This document discusses the increasing challenges of MAC spoofing and data breaches. It outlines three main challenges: lack of visibility into devices on the network, the growing number of non-traditional Internet of Things devices, and the risk of trusting devices based only on MAC address. A network monitoring solution called Beacon is presented as able to provide comprehensive visibility of all devices, important contextual information, and scalability to address these challenges posed by MAC spoofing and the evolving network landscape.

1. !
Top 3 MAC Spoofing Challenges !
You Cannot Afford to Ignore

2. Data breaches are increasing
Identity Theft Resource !
Center reports in 2014
• 18.3% increase in data breaches
• 783 data breaches in the U.S.
• 85+ million records were affected
Verizon’s 2014 Data !
Breach Investigations Report
• Internationally 1,367 confirmed data breaches in 2013
• Over 10,000 data breaches in the last 10 years
Source:
Informa.on
is
Beau.ful
World’s
Biggest
Data
Breaches

3. Data breaches are costly
Ponemon’s 2014 report !
Cost of Data Breach: Global Analysis
• Average data breach costs $3.5 million U.S. dollars
• 15% increase in cost over previous year
The research reveals that reputation and the loss of
customer loyalty does the most damage to the bottom line.

4. Data breaches are increasing
Figure from Verizon’s 2014 Data Breach Investigation Report

5. MAC spoofing
Definition:
Connecting to the network with a falsified media access!
control (MAC) address

6. History of MAC spoofing
• Whitelisting as a form of security
• Falsifying MAC address was too easy for
hackers
• Use MAC address as first line of defense,
and combine it with a more contextual
understanding of the device

7. Top 3 MAC spoofing challenges
Lack of visibility
Unable to keep a complete, real-time inventory of what
is on the network and where each endpoint is located
Internet of Things trend
Increase in headless and non-traditional devices on the
network
Trusting the device
Security that relies on the device being the sole source
of information

8. Challenge 1: Lack of visibility
The problem
• Don’t know where unauthorized access or entry
points into the system might be
• Don’t know if there is an unauthorized device touching
the network (whether it is misconfigured, etc.)
• Don’t know if security measures are protecting entire
network

9. The solution
• Complete visibility of all endpoints on the network
– Deeper historical and contextual understanding of
all devices on the network
Challenge 1: Lack of visibility

10. This is not as simple as it sounds
• Time intensive task
• Constantly changing landscape
– Increased mobility
– Guest access
• BYOD initiatives
• Need for user convenience
Challenge 1: Lack of visibility

11. To really solve the problem you need:
• Automated technology to create an inventory
• Access to contextual data
• Continuous, real-time monitoring for an ever-changing network
Challenge 1: Lack of visibility

12. Challenge 2: Internet of Things
The trend
• Increase in devices that use your network data to do
amazing things!
Fire extinguishers that tell you
when they are in use
Sprinklers that use weather
information to determine how
often to run
Trash cans that alert you
when they are full

13. The trend
VOIP Phones
HVAC Systems
Security Cameras
Challenge 2: Internet of Things

14. The problem
• These devices are outside of the norm, meaning that
current solutions may have limited contextual information
about them
– If the MAC address is spoofed the lack of context can make it
difficult to identify that a rogue device has been added to the
network
Challenge 2: Internet of Things

15. The solution
• Visibility of all devices, including headless devices
• Agentless or clientless security solution (since these often
have specific operating systems dependencies)
Challenge 2: Internet of Things

16. The problem
• Trusting the device by MAC address or MAC OUI !
alone is risky
– The MAC address is not enough information
MAC spoofing is based on a device being dishonest
Challenge 3: Trusting the device
“Communicating
externally”
“Running
Windows apps”
176.16.232.134

17. The solution
Warehouse of context
Challenge 3: Trusting the device
What is the
device?
How is
the device!
behaving?
Where is the
device?

18. HOW WE CAN HELP?

19. The Beacon suite of solutions
Identify.
Ensure every endpoint accessing the network
is accounted for to eliminate vulnerable blind
spots.
Monitor.
Know how endpoints are behaving at all
times to easily identify and address potential
threats quickly.
Enforce.
Control access to the network to allow what
should be on the network on, and keep what
shouldn’t off.
“As far as seeing what’s "
on the network, it’s "
all about visibility and
troubleshooting. When you’re
trying to figure out, ‘what’s
plugged into this port?’ and
you can go and see that in
Beacon, it saves you time.” "
"
–Patrick Printz, "
current Beacon user

20. • Comprehensive. !
Our software provides you with complete visibility. We detect and profile all device
types touching your network, including headless devices.
• Contextual. !
Our technology provides you with historical and real-time detailed context.
– What is the endpoint
– Where is it located
– Is it behaving uncharacteristically
• Scalable. !
Great Bay Software’s technology!
has been proven to scale to satisfy !
the largest of enterprise customers.
• Simple. !
Our technology is a sophisticated application that is actually easy to deploy and
manage. !
Why Beacon?

21. Contact Us
1.800.503.1715
info@greatbaysoftware.com
Find more resources and information at
www.greatbaysoftware.com
QUESTIONS?