SlideShare ist ein Scribd-Unternehmen logo

Who is the next target proactive approaches to data security

Ulf Mattsson
Ulf Mattsson

The landscape of threats to sensitive data is changing.  New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day.  The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it. 

Technologie
1 von 59
Downloaden Sie, um offline zu lesen
WHO IS THE NEXT TARGET?WHO IS THE NEXT TARGET? Proactive Approaches to Data Security Ulf Mattsson CTO, Protegrity Ulf.Mattsson@protegrity.com
Working with the Payment Card Industry Security Standards Council (PCI SSC): • PCI SSC Tokenization Task Force • PCI SSC Encryption Task Force • PCI SSC Point to Point Encryption Task Force • PCI SSC Risk Assessment SIG Ulf Mattsson & PCI Data Security Standards • PCI SSC eCommerce SIG • PCI SSC Cloud SIG • PCI SSC Virtualization SIG • PCI SSC Pre-Authorization SIG • PCI SSC Scoping SIG • PCI SSC 2013 – 2014 Tokenization Task Force 2
New threats and methods of attack New technologies offer new vulnerabilities Lessons learned from the Target breach Topics Lessons learned from the Target breach The importance of proactive thinking New technologies to properly secure data 3
THE CHANGING THREAT LANDSCAPETHREAT LANDSCAPE 4 How have the methods of attack shifted?
Data Loss Worries IT Pros Most 5 Source: 2014 Trustwave Security Pressures Report
Data Loss Worries IT Pros Most 6 Source: 2014 Trustwave Security Pressures Report
“It’s clear the bad guys are winning at a faster rate than the good guys Security - We Are Losing Ground 7 Source: searchsecurity.techtarget.com/news/2240215422/In-2014-DBIR-preview-Verizon-says-data-breach-response-gap-widening rate than the good guys are winning, and we’ve got to solve that.” - 2014 Verizon Data Breach Investigations Report
Security - We Are Losing Ground “…Even though security is improving, things are getting worse faster, so 8 getting worse faster, so we're losing ground even as we improve.” - Security expert Bruce Schneier Source: http://www.businessinsider.com/bruce-schneier-apple-google-smartphone-security-2012-11
Security - We Are Losing Ground “Cyber attack fallout could cost the global economy $3 trillion by 9 Source: McKinsey report on enterprise IT security implications released in January 2014. economy $3 trillion by 2020.”
PRIME TARGETS FOR DATA BREACHDATA BREACH 10
CIA and NSA Tell Utilities How To Up Cybersecurity 11 Source: Smart Grid News The Bipartisan Policy Center (BPC) has published a new report titled "Cybersecurity and the North American Electric Grid: New Policy Approaches to Address an Evolving Threat."
The U.S. government's Industrial Control Systems Cyber Emergency Response Team Responded to more than 200 incidents 53% aimed at the energy sector. So far, there have not been any successful catastrophic attacks on the US energy grid Energy Sector a Prime Target for Cyber Attacks attacks on the US energy grid Ongoing debate about the risk of a "cyber Pearl Harbor" attack. Source: www.csoonline.com/article/748580/energy-sector-a-prime-target-for-cyber-attacks (Oct. 2012 - May 2013) 12
The global energy sector has become vulnerable to cyber-attack Increasingly adopting internet-based industrial control systems in an effort to cut costs The industry has yet to experience business Energy Sector Faces Cyber-attack Threat: Marsh interruption or physical damage as a result of a cyber-attack Being "disproportionately" targeted by increasingly sophisticated hacker networks the broker Source: 2014 Report, Insurance broker Marsh 13
BEWARE MALWAREBEWARE MALWARE 14
15
New Malware Source: mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf 16
Total Malicious Signed Malware Source: mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf 17
Targeted Malware Topped the Threats 18 62% said that the pressure to protect from data breaches also increased over the past year. Source: 2014 Trustwave Security Pressures Report
US - Targeted Malware Top Threat 19 Source: 2014 Trustwave Security Pressures Report
FBI uncovered 20 cyber attacks against retailers in the past year that utilized methods similar to Target incident Believe POS malware crime will continue to grow over the near term Despite law enforcement and security firms' actions to mitigate it FBI Memory-Scraping Malware Warning mitigate it Report: “Recent Cyber Intrusion Events Directed Toward Retail Firms” Source: searchsecurity.techtarget.com/news/2240213143/FBI-warns-of-memory-scraping- malware-in-wake-of-Target-breach 20
THE CHANGING TECHNOLOGYTECHNOLOGY LANDSCAPE What effect, if any, does the rise of “Big Data” have on breaches? 21
Has Your Organization Already Invested in Big Data? 22 Source: Gartner
Holes in Big Data… 23 Source: Gartner
Many Ways to Hack Big Data 24 Hackers & APT Rogue Privileged Users Unvetted Applications Or Ad Hoc Processes
Many Ways to Hack Big Data MapReduce (Job Scheduling/Execution System) Pig (Data Flow) Hive (SQL) Sqoop ETL Tools BI Reporting RDBMS Avro(Serialization) Zookeeper(Coordination) Hackers Unvetted Applications Or Ad Hoc Processes Source: http://nosql.mypopescu.com/post/1473423255/apache-hadoop-and-hbase 25 HDFS (Hadoop Distributed File System) Hbase (Column DB) Avro(Serialization) Zookeeper(Coordination) Privileged Users
Big Data (Hadoop) was designed for data access, not security Security in a read-only environment introduces new challenges Massive scalability and performance requirements Big Data Vulnerabilities and Concerns Sensitive data regulations create a barrier to usability, as data cannot be stored or transferred in the clear Transparency and data insight are required for ROI on Big Data 26
TARGET DATA BREACHBREACH 27 What can we learn from the Target breach?
Target Breach Optioned as Sony Feature Film 28 Source: Welivesecurity.com
Target Corp. said in its annual report that a massive security breach has hurt its image and business, while spawning dozens of legal actions, and it noted it can't estimate how big the financial tab will end up being Security software picked up on suspicious activity Target Says It Ignored Early Signs of Data Breach Security software picked up on suspicious activity after a cyberattack was launched, but it decided not to take immediate action Received security alerts on Nov. 30 that indicated malicious software had appeared in its network Source: SEC (Securities and Exchange Commission ) 29
Target Data Breach, U.S. Secret Service & iSIGHT Target CIO Beth Jacob resigned 30
Memory Scraping Malware – Target Breach Payment Card Terminal Point Of Sale Application Memory Scraping Malware Authorization, Settlement … Web Server Memory Scraping Malware Russia 31
Credentials were stolen from Fazio Mechanical in a malware- injecting phishing attack sent to employees of the firm by email • Resulted in the theft of at least 40 million customer records containing financial data such as debit and credit card information. • In addition, roughly 70 million accounts were compromised that included addresses and mobile numbers. The data theft was caused by the installation of malware on How The Breach at Target Went Down the firm's point of sale machines The subsequent file dump containing customer data is reportedly flooding the black market • Starting point for the manufacture of fake bank cards, or provide data required for identity theft. Source: Brian Krebs and www.zdnet.com/how-hackers-stole-millions-of-credit- card-records-from-target-7000026299/ 32
The FTC is probing the massive hack of credit card information Target could face federal charges for failing to protect its customers' data from hackers When you see a data breach of this size with clear harm to consumers, it's clearly something that the Target May Face Federal Suit Over Privacy Fumble harm to consumers, it's clearly something that the FTC would be interested in looking at," said Jon Leibowitz, a former FTC chairman Sen. Richard Blumenthal, a Connecticut Democrat, urged the FTC to investigate the Target hack soon after it became public in December Source: Bloomberg Businessweek 33
Who Is The Next Target? 34
It’s not like other businesses are using some special network security practices that Target doesn’t know about. They just haven’t been hit yet. No number of traps, bars, or alarms will keep out the determined thief Source: www.govtech.com/security 35
THINKING LIKE A HACKERHACKER How can we shift from reactive to proactive thinking? 36
The Modern Day Bank Robber 37
Current Breach Discovery Methods 38 Verizon 2013 Data-breach-investigations-report & 451 Research
You must assume the systems will be breached. Once breached, how do you know you've been compromised? You have to baseline and understand what 'goodness' looks like and look for deviations from goodness McAfee and Symantec can't tell you what normal looks like in your own systems. Only monitoring anomalies can do that CISOs say SIEM Not Good for Security Analytics Only monitoring anomalies can do that Monitoring could be focused on a variety of network and end-user activities, including network flow data, file activity and even going all the way down to the packets Source: 2014 RSA Conference, moderator Neil MacDonald, vice president at Gartner 39
TURNING THE TIDE 40 What new technologies and techniques can be used to prevent future attacks?
What if a Social Security number or Credit Card NumberCredit Card Number in the Hands of a Criminal was Useless? 41
COMPLIANCE VS. SECURITYSECURITY 42
Target was certified as meeting the standard for the payment card industry in September 2013 Compliance can protect us from liability, but whether it actually protects us from loss of business and loss of data is not so clear Compliance is a minimal deterrent that everyone Target Breach Lesson: PCI Compliance Isn't Enough Compliance is a minimal deterrent that everyone has to have in place If you're driving a car, you're expected to have a driver's license. That doesn't make you a safe driver Source: TechNewsWorld 43
Protection of cardholder data in memory Clarification of key management dual control and split knowledge Recommendations on making PCI DSS business-as- usual and best practices Security policy and operational procedures added PCI DSS 3.0 Security policy and operational procedures added Increased password strength New requirements for point-of-sale terminal security More robust requirements for penetration testing 44
Coarse Grained Security • Access Controls • Volume Encryption • File Encryption Fine Grained Security Evolution of Data Security Methods Time Fine Grained Security • Access Controls • Field Encryption (AES & ) • Masking • Tokenization • Vaultless Tokenization 45
Old and flawed: Minimal access levels so people can only carry Access Control Risk High – can only carry out their jobs 46 Access Privilege Level I High I Low Low –
Applying the Protection Profile to the Structure of each Sensitive Data Fields allows forSensitive Data Fields allows for a Wider Range of Granular Authority Options 47
Examples: De-Identified Sensitive Data Field Real Data Tokenized / Pseudonymized Name Joe Smith csu wusoj Address 100 Main Street, Pleasantville, CA 476 srta coetse, cysieondusbak, CA Date of Birth 12/25/1966 01/02/1966 Telephone 760-278-3389 760-389-2289 E-Mail Address joe.smith@surferdude.org eoe.nwuer@beusorpdqo.org SSN 076-39-2778 076-28-3390 CC Number 3678 2289 3907 3378 3846 2290 3371 3378 Business URL www.surferdude.com www.sheyinctao.com Fingerprint Encrypted Photo Encrypted X-Ray Encrypted Healthcare / Financial Services Dr. visits, prescriptions, hospital stays and discharges, clinical, billing, etc. Financial Services Consumer Products and activities Protection methods can be equally applied to the actual data, but not needed with de-identification 48
Risk High – Old: Minimal access levels – Least New : Much greater The New Data Protection - Tokenization Access Privilege Level I High I Low Low – levels – Least Privilege to avoid high risks Much greater flexibility and lower risk in data accessibility 49
Tokenization Research Tokenization Gets Traction Aberdeen has seen a steady increase in enterprise use of tokenization for protecting sensitive data over encryption Nearly half of the respondents (47%) are currently using tokenization for something other than cardholder data Tokenization users had 50% fewer security-related incidents than tokenization non-users 50 Source: http://www.protegrity.com/2012/08/tokenization-gets-traction-from-aberdeen/
Security of Different Protection Methods High Security Level I Format Preserving Encryption I Vaultless Data Tokenization I AES CBC Encryption Standard I Basic Data Tokenization 51 Low
Fine Grained Data Security Methods Tokenization and Encryption are Different Used Approach Cipher System Code System Cryptographic algorithms Cryptographic keys TokenizationEncryption 52 Cryptographic keys Code books Index tokens Source: McGraw-HILL ENCYPLOPEDIA OF SCIENCE & TECHNOLOGY
10 000 000 - 1 000 000 - 100 000 - 10 000 - Transactions per second* Speed of Different Protection Methods 10 000 - 1 000 - 100 - I Format Preserving Encryption I Vaultless Data Tokenization I AES CBC Encryption Standard I Vault-based Data Tokenization *: Speed will depend on the configuration 53
Different Tokenization Approaches Property Dynamic Pre-generated Vaultless Vault-based 54
Use Case How Should I Secure Different Data? Simple – PCI PII Encryption of Files Card Holder Data Tokenization of Fields Personally Identifiable Information Type of Data I Structured I Un-structured Complex – PHI Protected Health Information 55 Personally Identifiable Information
Use Big Data to Analyze Abnormal Usage Pattern Payment Card Terminal Point Of Sale Application Memory Scraping Malware Authorization, Settlement … Web Server Memory Scraping Malware Moscow, Russia FireEye Malware?
Trend - Open Security Analytics Frameworks 57 Source: Emc.com/collateral/white-paper/h12878-rsa-pivotal-security-big-data-reference-architecture Enterprise Big Data Lake
Conclusions Changing threat landscape & challenges to secure data: • Attackers are looking for not just payment data – a more serious problem. • IDS systems are lacking context needed to catch data theft • SIEM detection is too slow in handling large amounts of events. What happened at Target? • Modern customized malware can be very hard to detect 58 • They were compliant, but not secure How can we prevent what happened to Target and the next attack against our sensitive data? • Assume that we are under attack - proactive protection of the data itself • We need to analyze event information and context to catch modern attackers • The Oracle Big Data Appliance can provide the foundation for solving this problem
Thank you!Thank you! Questions? Please contact us for more information http://www.protegrity.com/news-resources/collateral/ Ulf.Mattsson@protegrity.com

Empfohlen

MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Cyber security basics for law firms
Cyber security basics for law firmsCyber security basics for law firms
Cyber security basics for law firmsRobert Westmacott
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougKey note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougUlf Mattsson
 
New york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattssonNew york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattssonUlf Mattsson
 
What I Learned at RSAC 2020
What I Learned at RSAC 2020What I Learned at RSAC 2020
What I Learned at RSAC 2020Ulf Mattsson
 
How to protect privacy sensitive data that is collected to control the corona...
How to protect privacy sensitive data that is collected to control the corona...How to protect privacy sensitive data that is collected to control the corona...
How to protect privacy sensitive data that is collected to control the corona...Ulf Mattsson
 
Data Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicData Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicUlf Mattsson
 

Empfohlen

MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Cyber security basics for law firms
Cyber security basics for law firmsCyber security basics for law firms
Cyber security basics for law firmsRobert Westmacott
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougKey note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougUlf Mattsson
 
New york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattssonNew york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattssonUlf Mattsson
 
What I Learned at RSAC 2020
What I Learned at RSAC 2020What I Learned at RSAC 2020
What I Learned at RSAC 2020Ulf Mattsson
 
How to protect privacy sensitive data that is collected to control the corona...
How to protect privacy sensitive data that is collected to control the corona...How to protect privacy sensitive data that is collected to control the corona...
How to protect privacy sensitive data that is collected to control the corona...Ulf Mattsson
 
Data Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicData Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicUlf Mattsson
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloudUlf Mattsson
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloudUlf Mattsson
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSScott Suhy
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeUlf Mattsson
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowMapR Technologies
 
Alert logic cloud security report
Alert logic cloud security reportAlert logic cloud security report
Alert logic cloud security reportGabe Akisanmi
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving servicesCloudMask inc.
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Allot Communications
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataUlf Mattsson
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51Felipe Prado
 
Cloud computing for banking
Cloud computing for bankingCloud computing for banking
Cloud computing for bankingIBM Software India
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
 
Emerging application and data protection for cloud
Emerging application and data protection for cloudEmerging application and data protection for cloud
Emerging application and data protection for cloudUlf Mattsson
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesCompTIA
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017Insights success media and technology pvt ltd
 
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Arpin Consulting
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudUlf Mattsson
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Ulf Mattsson
 
Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...
Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...
Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...Impetus Technologies
 
4. Big data & analytics HP
4. Big data & analytics HP4. Big data & analytics HP
4. Big data & analytics HPMITEF México
 

Weitere ähnliche Inhalte

Was ist angesagt?

Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloudUlf Mattsson
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloudUlf Mattsson
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSScott Suhy
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeUlf Mattsson
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowMapR Technologies
 
Alert logic cloud security report
Alert logic cloud security reportAlert logic cloud security report
Alert logic cloud security reportGabe Akisanmi
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving servicesCloudMask inc.
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Allot Communications
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataUlf Mattsson
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51Felipe Prado
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
 
Emerging application and data protection for cloud
Emerging application and data protection for cloudEmerging application and data protection for cloud
Emerging application and data protection for cloudUlf Mattsson
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesCompTIA
 
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Arpin Consulting
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudUlf Mattsson
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Ulf Mattsson
 

Was ist angesagt? (20)

Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloud
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMS
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscape
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
 
Alert logic cloud security report
Alert logic cloud security reportAlert logic cloud security report
Alert logic cloud security report
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving services
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big data
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51
 
Cloud computing for banking
Cloud computing for bankingCloud computing for banking
Cloud computing for banking
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
 
Emerging application and data protection for cloud
Emerging application and data protection for cloudEmerging application and data protection for cloud
Emerging application and data protection for cloud
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for Businesses
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017
 
Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)Protecting Intellectual Property and Data Loss Prevention (DLP)
Protecting Intellectual Property and Data Loss Prevention (DLP)
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
 

Andere mochten auch

Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...
Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...
Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...Impetus Technologies
 
4. Big data & analytics HP
4. Big data & analytics HP4. Big data & analytics HP
4. Big data & analytics HPMITEF México
 
S ba0881 big-data-use-cases-pearson-edge2015-v7
S ba0881 big-data-use-cases-pearson-edge2015-v7S ba0881 big-data-use-cases-pearson-edge2015-v7
S ba0881 big-data-use-cases-pearson-edge2015-v7Tony Pearson
 
Security Trends in the Retail Industry
Security Trends in the Retail IndustrySecurity Trends in the Retail Industry
Security Trends in the Retail IndustryIBM Security
 
Hack the Hackers 2012: Client Side Hacking – Targeting the User
Hack the Hackers 2012: Client Side Hacking – Targeting the UserHack the Hackers 2012: Client Side Hacking – Targeting the User
Hack the Hackers 2012: Client Side Hacking – Targeting the UserNew Horizons Bulgaria
 
(SEC401) Encryption Key Storage with AWS KMS at Okta
(SEC401) Encryption Key Storage with AWS KMS at Okta(SEC401) Encryption Key Storage with AWS KMS at Okta
(SEC401) Encryption Key Storage with AWS KMS at OktaAmazon Web Services
 
Big data 4 4 the art of the possible 4-en-web
Big data 4 4 the art of the possible 4-en-webBig data 4 4 the art of the possible 4-en-web
Big data 4 4 the art of the possible 4-en-webRick Bouter
 

Andere mochten auch (7)

Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...
Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...
Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...
 
4. Big data & analytics HP
4. Big data & analytics HP4. Big data & analytics HP
4. Big data & analytics HP
 
S ba0881 big-data-use-cases-pearson-edge2015-v7
S ba0881 big-data-use-cases-pearson-edge2015-v7S ba0881 big-data-use-cases-pearson-edge2015-v7
S ba0881 big-data-use-cases-pearson-edge2015-v7
 
Security Trends in the Retail Industry
Security Trends in the Retail IndustrySecurity Trends in the Retail Industry
Security Trends in the Retail Industry
 
Hack the Hackers 2012: Client Side Hacking – Targeting the User
Hack the Hackers 2012: Client Side Hacking – Targeting the UserHack the Hackers 2012: Client Side Hacking – Targeting the User
Hack the Hackers 2012: Client Side Hacking – Targeting the User
 
(SEC401) Encryption Key Storage with AWS KMS at Okta
(SEC401) Encryption Key Storage with AWS KMS at Okta(SEC401) Encryption Key Storage with AWS KMS at Okta
(SEC401) Encryption Key Storage with AWS KMS at Okta
 
Big data 4 4 the art of the possible 4-en-web
Big data 4 4 the art of the possible 4-en-webBig data 4 4 the art of the possible 4-en-web
Big data 4 4 the art of the possible 4-en-web
 

Ähnlich wie Who is the next target proactive approaches to data security

The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachUlf Mattsson
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonUlf Mattsson
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Ulf Mattsson
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesOpen Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesBlack Duck by Synopsys
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionCBIZ, Inc.
 
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Ulf Mattsson
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco Security
 
Digital Forensics Market, Size, Global Forecast 2023-2028
Digital Forensics Market, Size, Global Forecast 2023-2028Digital Forensics Market, Size, Global Forecast 2023-2028
Digital Forensics Market, Size, Global Forecast 2023-2028Renub Research
 

Ähnlich wie Who is the next target proactive approaches to data security (20)

The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattsson
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
 
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesOpen Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special Edition
 
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 
Digital Forensics Market, Size, Global Forecast 2023-2028
Digital Forensics Market, Size, Global Forecast 2023-2028Digital Forensics Market, Size, Global Forecast 2023-2028
Digital Forensics Market, Size, Global Forecast 2023-2028
 

Mehr von Ulf Mattsson

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Ulf Mattsson
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021Ulf Mattsson
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesUlf Mattsson
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeUlf Mattsson
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchainUlf Mattsson
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protectionUlf Mattsson
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsUlf Mattsson
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKUlf Mattsson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonUlf Mattsson
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAUlf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bUlf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 

Mehr von Ulf Mattsson (20)

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Book
BookBook
Book
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 

Kürzlich hochgeladen

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Kürzlich hochgeladen (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Who is the next target proactive approaches to data security

  • 1. WHO IS THE NEXT TARGET?WHO IS THE NEXT TARGET? Proactive Approaches to Data Security Ulf Mattsson CTO, Protegrity Ulf.Mattsson@protegrity.com
  • 2. Working with the Payment Card Industry Security Standards Council (PCI SSC): • PCI SSC Tokenization Task Force • PCI SSC Encryption Task Force • PCI SSC Point to Point Encryption Task Force • PCI SSC Risk Assessment SIG Ulf Mattsson & PCI Data Security Standards • PCI SSC eCommerce SIG • PCI SSC Cloud SIG • PCI SSC Virtualization SIG • PCI SSC Pre-Authorization SIG • PCI SSC Scoping SIG • PCI SSC 2013 – 2014 Tokenization Task Force 2
  • 3. New threats and methods of attack New technologies offer new vulnerabilities Lessons learned from the Target breach Topics Lessons learned from the Target breach The importance of proactive thinking New technologies to properly secure data 3
  • 4. THE CHANGING THREAT LANDSCAPETHREAT LANDSCAPE 4 How have the methods of attack shifted?
  • 5. Data Loss Worries IT Pros Most 5 Source: 2014 Trustwave Security Pressures Report
  • 6. Data Loss Worries IT Pros Most 6 Source: 2014 Trustwave Security Pressures Report
  • 7. “It’s clear the bad guys are winning at a faster rate than the good guys Security - We Are Losing Ground 7 Source: searchsecurity.techtarget.com/news/2240215422/In-2014-DBIR-preview-Verizon-says-data-breach-response-gap-widening rate than the good guys are winning, and we’ve got to solve that.” - 2014 Verizon Data Breach Investigations Report
  • 8. Security - We Are Losing Ground “…Even though security is improving, things are getting worse faster, so 8 getting worse faster, so we're losing ground even as we improve.” - Security expert Bruce Schneier Source: http://www.businessinsider.com/bruce-schneier-apple-google-smartphone-security-2012-11
  • 9. Security - We Are Losing Ground “Cyber attack fallout could cost the global economy $3 trillion by 9 Source: McKinsey report on enterprise IT security implications released in January 2014. economy $3 trillion by 2020.”
  • 10. PRIME TARGETS FOR DATA BREACHDATA BREACH 10
  • 11. CIA and NSA Tell Utilities How To Up Cybersecurity 11 Source: Smart Grid News The Bipartisan Policy Center (BPC) has published a new report titled "Cybersecurity and the North American Electric Grid: New Policy Approaches to Address an Evolving Threat."
  • 12. The U.S. government's Industrial Control Systems Cyber Emergency Response Team Responded to more than 200 incidents 53% aimed at the energy sector. So far, there have not been any successful catastrophic attacks on the US energy grid Energy Sector a Prime Target for Cyber Attacks attacks on the US energy grid Ongoing debate about the risk of a "cyber Pearl Harbor" attack. Source: www.csoonline.com/article/748580/energy-sector-a-prime-target-for-cyber-attacks (Oct. 2012 - May 2013) 12
  • 13. The global energy sector has become vulnerable to cyber-attack Increasingly adopting internet-based industrial control systems in an effort to cut costs The industry has yet to experience business Energy Sector Faces Cyber-attack Threat: Marsh interruption or physical damage as a result of a cyber-attack Being "disproportionately" targeted by increasingly sophisticated hacker networks the broker Source: 2014 Report, Insurance broker Marsh 13
  • 15. 15
  • 17. Total Malicious Signed Malware Source: mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2013.pdf 17
  • 18. Targeted Malware Topped the Threats 18 62% said that the pressure to protect from data breaches also increased over the past year. Source: 2014 Trustwave Security Pressures Report
  • 19. US - Targeted Malware Top Threat 19 Source: 2014 Trustwave Security Pressures Report
  • 20. FBI uncovered 20 cyber attacks against retailers in the past year that utilized methods similar to Target incident Believe POS malware crime will continue to grow over the near term Despite law enforcement and security firms' actions to mitigate it FBI Memory-Scraping Malware Warning mitigate it Report: “Recent Cyber Intrusion Events Directed Toward Retail Firms” Source: searchsecurity.techtarget.com/news/2240213143/FBI-warns-of-memory-scraping- malware-in-wake-of-Target-breach 20
  • 21. THE CHANGING TECHNOLOGYTECHNOLOGY LANDSCAPE What effect, if any, does the rise of “Big Data” have on breaches? 21
  • 22. Has Your Organization Already Invested in Big Data? 22 Source: Gartner
  • 23. Holes in Big Data… 23 Source: Gartner
  • 24. Many Ways to Hack Big Data 24 Hackers & APT Rogue Privileged Users Unvetted Applications Or Ad Hoc Processes
  • 25. Many Ways to Hack Big Data MapReduce (Job Scheduling/Execution System) Pig (Data Flow) Hive (SQL) Sqoop ETL Tools BI Reporting RDBMS Avro(Serialization) Zookeeper(Coordination) Hackers Unvetted Applications Or Ad Hoc Processes Source: http://nosql.mypopescu.com/post/1473423255/apache-hadoop-and-hbase 25 HDFS (Hadoop Distributed File System) Hbase (Column DB) Avro(Serialization) Zookeeper(Coordination) Privileged Users
  • 26. Big Data (Hadoop) was designed for data access, not security Security in a read-only environment introduces new challenges Massive scalability and performance requirements Big Data Vulnerabilities and Concerns Sensitive data regulations create a barrier to usability, as data cannot be stored or transferred in the clear Transparency and data insight are required for ROI on Big Data 26
  • 27. TARGET DATA BREACHBREACH 27 What can we learn from the Target breach?
  • 28. Target Breach Optioned as Sony Feature Film 28 Source: Welivesecurity.com
  • 29. Target Corp. said in its annual report that a massive security breach has hurt its image and business, while spawning dozens of legal actions, and it noted it can't estimate how big the financial tab will end up being Security software picked up on suspicious activity Target Says It Ignored Early Signs of Data Breach Security software picked up on suspicious activity after a cyberattack was launched, but it decided not to take immediate action Received security alerts on Nov. 30 that indicated malicious software had appeared in its network Source: SEC (Securities and Exchange Commission ) 29
  • 30. Target Data Breach, U.S. Secret Service & iSIGHT Target CIO Beth Jacob resigned 30
  • 31. Memory Scraping Malware – Target Breach Payment Card Terminal Point Of Sale Application Memory Scraping Malware Authorization, Settlement … Web Server Memory Scraping Malware Russia 31
  • 32. Credentials were stolen from Fazio Mechanical in a malware- injecting phishing attack sent to employees of the firm by email • Resulted in the theft of at least 40 million customer records containing financial data such as debit and credit card information. • In addition, roughly 70 million accounts were compromised that included addresses and mobile numbers. The data theft was caused by the installation of malware on How The Breach at Target Went Down the firm's point of sale machines The subsequent file dump containing customer data is reportedly flooding the black market • Starting point for the manufacture of fake bank cards, or provide data required for identity theft. Source: Brian Krebs and www.zdnet.com/how-hackers-stole-millions-of-credit- card-records-from-target-7000026299/ 32
  • 33. The FTC is probing the massive hack of credit card information Target could face federal charges for failing to protect its customers' data from hackers When you see a data breach of this size with clear harm to consumers, it's clearly something that the Target May Face Federal Suit Over Privacy Fumble harm to consumers, it's clearly something that the FTC would be interested in looking at," said Jon Leibowitz, a former FTC chairman Sen. Richard Blumenthal, a Connecticut Democrat, urged the FTC to investigate the Target hack soon after it became public in December Source: Bloomberg Businessweek 33
  • 34. Who Is The Next Target? 34
  • 35. It’s not like other businesses are using some special network security practices that Target doesn’t know about. They just haven’t been hit yet. No number of traps, bars, or alarms will keep out the determined thief Source: www.govtech.com/security 35
  • 36. THINKING LIKE A HACKERHACKER How can we shift from reactive to proactive thinking? 36
  • 37. The Modern Day Bank Robber 37
  • 38. Current Breach Discovery Methods 38 Verizon 2013 Data-breach-investigations-report & 451 Research
  • 39. You must assume the systems will be breached. Once breached, how do you know you've been compromised? You have to baseline and understand what 'goodness' looks like and look for deviations from goodness McAfee and Symantec can't tell you what normal looks like in your own systems. Only monitoring anomalies can do that CISOs say SIEM Not Good for Security Analytics Only monitoring anomalies can do that Monitoring could be focused on a variety of network and end-user activities, including network flow data, file activity and even going all the way down to the packets Source: 2014 RSA Conference, moderator Neil MacDonald, vice president at Gartner 39
  • 40. TURNING THE TIDE 40 What new technologies and techniques can be used to prevent future attacks?
  • 41. What if a Social Security number or Credit Card NumberCredit Card Number in the Hands of a Criminal was Useless? 41
  • 43. Target was certified as meeting the standard for the payment card industry in September 2013 Compliance can protect us from liability, but whether it actually protects us from loss of business and loss of data is not so clear Compliance is a minimal deterrent that everyone Target Breach Lesson: PCI Compliance Isn't Enough Compliance is a minimal deterrent that everyone has to have in place If you're driving a car, you're expected to have a driver's license. That doesn't make you a safe driver Source: TechNewsWorld 43
  • 44. Protection of cardholder data in memory Clarification of key management dual control and split knowledge Recommendations on making PCI DSS business-as- usual and best practices Security policy and operational procedures added PCI DSS 3.0 Security policy and operational procedures added Increased password strength New requirements for point-of-sale terminal security More robust requirements for penetration testing 44
  • 45. Coarse Grained Security • Access Controls • Volume Encryption • File Encryption Fine Grained Security Evolution of Data Security Methods Time Fine Grained Security • Access Controls • Field Encryption (AES & ) • Masking • Tokenization • Vaultless Tokenization 45
  • 46. Old and flawed: Minimal access levels so people can only carry Access Control Risk High – can only carry out their jobs 46 Access Privilege Level I High I Low Low –
  • 47. Applying the Protection Profile to the Structure of each Sensitive Data Fields allows forSensitive Data Fields allows for a Wider Range of Granular Authority Options 47
  • 48. Examples: De-Identified Sensitive Data Field Real Data Tokenized / Pseudonymized Name Joe Smith csu wusoj Address 100 Main Street, Pleasantville, CA 476 srta coetse, cysieondusbak, CA Date of Birth 12/25/1966 01/02/1966 Telephone 760-278-3389 760-389-2289 E-Mail Address joe.smith@surferdude.org eoe.nwuer@beusorpdqo.org SSN 076-39-2778 076-28-3390 CC Number 3678 2289 3907 3378 3846 2290 3371 3378 Business URL www.surferdude.com www.sheyinctao.com Fingerprint Encrypted Photo Encrypted X-Ray Encrypted Healthcare / Financial Services Dr. visits, prescriptions, hospital stays and discharges, clinical, billing, etc. Financial Services Consumer Products and activities Protection methods can be equally applied to the actual data, but not needed with de-identification 48
  • 49. Risk High – Old: Minimal access levels – Least New : Much greater The New Data Protection - Tokenization Access Privilege Level I High I Low Low – levels – Least Privilege to avoid high risks Much greater flexibility and lower risk in data accessibility 49
  • 50. Tokenization Research Tokenization Gets Traction Aberdeen has seen a steady increase in enterprise use of tokenization for protecting sensitive data over encryption Nearly half of the respondents (47%) are currently using tokenization for something other than cardholder data Tokenization users had 50% fewer security-related incidents than tokenization non-users 50 Source: http://www.protegrity.com/2012/08/tokenization-gets-traction-from-aberdeen/
  • 51. Security of Different Protection Methods High Security Level I Format Preserving Encryption I Vaultless Data Tokenization I AES CBC Encryption Standard I Basic Data Tokenization 51 Low
  • 52. Fine Grained Data Security Methods Tokenization and Encryption are Different Used Approach Cipher System Code System Cryptographic algorithms Cryptographic keys TokenizationEncryption 52 Cryptographic keys Code books Index tokens Source: McGraw-HILL ENCYPLOPEDIA OF SCIENCE & TECHNOLOGY
  • 53. 10 000 000 - 1 000 000 - 100 000 - 10 000 - Transactions per second* Speed of Different Protection Methods 10 000 - 1 000 - 100 - I Format Preserving Encryption I Vaultless Data Tokenization I AES CBC Encryption Standard I Vault-based Data Tokenization *: Speed will depend on the configuration 53
  • 54. Different Tokenization Approaches Property Dynamic Pre-generated Vaultless Vault-based 54
  • 55. Use Case How Should I Secure Different Data? Simple – PCI PII Encryption of Files Card Holder Data Tokenization of Fields Personally Identifiable Information Type of Data I Structured I Un-structured Complex – PHI Protected Health Information 55 Personally Identifiable Information
  • 56. Use Big Data to Analyze Abnormal Usage Pattern Payment Card Terminal Point Of Sale Application Memory Scraping Malware Authorization, Settlement … Web Server Memory Scraping Malware Moscow, Russia FireEye Malware?
  • 57. Trend - Open Security Analytics Frameworks 57 Source: Emc.com/collateral/white-paper/h12878-rsa-pivotal-security-big-data-reference-architecture Enterprise Big Data Lake
  • 58. Conclusions Changing threat landscape & challenges to secure data: • Attackers are looking for not just payment data – a more serious problem. • IDS systems are lacking context needed to catch data theft • SIEM detection is too slow in handling large amounts of events. What happened at Target? • Modern customized malware can be very hard to detect 58 • They were compliant, but not secure How can we prevent what happened to Target and the next attack against our sensitive data? • Assume that we are under attack - proactive protection of the data itself • We need to analyze event information and context to catch modern attackers • The Oracle Big Data Appliance can provide the foundation for solving this problem
  • 59. Thank you!Thank you! Questions? Please contact us for more information http://www.protegrity.com/news-resources/collateral/ Ulf.Mattsson@protegrity.com