lecciones aprendidas de wikileaks
DESCRIPTION
La fuga de más de un cuarto millón de documentos clasificados y secretos por los "hacktivistas" en 2010 es un ejemplo perfecto de lo que podría suceder en el mundo corporativo. En este video se discutirá la necesidad de una política global de protección de datos corporativos, así como la necesidad de una infraestructura de seguridad que puede promover la política a través de sensibilización de los usuarios y la educación. Además, se tratará como la infraestructura de seguridad debe proporcionar los medios para controlar el movimiento de datos y ejecutar la política a través de su red.TRANSCRIPT
©2011 Check Point Software Technologies Ltd. | [PROTECTE] – All rights reserved.
Lessons Learned from WikiLeaks
John Vecchi Head of Product Marketing
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 2
WikiLeaks: Lessons Learned
Changing Threat
Landscape
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 3
Today’s Threat Landscape
Crime and Profit-driven
Increased Sophistication
Financial theft
Intellectual property
Criminal networks
Cyber-warfare and Hactivists
Cyber-warfare
Iran and Stuxnet
Cyber Hacktivists
WikiLeaks
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 4
On Top 2010/2011 Threats…
“…widely considered the most sophisticated computer threat
created to date…Stuxnet exploited four unknown vulnerabilities, at
a time when exploiting a single one is a big deal.” SOFTPEDIA.com 2011
Stuxnet
“Hackers seeking source code from Google, Adobe and others
used nearly 12 pieces of malware and levels of encryption to
burrow deeply into company networks…” WIRED 2010
Operation
Aurora
“Zeus…detected only 23 percent of the time…is the No. 1 financial
Trojan—representing 44 percent of all financial malware infections
today.” Darkreading.com 2010
Zeus
Zbot * Monthly Malware Statistics Report—www.securelist.com
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 5
Spear phishing, whaling, USBs/media
and „friendly fire‟—are one of the most
prominent methods for achieving a
successful attack.
Social
Engineering
With Hacktivism on the rise—and many
who feel WikiLeaks serves the public's
interest—insiders leaking sensitive data are
a growing method for breaches.
Inside
Threats
* Monthly Malware Statistics Report—www.securelist.com
Top Methods Used…
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 6
Number of attack attempts
occurring per second by the
end of 2010.* 80
* Monthly Malware Statistics Report—www.securelist.com
On Attacks…
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 7
WikiLeaks: Lessons Learned
The Rise of WikiLeaks
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 8
http://www.guardian.co.uk/world/iraq-war-logs?INTCMP=SRCH
http://www.huffingtonpost.com/2010/07/25/afghanistan-war-logs-
wikileaks_n_658660.html
http://en.wikipedia.org/wiki/WikiLeaks
http://en.wikipedia.org/wiki/SIPRNet
The WikiLeaks Mission
…Wikileaks is a not-for-profit media
organisation… and an intelligence service
of the people…
…our mission is to be an uncensorable
Wikipedia for untraceable mass
document leaking and analysis…
— Julian Assange
“ ”
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 9
http://www.guardian.co.uk/world/iraq-war-logs?INTCMP=SRCH
http://www.huffingtonpost.com/2010/07/25/afghanistan-war-logs-
wikileaks_n_658660.html
http://en.wikipedia.org/wiki/WikiLeaks
http://en.wikipedia.org/wiki/SIPRNet
What They’ve Leaked…
Released over 1 Million confidential
documents since 2007
Affecting more than 13 different nations
Covering governments, banks, churches,
trade organizations, etc..
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 10
WikiLeaks Around The World
2008: Details of illegal operations
by the Swiss bank Julius Bär in
the Cayman Islands released
2009: Internal Kaupthing Bank documents
leaked, showing bank activities that led to
2008-2010 financial crisis in Iceland
2009: 86 telephone recordings
of Peruvian politicians and
businessmen involved in Peru
oil scandal.
2010: Over
250K classified
US diplomatic
and government
documents
released April 2011: Over 500K sensitive files
related to Guantanamo Bay released
2011: Assange
threatens release of
damaging B of A docs
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 11
On Bradley Manning—How Files Leaked
http://www.guardian.co.uk/world/iraq-war-logs?INTCMP=SRCH
http://www.huffingtonpost.com/2010/07/25/afghanistan-war-logs-
wikileaks_n_658660.html
http://en.wikipedia.org/wiki/WikiLeaks
http://en.wikipedia.org/wiki/SIPRNet
A low-level employee has access to
classified data at a level way above
his pay grade
Has access to a CD/RW drive on
a system that can access that data
Has permissions for unrestricted copying
from the network to the CD/RW drive
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 12
WikiLeaks: Lessons Learned
‘Hactivism’ Emerges
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 13
A Re-emerging Attack Vector
Hacktivism Motivated by politics and
idealism. Not motivated
by Money.
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 14
A Re-emerging Attack Vector
Hacktivism Are not necessarily criminally
minded, but people claiming
to be independent of any
government / organization.
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 15
A Re-emerging Attack Vector
Hacktivism Focus includes information
theft — disclosed to
discredit and embarrass
political opponents.
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 16
A Re-emerging Attack Vector
Hacktivism Primary activities include
DDoS attacks,
website defacement and
information theft.
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 17
T h e P o w e r o f H a c k t i v i s m :
Anonymous
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 18
— Chris Landers, Baltimore City Paper
Anonymous is the first Internet-based
superconsciousness. A group — in the sense
that a flock of birds is a group. At any given
moment, more birds could join, leave
or peel off in another direction entirely.
“ ”
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 19
Anonymous’ Global Hacktivism
2008:
Church of Scientology
2009 & 2010: Australian
government sites
2010: Zimbabwe
government sites
2010: Amazon, PayPal,
Visa and MasterCard
2010: Dutch
government sites
2010: PostFinance
bank site 2010: Tunisian
government sites
2010: Egyptian
government sites
2011: Sony
PlayStation & BMI
networks
2011: HBGary attack
and defacement
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 20
WikiLeaks: Lessons Learned
Lessons to Learn
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 21
It Will Happen Again…
R e c e n t 2 0 1 1 D a t a L o s s E v e n t s
March March April April
RSA Security
40,000
SecurID
authentication
accounts
stolen
NOTE: Match look of slide 3
British Petro
unencrypted
laptop with
personal data
of 13,000
claimants
Epsilon
Exposed
names/email of
millions of
customers from
50 companies
Sony
Exposed
personal data
of over 77M
PlayStation
users
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 22
What Can We Learn?
LESSONS LEARNED
Lack of Data Copying
Policy
Lack of policy to
control or restrict
copying sensitive
data based on
classification level
increase risk of loss
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 23
What Can We Learn?
LESSONS LEARNED
Lack of Data Copying
Policy
Classified data access
above employee grade Low-level employees
had classified data
access at a level
above their position
responsibility or grade
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 24
What Can We Learn?
LESSONS LEARNED
Lack of data copying
policy
Classified data access
above employee grade
New, hacktivist threats
within exist and are real
Hacktivism creates
new threats within—
one of the most
difficult things to
protect against.
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 25
What Can We Learn?
LESSONS LEARNED
Lack of data copying
policy
Classified data access
above employee grade
New, hacktivist threats
within exist and are real
Hactivist data breaches will
go global in seconds
Sensitive data leaked
on the internet goes
global in seconds,
with no option to
delete it. Hactivist
sources can be
obfuscated easily.
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 26
What Can We Learn?
LESSONS LEARNED
Lack of data copying
policy
Classified data access
above employee grade
New, hacktivist threats
within exist and are real
Hactivist data breaches will
go global in seconds
DDoS/defacement attacks
motivated by politics
WikiLeaks and
Anonymous are
motivated by
politics, not money.
DDoS and/or
defacement attacks
are objectives.
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 27
WikiLeaks: Lessons Learned
How to Avoid a
WikiLeaks Incident
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 28
What Can We Learn?
WHAT YOU CAN DO
Identify & close network vulnerabilities with proactive security technologies: Next-Gen FW
DDoS protection
Web security/&
control
Proactive IPS
Deploy preventative
network protection
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 29
What Can We Learn?
Deploy preventative
network protection
Enforce encryption and
data copying policy
WHAT YOU CAN DO
Deploy encryption technology and
enforce granular data copying policies on
ALL workstations and laptops.
Combine with strong endpoint protection.
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 30
What Can We Learn?
Deploy preventative
network protection
Enforce encryption and
data copying policy
Deploy proactive DLP
technology
WHAT YOU CAN DO
Reduce the opportunity for data
leakage and breaches by leveraging and
deploying proactive DLP technology to protect data in-use
and in-motion.
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 31
What Can We Learn?
Deploy preventative
network protection
Enforce encryption and
data copying policy
Deploy proactive DLP
technology
Best practices for ‘impact
scenarios’ & event analysis
WHAT YOU CAN DO
Extend Risk Management
strategies to include ‘impact scenarios’ and effective threat
analysis and response.
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 32
What Can We Learn?
Deploy preventative
network protection
Enforce encryption and
data copying policy
Deploy proactive DLP
technology
Focus on best practices
and ‘impact scenarios’
Train users on sensitive
information handling
WHAT YOU CAN DO
Train users on sensitive information handling policies, and on the presence of sensitive data in
emails, documents and applications.
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 33
WikiLeaks: Lessons Learned
How 3D Security Can
Help
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 34
Check Point 3D Security Can Help
Proven, Proactive Next-
Generation Firewall
Comprehensive, Market-
Leading Data Security
Engage and Train Users
with UserCheck
Increase Visibility & Best
Practices with SmartEvent
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 35
Proactive 3D Next-Gen Firewall
Check Point Unified Security Management
Smart-1
SmartWorkflow Software Blade
Policy Change Management
SmartEvent Software Blade
Unified Event Analysis
DLP Software Blade
Application Control
Software Blade IPS
Software Blade FW & VPN
Software Blades URL Filtering
Software Blade
Antivirus & Anti-Malware
Software Blade
Identity Awareness
Software Blade
Power-1
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 36
Unified Control of All Security Layers
Gra
nu
lar V
isib
ility
Identity
Awareness
Application
Control
DLP
Mobile
Access
SmartEvent
IPS
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 37
Check Point Data Security
Media Encryption
Full Disk Encryption
Data Loss Prevention
Document Security
VPN and Access Control
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 38
Today’s Typical User ‘Involvement’
NO EXPLANATION
NO TRAINING
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 39
People Taking Part in Security
RESOLUTION &
TRAINING
EXPLANATION
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 40
Check Point UserCheck Technology
Data Loss Prevention Alert
An email that you have just sent has
been identified as containing sensitive
information.
An email that you have just sent has
been allowed based on DLP policy
exception.
For additional details, please refer to the
Corporate Data Security Policy
Application Usage Alert
You are trying to use Skype.
Corporate application use policy does
not allow the use of Skype.
If you require Skype access for business,
please click Explain below.
Corporate Proper Use Policy
TRAIN & ENGAGE USERS IN REAL-TIME!
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 41
360º Visibility and Threat Analysis
View unified events for firewall, IPS, DLP, Application Control and more in a single console
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 42
360º Visibility and Threat Analysis
View unified events for firewall, IPS, DLP, Application Control and more in a single console
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 43
360º Visibility and Threat Analysis
View unified events for firewall, IPS, DLP, Application Control and more in a single console
©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 44
BECAUSE TODAY’S THREAT
LANDSCAPE REQUIRES A
PROACTIVE, UNIFIED APPROACH
Summary