Mitigate Risk Around Unstructured Data Assess and remediate access to your company's sensitive data

Transcription

1 Mitigate Risk Around Unstructured Data Assess and remediate access to your company's sensitive data Dan Krpata Information Security Specialist STEALTHbits Technologies, Inc.

2 What is Unstructured Data Challenges How Access is Controlled by the System Best Practices for Controlling Access Solutions Questions/Answers Overview

3 What is Unstructured Data?

4 SharePoint / File Shares What is Unstructured Data?

5 What is Unstructured Data? Technically Speaking Data that lacks defined structured, unlike structured data that fits into the traditional database row and column paradigm Non-Technical Translation User-generated Data Documents, Spreadsheets, Presentations and other data types that reside on File Shares, in Collaboration Portals (i.e. SharePoint), on Desktops and Servers

6 Most people use it every day!!! What Is Unstructured Data?

7 What is Unstructured Data? Clarifications Computers Desktops Drive is a hardware term (no C Drive or D Drive, think of them as a share) C$, D$ (available at every reboot) hidden shares free to domain admin, local admins Servers Storage Devices Network Attached Storage SharePoint Repositories

8 Challenges with Unstructured Data

9 Access Sprawl Joiner, Mover, Leaver Activity Distributed Entitlements Access Never thoroughly Reviewed/Adjusted Data Explosion 80% of all Data is unstructured (IBM) 70% of all data is user created 85% of that data is maintained by corporations. (Century Link) CSC predicts 650% increase in next 5 years Challenges with Unstructured Data It s Dynamic & Complex It s Massive Risk Exposure on the Rise Brand, Revenue & Reputation Exposure Security Breach / Insider Threat Compliance Findings Service Level Impacts It s Critical Business Example: - 10,000 Users NetApp Filers - 30,000,000+ Folders - 600,000,000+ Files - Trillions of Permissions!

10 Challenges with Unstructured Data Unstructured Data is commonly breached by internal employees with legitimate access to the data Barclays details on many aspects of customers' lives, including their earnings, bank account information, loans, medical information, insurance policies, passport numbers and national insurance numbers. Philip van Doorn ( NSA Having 'root' or equivalent administrative status gave Snowden total access to all data. We know he had privileges because he was able to hide his tracks and edit the activity logs Kelly Jackson Higgins DarkReading.com - (Quote from Jeff Hudson, CEO of Venafi)

11 How Access is Controlled by the System?

12 How Access is Controlled by the System? Access Control List (ACL) Access Control Entry (ACE) Contains SID and a bit flag (remember this when thinking of Groups) Active Directory Group Membership Security Groups (Distribution Groups have no affect on ACLs) AD Groups, Local Groups Group Policy Objects (GPOs) Server Level Share ACL, Folder ACL, File ACL Direct ACL on share, folders and files Group ACL on share, folders and files Permission Inheritance (set at root and percolate down) until it doesn t. Deny ACE overrides any ACL setting SharePoint Verify all server-level, site level and list-level roles and privileges

13 Active Directory Group Membership Group Policy Objects (GPOs) How Access is Controlled by the System?

14 How Access is Controlled by the System

15 How Access is Controlled by the System

16 How Access is Controlled by the System Server Level Share ACL, Folder ACL, File ACL Direct ACL on share, folders and files Group ACL on share, folders and files Permission Inheritance (set at root and percolate down) until it doesn t. Deny ACE says no matter what ACL

17 How Access is Controlled by the System Direct ACL Group ACL

18 How Access is Controlled by the System Deny ACE Don t be fooled, this is not True Permission Inheritance Effective Access!!!

19 Open Shares!!!

20 Open Shares!!! File Shares open to anyone within the organization Why Do They Exist? People are lazy! Instead of using AD groups to secure access they use permissions like Everyone or Authenticated Users Rarely are Open Shares acceptable for non-classified and public information Risks of Open Access Open shares are easy to discover and exploit This leads to risk of Insider theft APTs and Malware Exploits Data Loss and Corruption Who Cares? CISO, Audit/Compliance, Security and IAM

21 Good Permissions Open Shares!!!

22 Bad Permissions Open Shares!!!

23 Best Practices for Controlling Access to Unstructured Data

24 Controlling Access to Unstructured Data Discover where Unstructured Data Exists Find the data that poses the greatest risk Monitor Activity Understand where Active Directory Groups and Users have access Clean-up your Mess Put a Data Access Governance Program in place

25 Controlling Access to Unstructured Data Discover where unstructured data exists List of all Servers CMDB Network Neighborhood Search AD for list of systems IP Network Sweep Then determine if it s a Windows File Server, Desktop, NAS Enumerate shares Get Share Permissions Enumerate Folders, Folder and File Permissions (and Inheritance) Look at Group Policy Objects (on all servers) Look at local groups on each server Look at local user on each server Get AD Users, Groups and Group Memberships

26 Controlling Access to Unstructured Data Find the Data that Poses the Greatest Risk Sensitive Data Discovery Compliance data PII (Personally Identifiable Information) Customer and Employee data IP (Intellectual Property) Data Trade Secrets Patents, Copyrights, Trademarks

27 Controlling Access to Unstructured Data Monitor Activity Auditing and Compliance Understand how access is changing and who is accessing the data Determine data ownership Track anomalies and/or suspicious activity Assists in prioritizing your focus Integrate with your SIEM solutions for the Big Picture

28 Controlling Access to Unstructured Data Understand where Active Directory Groups have access Determine what access groups provide Do they need all that access Transform your Security Model (Resource-based Groups) Consider scope of the project Assign group owners (Data Custodians)

29 Controlling Access to Unstructured Data Clean Up Your Mess Active Directory Clean-up Stale Groups, Users, Computers Toxic Conditions Circular Nesting Nesting Depth Improper Nesting Attribute Incompleteness Manager, Display Name, Description, Department, Telephone

30 Controlling Access to Unstructured Data Put a Data Access Governance Program in Place Perform regular entitlement reviews Implement self-service access requests Integrate unstructured data with Identity & Access Management platforms

31 Solutions

32 Considerations: Agent vs Agentless Architecture Integration Capabilities Infrastructure Requirements Ease of Use Cost Solutions

33 Vendors: STEALTHbits Technologies Symantec Imperva Varonis Dell AvePoint Solutions

34 Questions?

35 Thank You!