What is the dark matter of your network? Like the dark matter of our universe, it makes up a large percentage of your network. These dark devices access your network, but are largely invisible to vulnerability management and data loss prevention solutions. They are not always on, are not in your office regularly and are not static desktops, servers or infrastructure. Nevertheless they represent a significant risk to your security. iScan Online provides visibility and financial impact analytics, exposing the risk to compromise for any device.
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Â
Secure the Dark Matter of Your Network
1. S E C U R E T H E D A R K M A T T E R
O F Y O U R N E T W O R K
With Opportunistic Scanning
B R E A C H A N A L Y T I C S
What data is at risk
How will attackers compromise the data
What will it cost when youâre breached
2. E X E C U T I V E S U M M A R Y
Today we are in the midst of digital warfare, it is a
global epidemic with all of our data under
relentless assault.
Over the last several years, companies of all sizes
and in every industry have seen their sensitive
data lost or stolen.
Data is most likely one of your corporationâs most
valuable assets. Preventing digital data theft of
intellectual property, trade secrets or or incidental
losses is paramount for the success of any
business.
So where is this sensitive data lurking? If you are
p ro a c t i v e l y re m e d i a t i n g o n l y k n o w n d a t a
repositories and devices, but not scanning for
rogue payment data, personal identifiable
information and vulnerabilities, you leave yourself
exposed to a truly unknown level of risk.
If youâre a CISO, CIO or in Security Operations,
youâre probably doing everything you can to keep
your corporate data safe. To that end, this paper
will explain how to find your risk from unknown,
unprotected data, and how you can quantify that
risk in absolute dollars and cents to help bridge
the gap between your remediation goals and your
organizationâs financial strength.
Billy Austin
President
C O N T E N T S
Introduction to Dark Matter
Page 3
From Remediation to
Prevention
Page 6
A Proactive Security
Strategy
Page 7
Unmatched Data
Discovery
Page 9
Powerful Cloud Console
Page 10
Conclusion
Page 11
About iScan Online
Page 12
2
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
3. Scientists believe that as much as 80% of the
universe is made up of dark matter that we
currently know little, if anything about. We canât
measure it, see it, and donât know its
properties. We know that, accounting for 80%
of the mass of the universe, it must be
important; but how, what, and why is beyond
our present grasp. We only know it exists when
we see it inïŹuence elements of the observable
universe, like light bending around an invisible
black hole. In fact, describing and quantifying
the role of dark matter within the universe is
one of the greatest challenges facing todayâs
astrophysicists. Similarly, perhaps the greatest
obstacle facing security professionals today
arises from another type of dark matter lurking
in today's networks: the unknown security
threat. Whether itâs payment data or other
sensitive personal identiïŹable information
sitting unnoticed on cloud drives and long-
since-archived outlook ïŹles or the myriad
devices constantly connecting to corporate
networks around the world, we know these
instances of unencrypted PII and untamed
devices undermine our networks, but they are
often virtually invisible to our traditional efforts
to perform data discovery and security
assessments on them. Consequently, many
devices continue to pose a threat while we
struggle to know their security posture,
vulnerabilities, compliance status, or what
sensitive data they may contain.
MY DEVICES, YOUR PROBLEM
Classic methods of scanning devices on the
network are very good at discovering and
ïŹnding vulnerabilities on devices that they can
see. However, they can only see devices that
are on the network at the moment in time the
scan is executed. At the same time, these
types of plodding network security scans can
take a long time to complete while chewing-up
precious bandwidth resources. In the past, this
was enough: concerns about network latency
and device utilization, forced organizations to
perform scans during off-hours. Initially this
approach did not present an issue as the
majority of servers, network devices, and even
desktops were always plugged in. These
devices were considered static and reachable
whether the scan happened at 3am or 3pm, or
anytime in between.
A snapshot of the threats and
the industries that are most
threatened today
3
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
I N T R O D U C T I O N T O D A R K M A T T E R
W h a t s t r a n g e a s t r o p h y s i c a l p h e n o m e n o n h a s i n c o m m o n
w i t h y o u r d a t a n e t w o r k .
50% 50%
Malicious Outsider
System Glitch
8%4%
9%
13%
21%
45%
Retail Technology
Financial Government
Education Other
4. The average per-record
cost in 2014 to remediate
after a breach occurs
$100.00
$200.00
$300.00
$400.00
Healthcare Education Energy Financial Technology Retail
THE STATUS-QUO HAS CHANGED
We live in a world of branch ofïŹces, remote
workers, transient contractors and mobile users.
And while they may not know the difference
between BYOD and BYOB, they are leading the
charge towards mixed- use devices and non-
standard business platforms. Microsoft
Windows, while still representing a large portion
of the market, is no longer at 95% market share.
In fact, PCs themselves represent a smaller and
ever- shrinking share of the devices on our
networks.
Virtually every network today has a wide array of
smartphones, tablets and personal devices of
many shapes and sizes constantly requesting
access. All of these different devices access
our network from different locations and at
different times. Worse, lax or non-existent
security policies among users mean that, while
your network may be buttoned-up, your users
are still prone to downloading malware or
inïŹltration by bad actors who use their trusted
credentials as a pivot point into your network.
Since a large percentage of the devices that
access the network are no longer available to
scan during off-peak times, a traditional network
security scan is essentially ineffective for those
devices. These unscanned devices and the
unencrypted data they contain are the dark
matter of your network. They exist and they are
an important part of the network, but there is no
evidence or means to quantify the risk they
pose. At least there isnât with traditional
vulnerability scanning, or until they announce
their presence after-the-fact through a
potentially devastating breach.
4
5. ACKNOWLEDGING A SECURITY BLIND SPOT
If only there was a way of actually scanning
these dark matter devices. A network could
be made much safer and more immune to
attack. Unfortunately, the attackers recognize
that most organizations are woefully ill
equipped to manage this sort of opportunistic
vulnerability scanning and data discovery. In
fact, current trends indicate that attacks
targeting these devices are on the rise as
increasing numbers of disparate devices
access the network from locations out of
scope for traditional assessment technologies.
Today there is a signiïŹcant blind spot in the
vulnerability management solutions that many
organizations have spent precious security
budget dollars implementing. Frankly, this
âblind spotâ is a tremendous risk that
organizations cannot continue to fail to
manage due to a lack of insight.
Regulatory compliance schemes recognize
this risk. The PCI Council, for instance, has
mandated that internal scans of devices be
conducted regularly and discovered
vulnerabilities and risks should be prioritized
for remediation. Likewise in health care,
HIPAA has mandated security scanning of
devices for health related PII (Personally
IdentiïŹable Information). At the same time,
regulations like FERPA now govern the
protection of student PII and well-regarded
security ïŹrms like the Ponemon Institute are
spearheading analysis on the true cost of a
data breach.
In short, for most organizations, having such a
large number of dark matter devices
accessing their networks without visibility is no
longer acceptable! The only solution is a
strategy designed to answer three crucial
questions:
1. What unencrypted data is at-risk on my
networks?
2. Where are the vulnerabilities that will allow
access to that data by attackers?
3. How much will it cost to remediate the
breach after-the-fact?
2,803,036 Records lost or stolen every day
116,793 Records lost or stolen every hour
1,947 Records lost or stolen every minute
32 Records lost or stolen every second
F R O M R E M E D I A T I O N T O P R E V E N T I O N
The dark matter on your network is a considerable risk. With today's targeted attacks via spear
phishing, APTs, and drive-by malware; attackers need only to target and inïŹltrate one device to get
inside your network and wreak havoc. The overwhelming majority of security incidents are due to a
known vulnerability being exploited on a single device to gain access to the larger network.
5
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
*2014 ïŹgures from breachlevelindex.com
6. Opportunistic Scanning & Discovery
Fortunately a newly patented technology
is now available to address this problem
with the introduction of iScan Onlineâ s
"Opportunistic Scanningâ. Opportunistic
Scanning is the ability to perform
assessments on devices accessing
network resources when and where they
are available. This flexible approach
means devices can be assessed
regardless of the network connection
type or location, provided they are
connected to the Internet. This flexibility
allows iScan Online to shine a light on
the dark matter of networks, giving
security personnel unprecedented
visibility into the security posture, data
and applications of those devices.
FLEXIBLE DEPLOYMENT, POWERFUL
DETECTION
iScan Online provides opportunistic scanning
and unique methods that allow you to see
more of the networked devices and more of
the data on those devices with greater
accuracy. iScan Online is deployed through a
browser plugin, command line interface
(downloadable executable) or as a native
mobile app. This methodology is fast, highly
accurate, and leverages what most
organizations already have in place; Microsoft
Active Directory, Systems Management tools,
Web Applications, Internet access, and a
browser. By combining these existing
architectures with iScan Onlineâs cloud-based
analytics, organizations are now empowered
to assess all devices throughout the
organization.
This new, highly accurate methodology also
delivers very unique scanning capabilities for
today and tomorrowâs computing and mobile
platforms. An integrated web portal provides
a single point for management, analysis, and
reporting, while the individual devices perform
the heavy lifting of the scan process,
permitting scalability across the globe. This
distributed architecture provides unparalleled
scalability allowing hundreds of thousands of
devices to be scanned in a matter of seconds.
Even better, it requires no lengthy deployment
cycle or additional network appliances to
operate.
ELIMINATING FALSE POSITIVES & SAVING
RESOURCES
iScan Online performs deep inspection of
devices using a variety of methodologies
including the Windows Registry, native ïŹle
systems, interrogating system conïŹgurations
using operating system and Application APIâs,
and Windows WMI queries. Using these direct
access methods instead of relying upon
network packet response and injection
provides highly accurate results, virtually
eliminating false positives, which will save
time and money for security personnel. There
are also no requirements for modifying ingress
ïŹrewall routes and ports, or need to conïŹgure
VPN connections as iScan Online executes on
the device and communicates via standard
HTTPS web trafïŹc. So despite being more
ïŹexible and seamless than many other
vulnerability scanners, iScan Onlineâs
deployment model ensures that no device
goes unscanned due to a lack of credentials
or infrequent network connectivity.
6
A P R O A C T I V E S E C U R I T Y S T R A T E G Y
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
7. 7
Average increased
customer churn rates, post-
breach, by industry
Credentials? We donât need no stinking
credentials!
One of the biggest challenges with assessing
connected devices is that network administrators
typically donât have credentials to scan the
device. This presents a number of challenges for
proper risk assessment. First, security personnel
must be given administrator credentials to the
device, which is extremely problematic in BYOD
environments. Second it creates an additional
security risk by trusting a cache of administrator
level credentials to be stored and used within
systems, which may not have been designed as
secure authorization and authentication brokers.
Without administrative credentials, network
scanners can only provide an outside view of the
device, typically a port scan. With iScan Online,
the need for credentials is eliminated because
the scan runs on the host as the current user.
One of the dirty little secrets of current
vulnerability assessment solutions is that
administrative access is NOT required to
properly assess vulnerabilities when the
assessment is run locally on a device.
Regardless of how scans are delivered, speed
and scalability is key. Because iScan Online
performs scanning directly on the device, there
is no network congestion or latency introduced.
There are no worries about exhausting the
amount of threads the scanner can spawn. It
makes no difference how many devices are
being scanned at a time. Scan one device or
thousands of devices at a time through iScan
Onlineâs distributed cloud architecture and all
scans are completed within a fraction of the
time of traditional vulnerability scanners.
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
1.75%
3.50%
5.25%
7.00%
Healthcare Education Energy Financial Technology Retail
1.3%
4.1%
6.1%
2.8%
2.4%
5.9%
8. SCAN FROM WEB APPS
The dark matter on your network is a
considerable risk. With today's targeted attacks
via spear phishing, APTs, and drive-by malware;
attackers need only to target and inïŹltrate one
device to get inside your network and wreak
havoc. The overwhelming majority of security
incidents are due to a known vulnerability being
exploited on a single device to gain access to
the larger network.
Scanning can now be easily integrated into
existing web applications. Utilizing iScan Online
for Web Browsers, organizations can now
leverage their growing base of web applications
as scanning catch points for devices accessing
corporate resources. Whether you manage
access via captive web portals, single-sign-on
credentialing, or another NAC solution, iScan
Online works with your existing security policies
to ensure that no device gains access to your
network without undergoing a background data
discovery and vulnerability scan. Even VPN
access can incorporate iScan Online
technology via simple connect scripts.
Now consider a highly distributed organization
with a large remote sales force: Typically these
users are accessing sales and order processing
applications via the web, they rarely access the
corporate network using VPN access and are
always on the move. How do you assess these
devices for security risk?
SCAN FROM ANYWHERE
At iScan Online, weâve made it as simple as
adding a âScan Nowâ button or web analytics
service to your web application. Simply include
a small JavaScript snippet into any web
application and all users accessing the web
application will be scanned for security issues
in a quick, efïŹcient and unobtrusive manner.
Scans can be performed as often as desired
(daily, weekly, quarterly etc.) based on the user
accessing the web application. Results from the
assessment can be analyzed automatically by
the web application in order to make decisions
regarding the users web application request.
For example, the web application could decide
to deny access or to limit available functionality
to the user based on discovered data or
vulnerabilities. And, as with all iScan Online
scans, the results are available for reporting and
analysis from iScan Onlineâs Cloud Console.
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
9. 9
COMPLETE, CUSTOMIZABLE DISCOVERY
iScan Onlineâs Data Discovery Scan identiïŹes
what devices store unprotected trade secrets,
intellectual property, and personal identiïŹable
information that are putting your business at
risk. Because data is where you least expect
it, with iScan Online, you can see every
unprotected piece of data within your
company, from credit cards and social
security numbers in Dropbox, to intellectual
property in mail folders and zip ïŹles. iScan
Online is unmatched in its combination of
ïŹexible deployment, comprehensive data
discovery and iron-clad validation algorithms
like Modulus Check (LUHN) and intelligent
Contextual Awareness to reduce false
positives or missed data.
iScan Online provides a comprehensive data
discovery and scanning solution that meets
and exceeds todayâs regulatory requirements
at the federal, state and industry level. This is
crucial as most organizations have regulatory
compliance mandates that require scanning of
all connected devices. For example the PCI
Council mandates that all merchants perform
regular internal scans and prioritize detected
vulnerabilities for remediation to manage risk.
The ability to conduct these internal scans on-
demand is a compelling use case for iScan
Online. As a Participating Organization in the
PCI Council, iScan Onlineâs PCI scan
compliance report is the proof a merchant
needs to show compliance with this
requirement. The same is true of HIPAA, as
well as other compliance mandates. iScan
Online can be conïŹgured to run the various
types of scans required to demonstrate
compliance with multiple regulations.
But the rash of data breaches that have
received so much press in the last few years
make it abundantly clear that meeting
regulatory compliance for vulnerability
scanning just isnât enough. If a network is
inïŹltrated, the ability to proactively identify
unprotected PII and intellectual property is the
single most powerful enhancement to your
network security that you can make.
U N M A T C H E D D A T A D I S C O V E R Y
Besides identifying security vulnerabilities, a complete strategy requires knowing what employees
and devices are storing unprotected sensitive data throughout your company. But how do you
know where that data is hiding?
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
Scan Every File Type
OST/PST, CSV, HTML, RTF, DOCX, XLSX, PPTX
Text Files, SQL, Binary, SXW, PDF, XML, ODT & more. . .
Credit Cards American Express, Visa 13 & 16 Digits, MasterCard, Discover, Diners Club, JCB
Personally Identifiable
Information
Social Security, Drivers License, Date of Birth, Passport, Customizable
Intellectual Property Custom Patterns, Unique File Attributes, File Owners, etc.
10. 10
Delivering Actionable Analytics
All of the raw scan data is aggregated into a
beautiful, actionable cloud console that can
be customized by role and interactive report
focus. These reports are designed to work
together to ensure complete network
awareness around your exposed data, your
most vulnerable devices and your total
ïŹnancial liability by individual device. This
means youâll know instantly what needs to be
prioritized and have thrown into stark relief the
actual cost to rectify the situation post-breach,
so even the C-Suite can understand.
Sort and prioritize by the ïŹnancial liability, the
type of vulnerability, the type of unprotected
data, the location of the devices and more.
iScan Online also makes it simple to track your
progress over time with trend reports for
unprotected data, device vulnerability and
ïŹnancial liability. What better way to
demonstrate the ROI of proactive remediation
and ongoing security assessments than
tracking the reduction in risk and ïŹnancial
liability over time?
This means no more guessing what employee
is putting your business at risk. The data
discovery report by host shows you without a
doubt the volume of sensitive data and ïŹle
path outlining exactly what is most likely to fall
prey to data theft. And because iScan Online
integrates data discovery and vulnerability
detection, you can see the calculated liability
exposure of a potential data breach. That
makes it simple to present threat assessments
to the C- Suite in hard dollars at risk and to
prioritize your remediation efforts on those
devices and users that pose the greatest
ïŹnancial risk to your organization.
The iScan Online Cloud Console provides
multi-tenancy, role-based access, scan
conïŹguration, reporting and analysis. It allows
administrators to specify how scans are
initiated, for example via a web browser,
mobile app etc. The Cloud Console gives
administrators insight into device compliance
and vulnerability posture across the entire
organization.
P O W E R F U L C L O U D C O N S O L E
iScan Online is unmatched in its combination of ïŹexible deployment, data discovery and
vulnerability detection. But it truly differentiates itself from every other solution in the market today
by its powerful data analytics.
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
A View of the Console
11. Technological Darwinism dictates that new technologies
and methods will rise up to take their place and ïŹll the
niches for organizations that need solutions. iScan Online
is one of these new breed of solutions; with the right
approach and technology to tackle the challenges that
todayâs technologies and organizations require.
You canât afford to have a majority of your network as
dark matter. With iScan Online gain the insight you need
to shine the light on every section and device in your
network.
TAKING THE NEXT STEP
If you believe that there might be unprotected data, or
unsecured devices on your network, you owe it to
yourself to explore the best possible solution for your
organization.
If you believe that a solution that doesnât require any new
appliances, operates without increased network load,
and proactively ensures that every device connected to
your network is completely and thoroughly scanned,
iScan Online might be a winning option.
You can see a variety of demos, data sheets and videos,
and to request a free 14-day trial of our solution at
www.iscanonline.com/support-resources
Otherwise, please explore the sample reports to the left.
11
Secure the Dark Matter of Your Network: The Power of Opportunistic Scanning
I L L U M I N A T I N G T H E D A R K M A T T E R
We are living in exciting times. We are in the midst of a paradigm shift in how organizations conduct
business and the technologies and devices they use. These changes will render some older
technologies and methods obsolete.
12. I S C A N O N L I N E
5600 Tennyson Parkway, #343
Plano, TX 75024
214-276-1150
www.iscanonline.com
sales@iscanonline.com