Security Gaps from the Field Reconnaissance, Theft, and Looking Them in the Eye Helping you grow your business with scalable IT services & solutions Bruce Ward, CISM, Vice President for today s challenges & tomorrow s vision. Adam Gassensmith, Manager of Client Experience 2017 Peters & Associates, Inc. All rights reserved.
Agenda Security Gaps from the Field Watch Movies Tell Jokes Give Away Prizes 1. Background (Case the Joint) 2. Stealing Data (Valuables) 3. Identity (Who s at the Door)
Raffle Prizes
1) Background (Case the Joint) Recon 101
Technology Change 2005 2013
Common Misconceptions Cyber crime only happens to large companies like Chase, Target and Home Depot. 31% - incidents of losses at organizations with <100 employees 61% - incidents of losses at organizations with <250 employees Source: Symantec Internet Threat Report
Security Program: Loss by device Loss by method www.hhs.gov/ocr/privacy/hipaa/enforcement/index.html https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
Looming Risk Offset Sources:2017 Reports: Ponemon and Deloitte
Movie Time
Information Security Industry
Cyber Security Framework Data Protection
Peters & Associates Security Wheel A lot of moving parts DATA
2) Stealing Data (Valuables) Theft 101
Peters & Associates Security Wheel A lot of moving parts DATA
Significant Data
Cloud App Security
Cloud App Security
Intune Mobile Application Management (MAM)
Intune MAM / MDM Managed apps Multi-identity policy Corporate data User Personal data IT Personal apps
Mobile application management Managed apps User Personal apps
Azure Information Protection
Info Protection: User-driven classification Business Intelligence 2016 Peters & Associates, Inc. All rights reserved.
Info Protection: Reclassification Business Intelligence 2016 Peters & Associates, Inc. All rights reserved.
Info Protection - Recommended classification Business Intelligence 2016 Peters & Associates, Inc. All rights reserved.
Info Protection: Automatic classification Business Intelligence 2016 Peters & Associates, Inc. All rights reserved.
Data Loss Prevention (DLP)
Conditions Actions Exceptions 27
Raffle Prizes
3) IDENTITY (Who s at the Door?) Identity 101
Peters & Associates Security Wheel A lot of moving parts DATA
How do they do it?
HOW do I protect my business? Security Training Periodic Testing Backup/Restore Patch Management Mail Filter Next-gen Firewall Incident Response Plans
Email Scam = Big Business
Movie #2! Fraudulent Instruction
3. Azure Identity Protection
Azure Identity Protection Users with leaked credentials Sign-ins from anonymous IP addresses Impossible travel to atypical locations Sign-ins from infected devices Sign-ins from IP addresses with suspicious activity Sign-ins from unfamiliar locations
Phishing & Spearphishing
Advanced Threat Protection (ATP)
Advanced Threat Protection (ATP) Sender Safe Attachments detonation chamber (sandbox) Behavioral analysis with machine learning Executable? Registry call? Elevation? Unsafe Safe Attachment Supported file type Clean by AV/AS filters Not in Reputation list Safe Links rewrite Exchange Online Protection Multiple filters Three anti-virus engines Links Continuously updated lists of malicious URLs Recipient
Technology
What To Do Next? Solution 101
People 24x7 Access to Security Awareness Training Schedule Social Engineering Evaluation Baseline testing phishing email templates and landing pages Train your users with on-demand or interactive resources Scenario-based training exercises Ongoing security hints and tips email subscription Training assessments & reporting on results Training course examples: Intro security awareness training Handling sensitive information securely Basics of credit card security Ransomware Mobile data security PCI & GLBA compliance Strong passwords Safe web browsing Financial institution physical security 42
O365 Multi-factor Authentication (MFA)
Advisory Services People 24x7 Support Access Certified and Skilled Professionals 3 Escalation Tiers & Vendor Management Strategic Planning Process Automated Alerting and Reporting Incident Response Management Forensic Services Security Awareness Training Technology Performance, Health, User/Entity Behavior + Security Endpoint Device Monitoring Managed Endpoint Protection, Firewalls, & Backups Regular Network, Server, and Workstation Patching System Hardening Health Checks and Vulnerability Scanning
Knowledge is Power
Webinars and Blogs To register for these events, visit: http://www.peters.com/events To recap these events, visit: http://www.peters.com/blog/
Raffle Prizes
2015 Peters & Associates, Inc. All rights reserved.