Investigative Response Case Metrics Initiative Preliminary findings from 700+ data compromise investigations

Similar documents
Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Compliance Audit Readiness. Bob Kral Tenable Network Security

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Changing face of endpoint security

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

K12 Cybersecurity Roadmap

Nebraska CERT Conference

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

Juniper Vendor Security Requirements

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Defense in Depth Security in the Enterprise

ANATOMY OF AN ATTACK!

2017 Annual Meeting of Members and Board of Directors Meeting

Ethics and Information Security. 10 주차 - 경영정보론 Spring 2014

Cyber-Threats and Countermeasures in Financial Sector

CCISO Blueprint v1. EC-Council

Cybersecurity Auditing in an Unsecure World

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

May the (IBM) X-Force Be With You

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Hacking and Cyber Espionage

Cybersecurity Session IIA Conference 2018

Cyber Security Updates and Trends Affecting the Real Estate Industry

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

CS 356 Operating System Security. Fall 2013

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

ISO27001 Preparing your business with Snare

Checklist: Credit Union Information Security and Privacy Policies

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

ADIENT VENDOR SECURITY STANDARD

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Cyber Security. Our part of the journey

Securing Industrial Control Systems

716 West Ave Austin, TX USA

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

THE ACCENTURE CYBER DEFENSE SOLUTION

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Pass4suresVCE. Pass4sures exam vce dumps for guaranteed success with high scores

Unit 3 Cyber security

Information Security Management Criteria for Our Business Partners

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Security Audit What Why

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Business White Paper. Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Altius IT Policy Collection Compliance and Standards Matrix

The Cyber War on Small Business

Secure Application Development. OWASP September 28, The OWASP Foundation

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Total Security Management PCI DSS Compliance Guide

Best Practices With IP Security.

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:

Vulnerability Management Policy

Security analysis and assessment of threats in European signalling systems?

You ve Been Hacked Now What? Incident Response Tabletop Exercise

2009 Data Breach Investigations Report. Executive Summary:

Altius IT Policy Collection Compliance and Standards Matrix

THE TRIPWIRE NERC SOLUTION SUITE

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Incident Response Agility: Leverage the Past and Present into the Future

Company Policy Documents. Information Security Incident Management Policy

What It Takes to be a CISO in 2017

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

CYBER SECURITY AND MITIGATING RISKS

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Convegno Sezione Automazione ANIMP

Altius IT Policy Collection

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Dell EMC Isolated Recovery

Security Challenges and

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

Cyber Information Sharing

Managing an Active Incident Response Case. Paul Underwood, COO

Unlocking the Power of the Cloud

OPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

QuickBooks Online Security White Paper July 2017

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Combating Cyber Risk in the Supply Chain

Unit 2 Assignment 2. Software Utilities?

Strategies for a Successful Security and Digital Transformation

SOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance

ALIENVAULT USM FOR AWS SOLUTION GUIDE

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

Transcription:

Investigative Response Case Metrics Initiative Preliminary findings from 700+ data compromise investigations GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Wade Baker MiniMetricon 2.5 April 07, 2008 2008 Verizon. All Rights Reserved. PTEXXXXX XX/08

Agenda Investigative Response @ Verizon Business IR Case Metrics Initiative IR Statistics & Trends 2

3 Who am I?

4 About Me Hats I Wear

5 About Me Hat I d Never be Caught Wearing

About Me Hat I d Never be Caught Wearing r = +.998 6

7 About Me Hat I m trying to Wear

8 About Me Hats I Wear

9 About Me Hats I Wear

About Me Hats I Wear Research 10

About Me Hats I Wear Intel 11

About Me Hats I Wear Innovate 12

About Me Hats I Wear Risk 13

About Me Hats I Wear Metrics 14

About Me Hats I Wear DSS 15

About Me Hats I Wear IR 16

About Me Hats I Wear Then why are you here talking to us about investigative response trends? 17

About Me Hats I Wear Investigative Response Metrics Products & Services 18

About Me Hats I Wear Metrics 19

About Me Hats I Wear IR 20

21 Investigative Response @ Verizon Business

Investigative Response @ Verizon Business IT Investigative Support (On-demand) Guaranteed Response (Retainer-based) Incident Response Training (CIRT) Computer Forensic Training Electronic Data Recovery / Destruction Services Expert Witness Testimony Mock-Incident Testing Corporate IR Program Development Litigation Support & ediscovery Tactical Management Briefings 22

Investigative Response @ Verizon Business 230 cases in 2007 (1/4 of disclosures*) 185 cases in 2006 (1/4 of disclosures*) 166 cases in 2005 (1/3 of disclosures*) 130 cases in 2004 23 *Source: http://www.idtheftcenter.com/

Investigative Response @ Verizon Business 3 of the 5 largest data breaches 24

25 Overview: IR Metrics Initiative

Overview: IR Metrics Initiative 2004 Q3 2007: Some high-level statistics & trends; some diffusion of insight and data Q4 2007 Present: Hundreds of case metrics defined & operationalized; systematic collection for all previous cases Near Future: Diffusion of data internally and externally; Reoccurring public report of findings 26

Overview: IR Metrics Initiative What s the current status of this effort? What s the dataset for this talk? 27

Overview: IR Metrics Initiative Sampling of cases from 2004-Present High-level caseload statistics and trends from each investigator Data collection on case backlog: Mostly complete for 2007, Majority for 2006, Partial for 2005 & 2004 28

Overview: IR Metrics Initiative Bottom Line: This is a work in progress but there is more than enough data to support these findings 29

Overview: IR Metrics Initiative just add -ish to the end of all numbers 30

31 IR Case Metrics: Statistics and Trends

IR Case Metrics: Statistics and Trends Industry 32 Note: 2007 cases only

IR Case Metrics: Statistics and Trends What is the source of breaches? 33

IR Case Metrics: Statistics and Trends Source 34

IR Case Metrics: Statistics and Trends Source: External 35

IR Case Metrics: Statistics and Trends Source: Internal 36

IR Case Metrics: Statistics and Trends Source: Partner 37

IR Case Metrics: Statistics and Trends Source Geo 38 Note: 2007 cases only

IR Case Metrics: Statistics and Trends How do breaches occur? 39

IR Case Metrics: Statistics and Trends Methods, Top 10 40

IR Case Metrics: Statistics and Trends Methods, Continued Deceit - Social Engineering 13% Misuse - Non-malicious misuse of corporate resources 13% Malcode - Worm or Virus 13% Error - User error 13% Physical - Wiretapping / Sniffing 12% Misuse - Malicious misuse / abuse of access or privilege 12% Error - Inadvertent disclosure of sensitive data via web 10% Physical - Theft from external location 8% Error - Technical / system failure 8% Physical - Loss or misplacement of asset 7% Physical - System access or tampering 7% 41

IR Case Metrics: Statistics and Trends Difficulty High - Advanced skills and/or extensive resources were used Moderate - The attack involved skilled attacks and/or significant resources Low - Low-level skills and/or resources were used. Automated tools and Script Kiddies 42 None - No special skills or resources were used. The average user could have done it

IR Case Metrics: Statistics and Trends Targeted vs Opportunistic 43

IR Case Metrics: Statistics and Trends Vector 44

IR Case Metrics: Statistics and Trends Compromised Asset 45

IR Case Metrics: Statistics and Trends Compromised Data 46

IR Case Metrics: Statistics and Trends Time Span Point of entry to compromise = ~Hours Compromise to discovery = ~Months Discovery to mitigation = ~Weeks 47

IR Case Metrics: Statistics and Trends How are breaches discovered? 48

IR Case Metrics: Statistics and Trends Incident Discovery 49

IR Case Metrics: Statistics and Trends Anti-forensics Q4 2006 = 14% of cases Q4 2007 = 67% of cases 50

IR Case Metrics: Statistics and Trends Can breaches be prevented? 51

IR Case Metrics: Statistics and Trends Yes. 87% of incidents could have been avoided through the use of "due diligence" or "reasonable" security controls. 52

IR Case Metrics: Statistics and Trends Unknown Unknowns 53

IR Case Metrics: Statistics and Trends Asset / Data discovery & classification 70% Software / App development standards 57% Minimization or removal of replicated data 52% Identity Management 50% % of cases that would likely have been prevented (or at least substantially mitigated) if the control had been in place (or of better quality) at the time of the attack More restrictive access privileges 50% Firewalls / Routers configured for default-deny 47% Network segmentation or zoning 47% More consistent vulnerability patching 47% System hardening / minimal config 47% Disk Encryption 47% IDS / Network monitoring 43% 54

IR Case Metrics: Statistics and Trends Intrusion Prevention System 40% User awareness & training 40% Checks to identify technical non-compliance 40% Data Loss Prevention / Content filtering 30% % of cases that would likely have been prevented (or at least substantially mitigated) if the control had been in place (or of better quality) at the time of the attack Client / personal firewall 30% Antivirus software 23% Physical security controls 13% Anti-Spyware 13% USB Blocking 8% More frequent vulnerability patching 2% 55

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback