With more than 700 cloud apps being used by a typical enterprise, what is the risk associated with all this cloud usage? There is a catch-22 between using the cloud and being safe. The question is should you block everything to mitigate your risk? That may not be the best solution as many people rely on the cloud for anytime, anywhere, access to data and to help them be more productive. Netskope believes that Allow is the New Block and you should allow cloud applications, but block the risky activities instead.
4. Sources and per record cost of a data breach
Malicious or
criminal
attack
Human
error
System
glitch
Source: 2015 Ponemon cost of a data breach
5. Most Data Breaches Involve Advanced
Persistent Threats (APTs)
• An APT is a set of stealthy and continuous
computer hacking processes, often orchestrated
by human(s) targeting a specific entity.
• Usually targets organizations and/or nations for
business or political motives.
• Processes require a high degree of covertness
over a long period of time.
From Wikipedia APT lifecycle (Gartner)
6. APT lifecycle simplified
• Infiltration – Attempt to gain a
foothold in the environment
• Command and Control – Injects
a payload into the compromised
system to direct malware on
what to do
• Exfiltration of Data -
Unauthorized transfer of
sensitive data
Infiltration
Command
& Control
Exfiltration
of Data
APT
7. INSERT A CLOUD GRAPHIC
What role does
the cloud play in
data breaches?
8. If your organization had 100 cloud apps and added 25 more in
a 12-month period, you would increase your probability (and
expected economic impact) of a data breach by 75%*
Increase use and
increase probability
*source: 2014 Ponemon report cost of a data breach
9. 9
apps
• 700+ cloud apps
per enterprise
• 90% are not
enterprise-ready
users
• Malicious or
non- intentional
• 15% of corporate
users have had their
account credentials
compromised
11. 11
apps
• 700+ cloud apps
per enterprise
• 90% are not
enterprise-ready
users
• Malicious or
non- intentional
• 15% of corporate
users have had their
account credentials
compromised
data
• 18% of files in cloud
apps constitute a
policy violation
• 22% of those files are
shared publicly
activities
• Cloud makes it
easy to share
• When is an activity
an anomaly?
13. Data Breach Study: Phase 1 - Infiltration
CLOUD APP USED FOR MALWARE DELIVERY
Step 1
Upload your
file to
uploading.com
14. Data Breach Study: Phase 1 - Infiltration
CLOUD APP USED FOR MALWARE DELIVERY
Step 2
Download your
file
15. Data Breach Study: Phase 1 - Infiltration
CLOUD APP USED FOR MALWARE DELIVERY
Step 3
Check for
Virus /
Malware
16. Data Breach Study: Phase 2 Command & Control
CLOUD APP USED FOR C&C SERVER
• Initial Infection vector – spear phishing
• Malware component – crafted RTF files
– Exploits vulnerability CVE-2014-1761
(Microsoft Word RTF Object
Confusion)
• Command & Control Server –
CloudMe.com (100 accts)
– Data ex-filtrated to cloud storage app
CloudMe.com
– New payloads & instructions
downloaded
• Data Retrieval – network of compromised
home routers
source: Blue Coat
17. Data Breach Study: Phase 2 Command & Control
CLOUD APP USED FOR C&C SERVER
• Initial Infection vector – spear phishing
• Malware component – crafted RTF files
– Exploits vulnerability CVE-2014-1761
(Microsoft Word RTF Object
Confusion)
• Command & Control Server –
CloudMe.com (100 accts)
– Data ex-filtrated to cloud storage app
CloudMe.com
– New payloads & instructions
downloaded
• Data Retrieval – network of compromised
home routers
source: Blue Coat
18. Data Breach Study: Phase 3 Data Exfiltration
CLOUD USED FOR DATA EXFILTRATION
Exfiltration of
Data via
Personal
Cloud Storage
Employee
Credentials
Compromised
80 million
records
compromised
24. STEP 2:
Understand cloud
usage details
v
v
Bob in
accounting
From his
mobile phone
v
Uploading
customer data
to Dropbox
v
Bob’s
credentials
have been
compromised
34. 5:
Use surgical precision in your
policies, leveraging contextual
data
3:
Monitor activities, detect
anomalies, conduct forensics,
and find sensitive data
2:
Understand cloud usage
details
4:
Find sensitive data part
associated with an activity or
stored in a cloud app
1:
Discover the cloud apps
running in your enterprise and
assess risk
6:
Don’t leave users in the dark.
Coach them on safe usage.