SlideShare una empresa de Scribd logo

Making the Case for Stronger Endpoint Data Visibility

Descargar como PPTX, PDF
D
dianadvo

As security practitioners, we often get caught up worrying about protecting against the latest threat or patching the latest zero-day, however we should spend at least an equal amount of time understanding the data risks of our users and how to offer both better visibility into endpoint data usage, as well as guidance into good data protection practices. There are a number of different products and vendors that touch on these aspects, but there is no one-stop shop for data protection, and likely never will be. DLP, or Data Loss Prevention, can look at known content types for matches and take protective actions. However, most DLP deployments never moved beyond monitoring due to over-blocking or false positive concerns. Endpoint employee monitoring can take good forensic information, even screenshots to recreate evidence of either inappropriate data usage, or other significant events, though these types of technology are often cumbersome, hard to realize the value and present some serious privacy and ethical concerns. EDR or Endpoint Detection and Response is very threat-focused, with a severe limit on data visibility, and often does little more than capture a checksum of a file, with no content inspection or awareness. UEBA, or User and Entity Behavior Analytics, can often be deployed in conjunction with SIEM or log management capabilities to get a better contextual view of your organization, however, you must first have some semblance of “normal” or a baseline before you can uncover abnormal. Organizations should begin building the case for stronger endpoint data visibility. This improved data visibility must be easy to use, fast to provide actionable answers, not impede other endpoint security capabilities, and most importantly provide the financial impact of endpoint data and the decisions that users make with that data.

Tecnología
1 de 29
Making the Case for Stronger Endpoint Data Visibility Brian Reed VP Strategy 2018 © 2018 ThinAir Labs, Inc.
#1 Asset of Digital Enterprise INFORMATION Security | Compliance | IT Ops © 2018 ThinAir Labs, Inc.
© 2018 ThinAir Labs, Inc.
Why do breaches occur? Lack of visibility. © 2018 ThinAir Labs, Inc.
How information is created, consumed, and communicated What is the financial impact of the data at risk © 2018 ThinAir Labs, Inc.
DATA Device Application Network User Data is What Matters in Security o Current solutions focus on tangential indicators of compromise o Data is the primary digital asset at risk o User-Data interaction at data- element level is key o Endpoint-based monitoring for enterprise-wide data interaction visibility © 2018 ThinAir Labs, Inc.
Delivers complete intelligence about every information in your organization. With Simplicity and Speed. CONVERSATIONAL UI BUSINESS IMPACT ENDPOINT VISIBILITY CONTINUOUS VISIBILITY INFORMATION ATTRIBUTION Endpoint Data Visibility © 2018 ThinAir Labs, Inc.
Endpoint Visibility o Endpoint is the point of interaction between people and data o Endpoint is where a lot of IP is created o Endpoint is often the blind spot o Unstructured vs. structured data © 2018 ThinAir Labs, Inc.
Continuous Visibility – Real-time & Historical 191 days: Average time to identify breach 66 days: Average time to contain breach » Track all interactions with information continuously » Maintain historical audit log (6, 12, 24 months or longer) • Even if evidence has been tampered with or deleted © 2018 ThinAir Labs, Inc.
Real Time Information Attribution o Detect suspicious activity along the threat kill chain o Proactive prediction of exfiltration © 2018 ThinAir Labs, Inc.
Conversational UI Get Instant Answers to Any Information or Security Question © 2018 ThinAir Labs, Inc.
Understand Business Impact » Provide business impact assessment • Scope of the breach in $$$ • Based on value of the data • Cost of the breach (detection, remediation, notification, etc.) • Regulatory impact • Brand reputation, business loss © 2018 ThinAir Labs, Inc.
ThinAir Next-Generation Endpoint Data Visibility Platform delivers complete intelligence about every information in your organization. With Simplicity and Speed. © 2018 ThinAir Labs, Inc.
Where to Start? • Start with visibility on the endpoint • Focus on information at the data-element level • Continuously track interactions with your information • Keep sufficiently long audit history • It should not require a PhD to investigate “Ultimately, IT will have to stop worrying about how to control which applications people are using or where documents reside and focus on protecting the documents themselves.” Gartner © 2018 ThinAir Labs, Inc.
SCARY QUESTION: downloaded your client list from Salesforce? What if I tell you there is a user in your environment who has © 2018 ThinAir Labs, Inc.
Sales Contacts from Salesforce o Organization wanted to track salespeople and if departing salespeople were taking client lists, etc. with them o Had a CASB in place, however they were only monitoring in API mode, so no enforcement. Also not strict on redirection to force CASB usage o Wanted to see who had downloaded email addresses from salesforce in the last 6 months, and run scheduled reports © 2018 ThinAir Labs, Inc.
© 2018 ThinAir Labs, Inc.
© 2018 ThinAir Labs, Inc.
SCARY QUESTION: What if I tell you there is a user in your environment who has downloaded unapproved source code to add to your applications? © 2018 ThinAir Labs, Inc.
Source Code Visibility o Organization develops security products, and currently using DLP at the endpoint (false positives, resource intensive, interferes with development of software) o They wanted to know if developers were including 3rd party open source software in their commercial software – if so they want to ensure they republish sources, abide by open source licensing (Apache, BSD, GPL, etc.) o Using GitHub for source code repository, as do many open source projects © 2018 ThinAir Labs, Inc.
Example #2 – Source Code © 2018 ThinAir Labs, Inc.
Example #2 – Source Code © 2018 ThinAir Labs, Inc.
Example #2 – Source Code © 2018 ThinAir Labs, Inc.
A Different Approach to Security! VISIBILITY SIMPLICITY SPEED Static policies that cover 1% of information 100% of information, all the time Highly specialized and trained sec analysts Proficiency with product in hours Many months, complex deployments 72 hours to value, fully SaaS © 2018 ThinAir Labs, Inc.
Regulatory Compliance Examples o Show me all users who are out of compliance with PCI right now o Send me a weekly report with all users who violated HIPAA o Alert me when users download more than 10 files containing SSNs from confidential repository or application in the last day o Find all files that contain a specific patient ID o Alert me when users copy more than 10 files with CCNs to a USB o I found users out of compliance and want to understand how to prevent it in the future => see user investigation use cases © 2018 ThinAir Labs, Inc.
Security Investigations Examples o Show me all users who had a leaked document on one of their devices prior to data loss, even if it was deleted afterwards o Show me all sensitive data that was uploaded by a user to a dark or personal web site o Show me what a user did after downloading a file containing information about a new invention o Show me all the company proprietary data a user accessed and exfiltrated last week prior to resigning today o Show me all the files that were on a laptop that was just lost © 2018 ThinAir Labs, Inc.
Proprietary Information Protection o Show me all users who downloaded files with secret project names from our highly confidential web app site in the last week o Show me all users who copied files marked confidential to a USB o Show me all users who uploaded files marked confidential to a personal cloud file sharing app o Alert me when users download more than 100 files tagged confidential from multiple repositories in the last day o Show me all IP that was uploaded by a user to a dark web site ▪ I found users leaking IP and want to understand how to prevent it in the future => see user investigation use cases o Show we all the people who had access to a highly secretive project © 2018 ThinAir Labs, Inc.
Actionable Data Visibility in 90 Seconds INVESTIGATE INCIDENTS AND BREACHES IDENTIFY RISKY DATA ACTIVITY COMPLY WITH DATA REGULATIONS PROTECT YOUR IP AND PII © 2018 ThinAir Labs, Inc.
Thanks!Any questions? Brian Reed VP of Strategy brian@thinair.com Thinair.com @thinairlabs info@thinair.com +1 (877) 269-3090 © 2018 ThinAir Labs, Inc.

Recomendados

ThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
ThinAir Endpoint Visibility Security HIMSS2018 Brian_ReedThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
ThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
ThinAir
 
5 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 3655 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 365
Netskope
 
Cloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the HypeCloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the Hype
JoAnna Cheshire
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - Presentation
Netskope
 
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Netskope
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure
 
Quantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate LeadershipQuantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate Leadership
Netskope
 
Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the CloudCure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Netskope
 

Recomendados

ThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
ThinAir Endpoint Visibility Security HIMSS2018 Brian_ReedThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
ThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
ThinAir
 
5 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 3655 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 365
Netskope
 
Cloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the HypeCloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the Hype
JoAnna Cheshire
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - Presentation
Netskope
 
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Netskope
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure
 
Quantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate LeadershipQuantifying Cloud Risk for Your Corporate Leadership
Quantifying Cloud Risk for Your Corporate Leadership
Netskope
 
Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the CloudCure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Netskope
 
Cloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity EditionCloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity Edition
Netskope
 
Netskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good Thing
Netskope
 
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
Netskope
 
Reference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the CloudReference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the Cloud
Netskope
 
Office 365 in Focus. Security and Governance Strategies from the Experts - We...
Office 365 in Focus. Security and Governance Strategies from the Experts - We...Office 365 in Focus. Security and Governance Strategies from the Experts - We...
Office 365 in Focus. Security and Governance Strategies from the Experts - We...
Netskope
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate Overview
Stephen Bates
 
Brochure forcepoint dlp_en
Brochure forcepoint dlp_enBrochure forcepoint dlp_en
Brochure forcepoint dlp_en
Seenee Permal, CISA, CISM
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Burton Lee
 
Data Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy WorldData Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy World
Netskope
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data Protection
MarketingArrowECS_CZ
 
Netskope Overview
Netskope OverviewNetskope Overview
Netskope Overview
Netskope
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
Cisco Canada
 
Forcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSForcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPS
Larry Austin
 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaProteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Cristian Garcia G.
 
Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention Approaches Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention Approaches
CipherCloud
 
Broke Note Broken: An Effective Information Security Program With a $0 Budget
Broke Note Broken: An Effective Information Security Program With a $0 BudgetBroke Note Broken: An Effective Information Security Program With a $0 Budget
Broke Note Broken: An Effective Information Security Program With a $0 Budget
Paul Melson
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust Security
Centrify Corporation
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is Here
Lancope, Inc.
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: Webinar
CipherCloud
 
Data Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier EffectData Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier Effect
Netskope
 
01-Chapter 01-Introduction to CASB and Netskope.pptx
01-Chapter 01-Introduction to CASB and Netskope.pptx01-Chapter 01-Introduction to CASB and Netskope.pptx
01-Chapter 01-Introduction to CASB and Netskope.pptx
ssuser4c54af
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022
lior mazor
 

Más contenido relacionado

La actualidad más candente

Cloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity EditionCloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity Edition
Netskope
 
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
Netskope
 
Office 365 in Focus. Security and Governance Strategies from the Experts - We...
Office 365 in Focus. Security and Governance Strategies from the Experts - We...Office 365 in Focus. Security and Governance Strategies from the Experts - We...
Office 365 in Focus. Security and Governance Strategies from the Experts - We...
Netskope
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is Here
Lancope, Inc.
 

La actualidad más candente (20)

Cloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity EditionCloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity Edition
 
Netskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good Thing
 
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
 
Reference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the CloudReference Architecture for Data Loss Prevention in the Cloud
Reference Architecture for Data Loss Prevention in the Cloud
 
Office 365 in Focus. Security and Governance Strategies from the Experts - We...
Office 365 in Focus. Security and Governance Strategies from the Experts - We...Office 365 in Focus. Security and Governance Strategies from the Experts - We...
Office 365 in Focus. Security and Governance Strategies from the Experts - We...
 
SEB Forcepoint Corporate Overview
SEB Forcepoint Corporate OverviewSEB Forcepoint Corporate Overview
SEB Forcepoint Corporate Overview
 
Brochure forcepoint dlp_en
Brochure forcepoint dlp_enBrochure forcepoint dlp_en
Brochure forcepoint dlp_en
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
 
Data Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy WorldData Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy World
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data Protection
 
Netskope Overview
Netskope OverviewNetskope Overview
Netskope Overview
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
 
Forcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSForcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPS
 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaProteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
 
Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention Approaches Cloud Visibility & Cloud Data Loss Prevention Approaches
Cloud Visibility & Cloud Data Loss Prevention Approaches
 
Broke Note Broken: An Effective Information Security Program With a $0 Budget
Broke Note Broken: An Effective Information Security Program With a $0 BudgetBroke Note Broken: An Effective Information Security Program With a $0 Budget
Broke Note Broken: An Effective Information Security Program With a $0 Budget
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust Security
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is Here
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: Webinar
 
Data Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier EffectData Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier Effect
 

Similar a Making the Case for Stronger Endpoint Data Visibility

Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
centralohioissa
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
AppSense
 

Similar a Making the Case for Stronger Endpoint Data Visibility (20)

01-Chapter 01-Introduction to CASB and Netskope.pptx
01-Chapter 01-Introduction to CASB and Netskope.pptx01-Chapter 01-Introduction to CASB and Netskope.pptx
01-Chapter 01-Introduction to CASB and Netskope.pptx
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017
 
5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases
 
Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto Networks
 
How to Handle the Realities of DevOps Monitoring Today
How to Handle the Realities of DevOps Monitoring TodayHow to Handle the Realities of DevOps Monitoring Today
How to Handle the Realities of DevOps Monitoring Today
 
Protecting What Matters Most – Data
Protecting What Matters Most – DataProtecting What Matters Most – Data
Protecting What Matters Most – Data
 
2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union2016 Cybersecurity Analytics State of the Union
2016 Cybersecurity Analytics State of the Union
 
Securing the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicySecuring the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use Policy
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Open Source Software Security
Open Source Software SecurityOpen Source Software Security
Open Source Software Security
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the Business
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Privacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingPrivacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failing
 
Where in the world is your Corporate data?
Where in the world is your Corporate data?Where in the world is your Corporate data?
Where in the world is your Corporate data?
 
When to Move Your Practice to the Cloud
When to Move Your Practice to the CloudWhen to Move Your Practice to the Cloud
When to Move Your Practice to the Cloud
 

Último

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Último (20)

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 

Making the Case for Stronger Endpoint Data Visibility

  • 1. Making the Case for Stronger Endpoint Data Visibility Brian Reed VP Strategy 2018 © 2018 ThinAir Labs, Inc.
  • 2. #1 Asset of Digital Enterprise INFORMATION Security | Compliance | IT Ops © 2018 ThinAir Labs, Inc.
  • 3. © 2018 ThinAir Labs, Inc.
  • 4. Why do breaches occur? Lack of visibility. © 2018 ThinAir Labs, Inc.
  • 5. How information is created, consumed, and communicated What is the financial impact of the data at risk © 2018 ThinAir Labs, Inc.
  • 6. DATA Device Application Network User Data is What Matters in Security o Current solutions focus on tangential indicators of compromise o Data is the primary digital asset at risk o User-Data interaction at data- element level is key o Endpoint-based monitoring for enterprise-wide data interaction visibility © 2018 ThinAir Labs, Inc.
  • 7. Delivers complete intelligence about every information in your organization. With Simplicity and Speed. CONVERSATIONAL UI BUSINESS IMPACT ENDPOINT VISIBILITY CONTINUOUS VISIBILITY INFORMATION ATTRIBUTION Endpoint Data Visibility © 2018 ThinAir Labs, Inc.
  • 8. Endpoint Visibility o Endpoint is the point of interaction between people and data o Endpoint is where a lot of IP is created o Endpoint is often the blind spot o Unstructured vs. structured data © 2018 ThinAir Labs, Inc.
  • 9. Continuous Visibility – Real-time & Historical 191 days: Average time to identify breach 66 days: Average time to contain breach » Track all interactions with information continuously » Maintain historical audit log (6, 12, 24 months or longer) • Even if evidence has been tampered with or deleted © 2018 ThinAir Labs, Inc.
  • 10. Real Time Information Attribution o Detect suspicious activity along the threat kill chain o Proactive prediction of exfiltration © 2018 ThinAir Labs, Inc.
  • 11. Conversational UI Get Instant Answers to Any Information or Security Question © 2018 ThinAir Labs, Inc.
  • 12. Understand Business Impact » Provide business impact assessment • Scope of the breach in $$$ • Based on value of the data • Cost of the breach (detection, remediation, notification, etc.) • Regulatory impact • Brand reputation, business loss © 2018 ThinAir Labs, Inc.
  • 13. ThinAir Next-Generation Endpoint Data Visibility Platform delivers complete intelligence about every information in your organization. With Simplicity and Speed. © 2018 ThinAir Labs, Inc.
  • 14. Where to Start? • Start with visibility on the endpoint • Focus on information at the data-element level • Continuously track interactions with your information • Keep sufficiently long audit history • It should not require a PhD to investigate “Ultimately, IT will have to stop worrying about how to control which applications people are using or where documents reside and focus on protecting the documents themselves.” Gartner © 2018 ThinAir Labs, Inc.
  • 15. SCARY QUESTION: downloaded your client list from Salesforce? What if I tell you there is a user in your environment who has © 2018 ThinAir Labs, Inc.
  • 16. Sales Contacts from Salesforce o Organization wanted to track salespeople and if departing salespeople were taking client lists, etc. with them o Had a CASB in place, however they were only monitoring in API mode, so no enforcement. Also not strict on redirection to force CASB usage o Wanted to see who had downloaded email addresses from salesforce in the last 6 months, and run scheduled reports © 2018 ThinAir Labs, Inc.
  • 17. © 2018 ThinAir Labs, Inc.
  • 18. © 2018 ThinAir Labs, Inc.
  • 19. SCARY QUESTION: What if I tell you there is a user in your environment who has downloaded unapproved source code to add to your applications? © 2018 ThinAir Labs, Inc.
  • 20. Source Code Visibility o Organization develops security products, and currently using DLP at the endpoint (false positives, resource intensive, interferes with development of software) o They wanted to know if developers were including 3rd party open source software in their commercial software – if so they want to ensure they republish sources, abide by open source licensing (Apache, BSD, GPL, etc.) o Using GitHub for source code repository, as do many open source projects © 2018 ThinAir Labs, Inc.
  • 21. Example #2 – Source Code © 2018 ThinAir Labs, Inc.
  • 22. Example #2 – Source Code © 2018 ThinAir Labs, Inc.
  • 23. Example #2 – Source Code © 2018 ThinAir Labs, Inc.
  • 24. A Different Approach to Security! VISIBILITY SIMPLICITY SPEED Static policies that cover 1% of information 100% of information, all the time Highly specialized and trained sec analysts Proficiency with product in hours Many months, complex deployments 72 hours to value, fully SaaS © 2018 ThinAir Labs, Inc.
  • 25. Regulatory Compliance Examples o Show me all users who are out of compliance with PCI right now o Send me a weekly report with all users who violated HIPAA o Alert me when users download more than 10 files containing SSNs from confidential repository or application in the last day o Find all files that contain a specific patient ID o Alert me when users copy more than 10 files with CCNs to a USB o I found users out of compliance and want to understand how to prevent it in the future => see user investigation use cases © 2018 ThinAir Labs, Inc.
  • 26. Security Investigations Examples o Show me all users who had a leaked document on one of their devices prior to data loss, even if it was deleted afterwards o Show me all sensitive data that was uploaded by a user to a dark or personal web site o Show me what a user did after downloading a file containing information about a new invention o Show me all the company proprietary data a user accessed and exfiltrated last week prior to resigning today o Show me all the files that were on a laptop that was just lost © 2018 ThinAir Labs, Inc.
  • 27. Proprietary Information Protection o Show me all users who downloaded files with secret project names from our highly confidential web app site in the last week o Show me all users who copied files marked confidential to a USB o Show me all users who uploaded files marked confidential to a personal cloud file sharing app o Alert me when users download more than 100 files tagged confidential from multiple repositories in the last day o Show me all IP that was uploaded by a user to a dark web site ▪ I found users leaking IP and want to understand how to prevent it in the future => see user investigation use cases o Show we all the people who had access to a highly secretive project © 2018 ThinAir Labs, Inc.
  • 28. Actionable Data Visibility in 90 Seconds INVESTIGATE INCIDENTS AND BREACHES IDENTIFY RISKY DATA ACTIVITY COMPLY WITH DATA REGULATIONS PROTECT YOUR IP AND PII © 2018 ThinAir Labs, Inc.
  • 29. Thanks!Any questions? Brian Reed VP of Strategy brian@thinair.com Thinair.com @thinairlabs info@thinair.com +1 (877) 269-3090 © 2018 ThinAir Labs, Inc.