2012 雲端資安報告. 黃建榮資深顧問 - Verizon Taiwan. August 2012

(1)

2012 雲端資安報告

黃建榮

資深顧問 - Verizon Taiwan

(2)

2

It’s All About Security

Protecting assets from threats that could impact

the business

Protecting

Assets . . .

• Stationary data • Data in transit • Software • Hardware

• Physical infrastructure

…

From

Threat Agents . . .

• External - outside the organization • Partner – a business relationship • Internal – employees

…

Taking

Threat Actions

. . .

• Hacking • Malware

• Physical attacks • Misuse

• Social tactics

…

To Prevent Harm to the Business

• Exposure of intellectual property

• Exposure of employees’ and/or customers’ personal/private information

• Exposure of private business transactions

• Business slow-down or interruption from damage to hardware or software

• Fines or other actions by agencies that regulate the business

(3)

Hold on… Wha???

Why is telecom company investigating

breaches?

(4)

4

Enterprise Solutions to Meet

Business Imperatives

IT Services Security Services Communications Services

Networking

Services Mobility

• Cloud-based Services • Data Center Services • Managed Applications • Managed IT

• Equipment and Services

• Professional Services

• Government, Risk and Compliance

• Identity and Access Management • Managed Security • Equipment and

Services • ICSA Labs

• Contact Center Services • Unified

Communications • Video, Web and Audio

Conferencing • Traditional Voice • Emergency

Communications Services

• Equipment and Services

• Internet • Private WAN

• Private Point to Point • Access Services • Managed Networks • Equipment and

Services

• Advanced Communications • Applications and

Content • Global

Communications • Hardware • Mobile Data

• Voice and Messaging • Professional Services

RISK Team

(5)

What is the Data Breach Investigations

Report? (DBIR)

• Verizon’s Data Breach Investigations Report (DBIR) is an ongoing, unbiased study into

the world of cybercrime.

– Analyzes forensic evidence of data breaches

– Uncovers how sensitive data is stolen from organizations, who’s doing it, why they’re

doing it, and, what might be done to prevent it.

(6)

6

Why We Do It

• Studying security breaches helps Verizon and the Customer

understand how they occur.

• Real science – measures what happened across thousands of

instances, and converts that data into better decisions, more

effective security.

• The better we understand them, the better we can prepare for

and prevent them.

(7)

When there’s a Breach call the

Investigative Response (IR) Team!

• The Investigative Response Team:

– Experience & Expertise

– Detect / Prevent / Respond

– 24 x 7 hotline / Onsite support within 24 hours

– Digital forensics / investigation

– Computer incident response

– Fraud analytics

– Electronic data recovery

– Electronic crimes counter-surveillance

– Protocols for containment

– Transition of evidence to law enforcement for prosecution

• The expansive data set generated through these activities

offers an interesting glimpse into the trends surrounding

computer crime and data compromise, which is detailed in

the Data Breach Investigation Reports.

(8)

8

(9)

2012 Data Breach Investigations

Report – Global Study

澳洲聯邦警察 _{荷蘭高科技罪案組} _{愛爾蘭報告與資訊安全服務}

英國警察中央電子犯罪部門

(10)

10

Data Collection and Analysis

Methodology - VERIS

Data Sample

• 855 data breaches

• 174 million stolen records in combined

dataset

Collection and Analysis

• VERIS (Verizon Enterprise Risk and Incident Sharing) framework used to collect data after investigation

• VERIS provides a common language for describing security incidents (or threats) in a structured and repeatable manner

• Case data anonymized and aggregated

• RISK Intelligence team provides analytics

(11)

The Threat Environment

2012 DBIR Key Findings: Threat Agents

Threat Agents

are the source of a breach

98%

of all data breaches stemmed from external

agents (+6%)

4%

implicated internal employees (-13%)

<1%

committed by business partners

(12)

12

(13)

The Threat Environment

2012 DBIR Key Findings: Threat Actions

• 81%

utilized some form of hacking (+31%)

• 69%

incorporated malware (+20%)

• 10%

involved physical attacks (-19%)

• 7%

employed social tactics (-4%)

• 5%

resulted from privilege misuse (-12%)

Threat Actions

are what

Threat Agents

did to

gain access a protected system or device

(14)

14

Top Ten Threat Actions for Larger

Organizations

(15)

(16)

16

(17)

(18)

18

(19)

(20)

20

(21)

The Threat Environment

2012 DBIR Key Findings: Commonalities

• 79%

of victims were targets of opportunity (-4%)

• 96%

of attacks were not highly difficult (+4%)

• 94%

of all data compromised involved servers (+18%)

• 85%

of breaches took weeks or more to discover (+6%)

• 92%

of incidents were discovered by a third party (+6%)

• 97%

of breaches were avoidable through simple or

intermediate controls (+1%)

• 96%

of victims subject to PCI DSS had NOT achieved

(22)

22

(23)

(24)

24

Verizon Enterprise

Security

Solutions

(25)

• Manage millions of identities for governments of 25+ countries

Identity Mgmt

• Delivered 1000+ vulnerability mgmt engagements in 2010 and 2011

Application Security

• Delivered 1000+ GRC engagements in 2010 and 2011

Assurance

• More PCI QSAs than any other firm in the world

Compliance

• 7 SOCs track & manage >5 Billion security events & alarms monthly

Log Mgmt

• Scanned >100 Million files; discovered >1 Billion sensitive data elements

Data Discovery

• Led one of the world’s largest DLP deployments (400,000+ seats )

Data Protection

• Manage security of 250,000+ mobile devices

Mobility Security

• Largest & highest rated MSSP in the world (Gartner, Forrester, etc)

Threat Mgmt (MSS)

• Delivered 1000+ vulnerability mgmt engagements in 2010 and 2011

Vulnerability Mgmt

• Analyzed 2000+ data breaches involving 1 Billion records

Breach Prevention

The Verizon Advantage

(26)

30

2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012