments worldwide Over 3,000 customers worldwide including 7 of the Fortune 10 Boston, USA Germany Helsinki, Finland (HQ) Hong Kong UK = SSH Office = SSH Competence Center

4 Copyright 2013 SSH Communications Security Why SSH? We know SSH: –Many of world’s largest enterprises depend on our 24x7 support. –Manageability for large environments with tens of thousands of SSH Servers & Clients. –z/OS, Solaris, Windows, Unix, Oracle, Linux, etc., for us: one SSH –Enterprise features: x509 support, group & policy based SSH connection control, …

5 Copyright 2013 SSH Communications Security Some of Our Customers Energy & Utilities Government Financial Retail Healthcare 5

6 Copyright 2013 SSH Communications Security

7 Key customer and market challenges How to ensure compliance with regulations and security standards, such as PCI-DSS? How to audit and control internal and external privileged users’ activities ? How to enable visibility, auditing, alerts, and intrusion and data loss prevention also for encrypted connections? How to enable external users’ access (contractors, outsourced IT, maintenance providers) with proper and efficient auditing and control?

8 Copyright 2013 SSH Communications Security Encryption vs. Visibility Paradox Typical enterprise data flows: – Internal to Internal – Internal to External – External to Internal Encryption means losing visibility to the content of the traffic! External users, hosted and cloud environments Management network Workstation networks Servers and network devices IPS/DLP SIEM IdM How to trace and audit users’ commands and activities? How to inspect and analyze incoming and outgoing data flows ? Fj3()54kj(r¤/Diw IR383EW/3#)k)” #(#(¤¤#)”)mjvc mfis(34j348fR)# Fj3()54kj(r¤/Diw IR383EW/3#)k)” #(#(¤¤#)”)mjvc mfis(34j348fR)# Fj3()54kj(r¤/Diw IR383EW/3#)k)” #(#(¤¤#)”)mjvc mfis(34j348fR)#

9 Copyright 2013 SSH Communications Security COMPLIANCE PCI-DSS req. 10 – Track and monitor all access to network resources and cardholder data SOX section 404, req. 1.1 – Monitoring database access by privileged users ISO 27001, A.10.10 – Monitoring objective: To detect unauthorized information processing activities. HIPAA 164-312: – Record and examine activity in information systems that contain or use EPHI

10 Copyright 2013 SSH Communications Security COMPLIANCE: MAS MTR 7.3 Incident and Security Incident Management 7.3.10 FIs should perform a root cause and impact analysis for major incidents which result in severe disruption of IT services 9.1 Data Loss Prevention 9.1.2 The FI should develop a comprehensive data loss prevention strategy to protect sensitive or confidential information..: Data at endpoint, Data in Motion, Data at rest 9.6 Security Monitoring 9.6.1 To facilitate prompt detection of unauthorized or malicious activities by internal and external parties, the FI should establish appropriate security monitoring systems and processes. 9.6.4 The FI should perform real-time monitoring of security events for critical systems and applications 11.1 User Access Management 11.1.2 Personnel from vendors, service providers or consulting firms.... FI should subject these external employees to close supervision, monitoring and access restrictions similar to those expected of its own staff. 11.2 Privileged Access Management 11.2.3 The FI should closely supervise staff with elevated system access entitlements and have all their systems activities logged and reviewed

11 Copyright 2013 SSH Communications Security CryptoAuditor TM SSH CryptoAuditor - Privileged user access control and audit ”on-the-wire”:  No sign-in portals  No client or hosts agents to control access or gather audit trail Optical Character Recognition (OCR) to index and inspect session activities Audiovisual audit trail of administrative sessions On-the-fly (invisible) access control

12 Copyright 2013 SSH Communications Security CryptoAuditor TM Inline, agentless, on-the-fly and invisible secure shell DLP and audit capabilities Centralized visibility for remote systems access Integration into existing DLP, IDS, SIEM Centralized key importation capabilities – enabling invisible user operation No changes to user experience or need to operate through a bastion server

13 Copyright 2013 SSH Communications Security Provided Reports Real AD user identity Destination server identity Video playback of session Intermediate host Target host Record entire session and all identities, from peer to target hosts.

14 Copyright 2013 SSH Communications Security Provided Reports Inspect session manually or run periodic scans and reports. Look in all reported sessions (with Optical Character Regocnition) for: ”Login*” OR ”restart” OR ”660001*” Look in all reported sessions (with Optical Character Regocnition) for: ”Login*” OR ”restart” OR ”660001*”

15 Copyright 2013 SSH Communications Security Provided Reports Create periodically run scans and reports. Keyword 660001* found in RDP session, within a clipboard copy command == data i.e. copied from hel-ts01.ncsd.corp host to client desktop. Keyword 660001* found in RDP session, within a clipboard copy command == data i.e. copied from hel-ts01.ncsd.corp host to client desktop. Session playback opens a timeline with timestamps of found occurences. Session playback opens a timeline with timestamps of found occurences. Results can be downloaded as CSV, or saved as a periodically run scan and results emailed as CSV or displayed as a graph. Results can be downloaded as CSV, or saved as a periodically run scan and results emailed as CSV or displayed as a graph.

16 Copyright 2013 SSH Communications Security Integration to DLP Systems Data Loss Prevention systems cannot inspect SFTP or SSH traffic Stop data loss in real time with transparent CryptoAuditor deployment and seamless integration to DLP system CryptoAuditor Hound sends unencrypted traffic to DLP server via standard ICAP protocol for further inspection It depends on the DLP server what will be done to the inspected packets/connections Close the connection Raise alerts… SSH or SFTP Unencrypted (over ICAP) Client Server Hound Vault Trails Response DLP (ICAP) server

17 Copyright 2013 SSH Communications Security Replay Administrator Activity Ability to view the audit trail as a video stream, both terminal and graphical connections No need for additional applications, video streams directly through web-browser

18 Copyright 2013 SSH Communications Security Thank You! Samuli Siltanen VP, EMEA SSH Communications Security samuli.siltanen@ssh.com

Download ppt "Copyright 2013 SSH Communications Security How to Prevent Data Loss and Monitor Your Encrypted Networks Samuli Siltanen VP, EMEA SSH Communications Security."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Network Systems Sales LLC

Network Systems Sales LLC
BalaBit Shell Control Box

BalaBit Shell Control Box
By HAIDER I MOHSIN Securing Confidential Data with Data Loss Prevention Systems.

By HAIDER I MOHSIN Securing Confidential Data with Data Loss Prevention Systems.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Privileged Account Management Jason Fehrenbach, Product Manager.

Privileged Account Management Jason Fehrenbach, Product Manager.
USER ACTIVITY MONITORING: YOUR MISSING SECURITY VANTAGE POINT Presented by Matt Zanderigo.

USER ACTIVITY MONITORING: YOUR MISSING SECURITY VANTAGE POINT Presented by Matt Zanderigo.
Www.tectia.com COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
Solutions & Services to ‘Multiply your Business Performance’ 2013.

Solutions & Services to ‘Multiply your Business Performance’ 2013.
ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.

ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Security Controls – What Works

Security Controls – What Works
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
BUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATION’S MOST CRITICAL ASSETS.

BUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATION’S MOST CRITICAL ASSETS.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Similar presentations

Ads by Google