webinar

project cumulus:

how hacks unfold

the experiment

■ complete online identity for a fictitious bank employee

■ created seemingly real files for Google Drive

■ convincing retail bank web portal

■ username + password leaked onto the dark web

hackers move fast

■ 8 attempted logins in 24 hours

■ first file downloaded in 48 hours

■ a third of total views and logins in week one

hacked once, hacked everywhere

■ victim used the same password across the web

■ 94% of hackers uncovered other accounts

■ 36% of Drive hackers successfully accessed the victim’s bank account

tor usage on the rise

■ hackers came from over 30 countries

■ logins recorded from the US, Austria, Netherlands, Philippines, and Turkey

■ 68% of hackers logged into Google Drive via Tor

hacker tactics

■ Tor + VPN + cryptocurrency

■ bank trojans■ card writers■ “disposable” computers

a look back at “where’s your data”

preventing similar breaches with a CASB

identity data-centric securitydiscovery

casb identity:avoid reusing passwords, implement better authentication

■ cloud app identity management should maintain the best practices of on-prem identity

■ SSO enables cross-app visibility into suspicious access activity

■ contextual multi-factor authentication mitigates risk

casb discovery:set up alerts for unusual activity

■ analyze outbound data flows to learn what SaaS apps your organization is using

■ understand risk profiles of different apps

■ essential in process of enabling secure cloud app usage

casb security:granular access control and DLP

the new data reality requires a new security architecture

■ cross-device, cross-platform agentless data protection

■ granular DLP for data at rest and in motion

■ contextual access control

■ detailed logging for compliance and audit

about bitglass

total data

protectionoutside the

firewall est. jan 2013

CA, NY, MA,

IL, NC12

resources:

■ project cumulus report

■ project cumulus video overview

■ definitive guide to CASBs

download the full project cumulus report

the bitglass research team leaked a fictitious bank employee’s credentials onto the dark web and tracked the activity that followed

download the report

bitglass.com@bitglass