Presentation is loading. Please wait.

Presentation is loading. Please wait.

Do you know who your employees are sharing their credentials with

Published bySamuel Henderson Modified over 6 years ago

Similar presentations

Presentation on theme: "Do you know who your employees are sharing their credentials with"— Presentation transcript:

1 Do you know who your employees are sharing their credentials with
Do you know who your employees are sharing their credentials with? Do they? Yair Grindlinger, CEO and Co-Founder

2 There are 1,358,671 data records stolen every day…

3 Just ask…

4 Network – Devices - Servers
Corp Control No Control Loss of control of the server side (shared resp.) – that was OK, we could still route everyone thru VPN & control their devices Loss of control of the client side (consumerization) – that was OK by itself, lets do MDM….enable only (exchange) Combined, how do we use our security infrastructure to manage a world we don’t control nor the clients nor the application? Employee Device – Network - App Corporate Network – Devices - Servers

5 Breaches We’ve Met A16Z: Stolen data from Box by junior intern
ADMIN HIJACK Unmanaged internal/external sharing leading to misappropriated data used for insider trading Administrator account hijacked leaving key operations vulnerable; passwords, permissions and etc 3rd PARTY APP COMPLIANCE User cases and stories : A16Z: Stolen data from Box by junior intern Caesars: Fake Wifi next to the office Public: Wifi hijacking Google Apps Admin account hijacking Compliance: multiple cases SSN and CC # in cloud apps (Box, Google, at rest) Change management for financial related applications Smartphone 3rd App that still all corporate data to their servers Google 2FA for GApps vulnerability that allowed hacking in to all google apps properties Inside trading before EoQ Account Hijack: Ashley Madison or other compromised sites iCloud Celebrity Nudes – Security Questions compromised thru online research for password recovery Visibility & Auditing: Amdocs / AT&T – AT&T is 10% shareholder and major revenue driver, wanted access to our Salesforce. Visibility & Auditing over their activities was a major blocker…(why we developed API integration to SFDC back in 2012…) Access Control Aiport WiFi: install certificates on your phone, break SSL; Airplane browsing – install certificates, break SSL! Information Disclosure: Smartphone 3rd App that still all corporate data to their servers (Mailbox, Boxer, Outlook Mobile app!) Compliance: Multiple cases SSN and CC # in cloud apps (Box, Google, at rest) CUECS/SOX (Complementary User Entity Controls) mostly overseen by Cloud Customers (e.g. Perion employee changing product prices) 3rd-Party app steals confidential data and stores it on their servers PCI/PHI, like SSN and credit card numbers, insecurely stored on the cloud PUBLIC WIFI PHISHING Fake messages sent to capture login credentials for use in identifying fraud activities Hackers leveraged public wifi to steal critical data and login credentials

6 Cloud Apps Security Solution Overview
Cloud App Limitations Mitigations All Un-managed application adoption Discovery Corporate Unified auditing, usage analysis, and alerts Analyze Sanctioned Sanctioned Context/risk based access, data and usage controls Control Integrate security to cloud applications Sanctioned Protection

7 Secure Sanctioned Apps
Threat Detection Risk-Based Authentication Threat Detection & Prevention 3rd Party IT and Security Tools

8 Full Stack Security DLP, Exfiltration, Advanced Threat Protection
CONTENT DLP, Exfiltration, Advanced Threat Protection APP SPECIFIC APP Deep App Insight & Audit, Adaptive App Control IDENTITY Risk Based Authentication, Account Hijack Protection CLIENT Anti Phishing, MiTB Protection OS Host State Verification (OS, Browser, End point Sec.) APP AGNOSTIC Device Session Pinning, Device Fingerprinting DEVICE IP Session Pinning, IP Reputation, SSL Enforce NETWORK

9 Risk-Based Authentication
THREAT PREVENTION RISK ENGINE EVENT (RISK SCORE) ALLOW BLOCK NETWORK DEVICE LOCATION ROLE BEHAVIOR MITIGATION USER AUTH DEVICE AUTH REDUCE PRIVILEGES THREAT DETECTION pre- authentication post-authentication

10 Cross Application Threat Detection
Dashboard Alerts Auditing Anomalies

11 Prevention can confuse users and false positives can stop business

12 communicate with users enable business
Security tools should communicate with users and enable business

13 Here’s whatcha need… Context Based, central, cross application platform Threat Detection + Prevention Real time user centric mitigation Complete control of the entire cloud / web application security stack Leverage APIs & 3rd party security solutions

14 Thank You Yair Grindlinger, CEO & Co-Founder yairg@firelayers.com

Download ppt "Do you know who your employees are sharing their credentials with"

Similar presentations

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.

George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.

Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
Web Services, SOA and Security May 11, 2009 Michael Burnett.

Web Services, SOA and Security May 11, 2009 Michael Burnett.
ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised 24-48 Hours Domain Admin Compromised Data Exfiltration (Attacker.

ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Michael McDonnell GIAC Certified Intrusion Analyst Creative Commons License: You are free to share and remix but you must provide.

Michael McDonnell GIAC Certified Intrusion Analyst Creative Commons License: You are free to share and remix but you must provide.
123456789101112…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
1 1 Securing (Accountability for) Cloud Content Peter McGoff – SVP and General Counsel.

1 1 Securing (Accountability for) Cloud Content Peter McGoff – SVP and General Counsel.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Similar presentations

Ads by Google