Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2010 Verizon. All Rights Reserved. PTE14626 07/10 2011 DBIR.

Published byClarissa Welch Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2010 Verizon. All Rights Reserved. PTE14626 07/10 2011 DBIR."— Presentation transcript:

1 © 2010 Verizon. All Rights Reserved. PTE14626 07/10 2011 DBIR

2 PROPRIETARY STATEMENT This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners.

3 Data Breach Investigations Report series http://verizonbusiness.com/databreach http://securityblog.verizonbusiness.com

4 2011 DBIR Contributors Verizon United States Secret Service Dutch National High Tech Crime Unit

5 Methodology: Collection and Analysis VERIS framework used to collect data after investigation Aggregate and anonymize the case data RISK Intelligence team provides analytics 630 threat events VERIS: https://verisframework.wiki.zoho.com/

6 Overview – What’s New? Over 750 new breaches studied since the last report –Total for all years = 1700+ Just under 4 million records confirmed compromised –Total for all years = 900+ million Euro-centric appendix from Dutch HTCU ??

7 Drop in Data Loss – Our Hypotheses Random caseload variation Prosecution and incarceration of “Kingpins” –Deterrence and/or scrambling among criminal groups Change in criminal tactics –Away from massive breaches to smaller, less risky heists Market forces (law of supply and demand) Targeting different (non-bulk) data types –More IP, classified data, etc stolen They’ve gotten better at evading detection –This may be true, but we don’t think it explains the drop

8 Agents: Whose Actions Affected the Asset?

9

10

11 Agents: Who were the External Agents?

12 Agents: Who were the Internal Agents?

13 Actions: What Actions Affected the Asset?

14

15

16 Title?

17 Malware – What was the Infection Vector?

18 Malware – What was its Functionality?

19 Malware – How Often was it Customized?

20 Hacking – What was the Type Used?

21 Hacking – What Path did the Agent Take? Patchable vulnerabilities: 5

22 Social – What was the Type Used?

23 Social – What Path and Target did the Agent Use?

24 Misuse – What was the Type Used?

25 Physical – What was the Type Used?

26 Error – Types of Causal Error Leading to Breach?

27 Which Assets were Affected?

28

29 Which Operating Systems were Affected?

30 Location (Hosting) and Management of Assets Location Management

31 Which Data Types were Affected?

32 Total Number of Records Compromised since 2004

33 How Difficult were these Attacks?

34 Were these Victims Targeted?

35 How Long to Compromise, Discovery & Containment?

36 How did the Victim Discover the Breach?

37 What were the Unknown Unknowns?

38

39 Conclusions Focus on detection & prevention You often have time to react before FIM Evidence of breach is in the logs Filter outbound access Look for unusual locations

40 Wrapping up

41

42 Conclusions & recommendations Focus on essential controls. Focus on essential controls. Many organisations make the mistake of pursuing exceptionally high security in certain areas while almost completely neglecting others. Businesses are much better protected if they implement essential controls across the entire organization without exception. Eliminate unnecessary data. Eliminate unnecessary data. If you do not need it, do not keep it. For sensitive data that must be kept, identify, monitor and securely store it. Secure remote access services. Secure remote access services. Restrict these services to specific IP addresses and networks, minimising public access to them. Also, ensure that your organisation is limiting access to sensitive information within the network. Filter outbound activity. Filter outbound activity. If the criminal cannot get the data out of your environment then the data has not been compromised. Monitor and mine event logs. Monitor and mine event logs. Focus on the obvious issues that logs pick up, not the records. Reducing the compromise-to-discovery timeframe from weeks and months to days can pay huge dividends. Look for unusual location. Look for unusual location. Criminals do not tend to attack from the same location as your usual business partner and staff traffic.

43 DBIR: www.verizonbusiness.com/databreach VERIS: https://verisframework.wiki.zoho.com/ Blog: securityblog.verizonbusiness.com Email: dbir@verizonbusiness.com

Download ppt "© 2010 Verizon. All Rights Reserved. PTE14626 07/10 2011 DBIR."

Similar presentations

© 2014 Microsoft Corporation. All rights reserved.

© 2014 Microsoft Corporation. All rights reserved.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
© 2008 Verizon. All Rights Reserved. PTEXXXXX XX/08 GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Customized Net Conference New Features in Microsoft Office.

© 2008 Verizon. All Rights Reserved. PTEXXXXX XX/08 GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Customized Net Conference New Features in Microsoft Office.
© 2008 Verizon. All Rights Reserved. PTE13015 06/08 GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Advanced Net Conference powered by Cisco-WebEx T26 Enhancements.

© 2008 Verizon. All Rights Reserved. PTE /08 GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Advanced Net Conference powered by Cisco-WebEx T26 Enhancements.
Managed Security Monitoring. 2 ©2015 EarthLink. All rights reserved. Today’s top IT concerns — sound familiar? Source: IT Security Risks 2014: A Business.

Managed Security Monitoring. 2 ©2015 EarthLink. All rights reserved. Today’s top IT concerns — sound familiar? Source: IT Security Risks 2014: A Business.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing

1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
University of Minho School of Engineering Algoritmi Center Uma Escola a Reinventar o Futuro – Semana da Escola de Engenharia - 24 a 27 de Outubro de 2011.

University of Minho School of Engineering Algoritmi Center Uma Escola a Reinventar o Futuro – Semana da Escola de Engenharia - 24 a 27 de Outubro de 2011.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
ORACLE ON VERIZON CLOUD Proprietary & Confidential, Verizon Enterprise Solutions Oracle OpenWorld September, Anne Plese, Verizon Enterprise.

ORACLE ON VERIZON CLOUD Proprietary & Confidential, Verizon Enterprise Solutions Oracle OpenWorld September, Anne Plese, Verizon Enterprise.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Network security policy: best practices

Network security policy: best practices
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Similar presentations

Ads by Google