Professional Documents
Culture Documents
● What We do
– Dedicated to innovate and create new solutions or
improve existing solutions in the IT Security domain
Current Status of Credential
Security
● Many large corporations and Governments have
experienced some form of credential breach in
recent years.
● Frequency of credential breaches are escalating.
● Increase in the spread of malware via compromised
credentials.
● Mega-breaches are a stepping stone to more
sophisticated attacks on national infrastructures
and international e-commerce.
Notable Breaches
● Ashley-Madison Database Leak
– 36 million credentials leaked
● Yahoo website hacks
– 1.5 billion credentials leaked
– Biggest leak in history
● US Office of Personnel Management
– 21.5 million US Government employee details leaked
● Instagram API leaks credentials
– Currently still under investigation
– Flaw in API leaks sensitive information of ‘verified accounts’
Notable Breaches
●
Partial graphical visualization of credential breaches in history
●
Yahoo’s database breaches visualized as the breach with the most credential leaks in history
● Full visualization:
– http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Consequences of Credential
Breaches
● Credential Cracking
– Attackers attempts to de-obfuscate hashed
passwords and PINs with bruteforce
– Cloud computing makes work of large scale
bruteforce cracking of obfuscated passwords and
PINs easier and at a very low cost
– Use as a stepping stone to break into associated
accounts to carry out more sophisticated attacks
Consequences of Credential
Breaches
● Credential Stuffing
– Follow-up action after Credential Cracking phase
– Attackers cracked to attack associated online
accounts
– Attacker feeds cracked credentials into automated
program that will be used for identity impersonation
– Using impersonated identity from successful breach
to spread malware, conduct spear-phishing attacks
and other illegal activities
Safeguarding Your Enterprise
Credentials
● Steps to safeguard enterprise credentials
– Detect breaches
● Monitoring software and application
– Prevent breaches
● OS, network and application level hardening
– Deny use of leaked credentials
● Credential obfuscation and encryption
Safeguarding Your Enterprise
Credentials
● Attackers maybe sophisticated enough to slip
pass monitoring tools and find weaknesses in
OS and application level hardening
● Encrypted credentials with hardware protected
keys makes stealing credentials less worthwhile
● Credential encryption is the most effective
measure to deny use of leaked credentials and
a less worthwhile target to attack
SecuriPass
● World’s first out-of-the-box credential encryption
hardware solution
● Utilizes CC EAL 5+ certified secure processor
● Utilizes strong cryptography and network
address white lists to secure access to
hardware
● USB module form factor allows easy scalability
and compatibility with most computer system
Integrating SecuriPass for
Credential Protection
● Easy access by any enterprise applications or portals via
secure Web API
● Web API designed for easy development and with
simplicity in mind to allow easy integration into enterprise
systems by developers
● Simple and clear documentation for developers
● White list prevents unauthorized computers from
accessing the SecuriPass suite
● Curated suite of strong cryptographic algorithms for
secure network connection to SecuriPass suite
Benefits of Choosing SecuriPass
● Lower total cost of ownership and maintenance
when compared to other means of securing
enterprise credentials
– Cheaper than in-house development of software
logic for dedicated purpose of protecting credentials
– Cheaper than using Hardware Security Modules to
protect passwords
● No specialized firmware installation required to
simplify maintenance of hardware modules
Benefits of Choosing SecuriPass
● Fast and easy integration with Enterprise
applications reduces enterprise security
development, deployment and maintenance
time and cost
● Strong credential protection comparable to
those of highly expensive Hardware Security
Modules
Thank You