© 2010 Verizon. All Rights Reserved. PTE14626 07/10 2011 DBIR.

Slides:



Advertisements
Similar presentations
© 2014 Microsoft Corporation. All rights reserved.
Advertisements

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
© 2008 Verizon. All Rights Reserved. PTEXXXXX XX/08 GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Customized Net Conference New Features in Microsoft Office.
© 2008 Verizon. All Rights Reserved. PTE /08 GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Advanced Net Conference powered by Cisco-WebEx T26 Enhancements.
Managed Security Monitoring. 2 ©2015 EarthLink. All rights reserved. Today’s top IT concerns — sound familiar? Source: IT Security Risks 2014: A Business.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
Security for Today’s Threat Landscape Kat Pelak 1.
1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
University of Minho School of Engineering Algoritmi Center Uma Escola a Reinventar o Futuro – Semana da Escola de Engenharia - 24 a 27 de Outubro de 2011.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
ORACLE ON VERIZON CLOUD Proprietary & Confidential, Verizon Enterprise Solutions Oracle OpenWorld September, Anne Plese, Verizon Enterprise.
Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Network security policy: best practices
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
AICC Overview November 21, 2011.
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.
The National Intelligence Model (NIM)
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
© 2011 Verizon. All Rights Reserved. Reserved Net Conference for Cisco WebEx Event Center Presenter Name Presenter Title Month XX, 2013.
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Symantec Managed Security Services The Power To Protect Duncan Evans Director, Cyber Security Services 1.
© 2008 Verizon. All Rights Reserved. PTEXXXXX XX/08 GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Instant Net Conference Powered by Cisco WebEx Technology.
©2015 Check Point Software Technologies Ltd. 1 Rich Comber SME, Threat Prevention Check Point Software Technologies Moving to a Prevent Based Security.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Consistency in Reporting Data Breaches
Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,
© 2008 Verizon. All Rights Reserved. PTE /08 GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Verizon Instant Net Conference powered by Cisco-WebEx T26.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Sky Advanced Threat Prevention
January 07 th 2016 Intelligence Briefing NOT PROTECTIVELY MARKED.
© 2006 Verizon. All Rights Reserved. PTE /14/06 Verizon Customized Net Conference Powered by WebEx Meeting Center Basic Tutorial.
Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.
© CounterSnipe – April 2015 TM CounterSnipe – Network Security Welcome Amar Rathore.
Cyber Security in the Post-AV Era Amit Mital Chief Technology Officer General Manager, Emerging Endpoints Business Unit.
© 2008 Verizon. All Rights Reserved. PTEXXXXX XX/08 GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Reserved Net Conference New Features in Microsoft Office.
Deployment Planning Services
Verizon Business Net Conferencing
2016 Data Breach Investigations Report
Reserved Net Conference
Dissecting the Cyber Security Threat Landscape
Prevent Costly Data Leaks from Microsoft Office 365
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
SAM GDPR Assessment <Insert partner logo here>
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
What are they and how can you stop them? 24th March 2012
Protecting Your Company’s Most Valuable Asset
Anatomy of a Large Scale Attack
Business Continuity Program Overview
Strategic threat assessment
Information Protection
Microsoft Data Insights Summit
Microsoft Data Insights Summit
Information Protection
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Presentation transcript:

© 2010 Verizon. All Rights Reserved. PTE / DBIR

PROPRIETARY STATEMENT This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners.

Data Breach Investigations Report series

2011 DBIR Contributors Verizon United States Secret Service Dutch National High Tech Crime Unit

Methodology: Collection and Analysis VERIS framework used to collect data after investigation Aggregate and anonymize the case data RISK Intelligence team provides analytics 630 threat events VERIS:

Overview – What’s New? Over 750 new breaches studied since the last report –Total for all years = Just under 4 million records confirmed compromised –Total for all years = 900+ million Euro-centric appendix from Dutch HTCU ??

Drop in Data Loss – Our Hypotheses Random caseload variation Prosecution and incarceration of “Kingpins” –Deterrence and/or scrambling among criminal groups Change in criminal tactics –Away from massive breaches to smaller, less risky heists Market forces (law of supply and demand) Targeting different (non-bulk) data types –More IP, classified data, etc stolen They’ve gotten better at evading detection –This may be true, but we don’t think it explains the drop

Agents: Whose Actions Affected the Asset?

Agents: Who were the External Agents?

Agents: Who were the Internal Agents?

Actions: What Actions Affected the Asset?

Title?

Malware – What was the Infection Vector?

Malware – What was its Functionality?

Malware – How Often was it Customized?

Hacking – What was the Type Used?

Hacking – What Path did the Agent Take? Patchable vulnerabilities: 5

Social – What was the Type Used?

Social – What Path and Target did the Agent Use?

Misuse – What was the Type Used?

Physical – What was the Type Used?

Error – Types of Causal Error Leading to Breach?

Which Assets were Affected?

Which Operating Systems were Affected?

Location (Hosting) and Management of Assets Location Management

Which Data Types were Affected?

Total Number of Records Compromised since 2004

How Difficult were these Attacks?

Were these Victims Targeted?

How Long to Compromise, Discovery & Containment?

How did the Victim Discover the Breach?

What were the Unknown Unknowns?

Conclusions Focus on detection & prevention You often have time to react before FIM Evidence of breach is in the logs Filter outbound access Look for unusual locations

Wrapping up

Conclusions & recommendations Focus on essential controls. Focus on essential controls. Many organisations make the mistake of pursuing exceptionally high security in certain areas while almost completely neglecting others. Businesses are much better protected if they implement essential controls across the entire organization without exception. Eliminate unnecessary data. Eliminate unnecessary data. If you do not need it, do not keep it. For sensitive data that must be kept, identify, monitor and securely store it. Secure remote access services. Secure remote access services. Restrict these services to specific IP addresses and networks, minimising public access to them. Also, ensure that your organisation is limiting access to sensitive information within the network. Filter outbound activity. Filter outbound activity. If the criminal cannot get the data out of your environment then the data has not been compromised. Monitor and mine event logs. Monitor and mine event logs. Focus on the obvious issues that logs pick up, not the records. Reducing the compromise-to-discovery timeframe from weeks and months to days can pay huge dividends. Look for unusual location. Look for unusual location. Criminals do not tend to attack from the same location as your usual business partner and staff traffic.

DBIR: VERIS: Blog: securityblog.verizonbusiness.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.