Protecting Yourself from Third-Party Risks
|
|
|
- Ashlynn Franklin
- 5 years ago
- Views:
Transcription
![[ Trust but Verify ] Protecting](/docs-images/95/124874370/images/1-0.jpg "Yourself from Third-Party Risks Liam")
1 [ Trust but Verify ] Protecting Yourself from Third-Party Risks Liam Cleary CEO/Owner SharePlicity Jeff Melnick Systems Engineer Netwrix Corporation
2 Agenda What are 3rd Party Risks? 3rd Party Risk Analysis Security Collaboration - Limit, Discuss and Verify 3rd Party Risks Q&A Session Prize Drawing
3 Third-party risks? "Over the past five years, the use of third-party vendors has increased exponentially. And many companies even outsource core functions to derive efficiencies and savings. In doing so, organizations are exposing themselves to high-profile risks like never before. The biggest challenge going forward will be for organizations to provide the appropriate oversight to these third parties before it s too late." --- Deloitte
4 Third-party risks: Trends Increased incidents related to vendors Suppliers are causing more disruption and risks are not being managed. Information security, privacy and antifraud management are some examples. Regulators focusing on supplier risk Regulators are increasing the pressure on organizations to better manage their supply chain risk. Pressures from economic volatility Economic conditions means tighter margins for suppliers and increased risk of supplier disruption.
5 What are 3 rd party risks? Service Providers Outside Organizations Cloud Providers Vendors Partners
6 3 rd party risk analysis Assess and Understand Own Security Limit data exposure Isolate Shared Data Implement Security Practice Verify own Security Controls Test 3 rd Party Controls
7 Security collaboration Limit Discuss Verify
8 Security collaboration: Limit Determine which thirdparty security controls are required Develop a written set of security requirements for vendors Develop a written set of security requirements that cover vendor subcontractor s Understand 3 rd Party ecosystem so you can vet them systematically
9 Security collaboration: Discuss Discuss current implemented Security Controls Discuss cybersecurity requirements and share expected preventions Confirm thirdparty attestation letter or other documented verification of their security practices Allow time to review the needs and respond
10 Security collaboration: Verify Verify current 3 rd party Security Controls Perform regular Security Audits Add evidence requirements into contracts moving forward
11 What Could Happen?
12 Example: Office 365 3rd Party Hacked Credentials Compromised Authenticate to Office 365 Review s Create Phishing s Create Rules to Hide Clone Office 365 Login Steal Further Credentials Repeat Process
13 Protections
14 Protections: Office 365 3rd Party Hacked Credentials Compromised Authenticate to Office 365 Review s Create Phishing s Create Rules to Hide Clone Office 365 Login Steal Further Credentials Repeat Process
15 Protections: Top 3 Implement two-factor authentication Least privilege model for users and privileged users Establish policies, conduct regular risk assessments and user security training
16 Netwrix Auditor Know Your Data. Protect What Matters.
17 About Netwrix Auditor Netwrix Auditor Netwrix Auditor is an agentless data security platform that empowers organizations to accurately identify sensitive, regulated and mission-critical information and apply access controls consistently, regardless of where the information is stored. It enables them to minimize the risk of data breaches and ensure regulatory compliance by proactively reducing the exposure of sensitive data and promptly detecting policy violations and suspicious user behavior.
18 Netwrix Auditor Unified Platform Data Discovery & Classification Infrastructure Unstructured Data Structured Data Cloud Free Add-ons Active Directory Windows File Servers SQL Server Azure AD Add-on for Generic Linux Syslog Network Devices SharePoint Oracle Database Office 365 Add-on for Amazon Web Services Windows Server EMC Add-on for ServiceNow ITSM VMware NetApp Add-on for Splunk Exchange Add-on for IBM QRadar
19 Netwrix Auditor Demonstration
20
21
22
23 Useful Links Free trial: Set up Netwrix Auditor in your own test environment netwrix.com/auditor9.7 Virtual appliance: Get Netwrix Auditor up and running in minutes netwrix.com/go/appliance In-browser demo: Run a demo right in your browser with no need to install anything netwrix.com/go/browser_demo Contact Sales to obtain more information: netwrix.com/contactsales Upcoming and on-demand webinars: netwrix.com/webinars
24 Questions?
25 Thank you! Liam Cleary CEO/Owner SharePlicity Jeff Melnick Systems Engineer Netwrix Corporation