Secure Data Workflow

CEO & Founder

Benny Czarny

2014

The Data Security Challenge

Agenda

• The data security challenge

• The data sources configuration challenge

• The user permission challenge

• Secure data workflow

• Q&A

Known threats

Threats that already exist and are known by the security

community

Key loggers

Rootkits

Backdoors

“In the wild”

Unknown threats Zero Day – Spread because they are not detected by any security

system

Targeted attacks - designed to attack a specific organization

The Data Security Challenge Type of threats

Different data types have different risks

Documents - embedded objects and macros

Executables – viruses posing as other applications

Image files - buffer overflows

Archive files - archive bombs

The Data Security Challenge Different data types represent different risks

.mp3 .pdf .txt.mp4.xls.exe

.docx.png.m4a

Email

Web Traffic

Managed File Transfer

File Uploads

Portable Media

USB Drives

CD/DVDs

SD Cards

Mobile Phones

The Data Source Configuration Challenge Threats can come from any source where data enters

The Data Source Configuration Challenge Many different management consoles

Sourcing resources with the expertise to administrate systems

Initial Setup

Maintenance

Adding users

Changing users

Moving users between teams

Changing organization security policies

Auditing

The Data Source Configuration Challenge Many steps required to secure all types of sources

Should the front desk or

accounting have access to

executables ?

Should the whole IT team

have access to executables ?

Should the sales team have

access to presentations and

word documents ?

How can a guest user deposit

data to the organization ?

The User Permission Challenge Different users have different needs and present different

risks

Secure Data Workflow

Known threats

Scan with as many security engines as you can

Secure Data Workflow Protecting against known threats

100%

Anti-malware 2Detection Rate:

Detection Rate:

Secure Data Workflow Protecting Against Unknown Threats

Antimalware heuristics is effective

detecting unknown threats :

This graph shows the time between

malware outbreak and AV detection by six

AV engines for 75 outbreaks.

It emphasize that the heuristics algorithms

at multiple engines is different and together

effective to detect unknown threats

Data sanitization

Convert files from their original to a temporary format and

ack format to sterile the data and prevent unknown threats

Secure Data WorkflowProtecting Against Unknown Threats

Blacklisting/whitelisting

File type filtering

Data sanitization Remove embedded objects and macros from document files

Convert images to another format

Digital signatures Validate all executables are digitally signed by a trusted source

Digitally sign all files after scanning to verify they have not been changed

after scanning

Static analysis Scanning with multiple antivirus engines

Checking PE headers

Periodic re-scanning

Dynamic analysis Sandbox solutions such as FireEye, Bluecoat, ThreatTrack, others

Secure Data Workflow Protecting Against Unknown Threats

Micro Workflow Elements

Secure Data Workflow Addressing the user permission challenge

Create multiple groups and assign different data security policies for

each group

IT

Can receive executable files

Every executable needs to be scanned by 20 anti-malware engines

Accounting

Can’t receive executable files

Every document needs to be sanitized and scanned by 20 anti-malware engines

Secure Data Workflow Addressing the data source configuration challenge

1) Connect every data source to a centralized solution

2) Create security policies from this solution

3) Manage security policies from this solution

Data Security Challenge

Thank you!

Benny Czarny

CEO and Founder

OPSWAT

www.opswat.com

Thank you