Presentation is loading. Please wait.

Presentation is loading. Please wait.

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL Our mission is to help enterprises realize value from their unstructured data. Insider Threats Malice, Mistakes,

Published byVerity Gordon Modified over 8 years ago

Similar presentations

Presentation on theme: "VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL Our mission is to help enterprises realize value from their unstructured data. Insider Threats Malice, Mistakes,"— Presentation transcript:

1 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL Our mission is to help enterprises realize value from their unstructured data. Insider Threats Malice, Mistakes, and Mountain Lions

2 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL2 Where to get the slides http://bit.ly/insiderTHREATS

3 The Varonis Origin Story

4 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL4 Agenda What is an insider breach? Real world breaches: stats and examples Everyday vs headline risks 6 tips for mitigating insider threats

5 The Varonis Origin Story

6 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL6 The Script Get inside (if not there already) Snoop around Exfiltration Get the data out without sounding alarms Enumerate current access; attempt to elevate Visa cards anyone? Usually done by phishing or social engineering PS C:\Users\eddard> findstr /r "^4[0-9]{12}(?:[0-9]{3})?$"

7 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL7 By the Numbers

8 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL8 Privilege Abuse

9 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL9 Our Own Worst Enemy

10 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL10 Snooping Behind the Firewall

11 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL11 Target as a Target $162 million breach Lots of fancy tools watching the perimeter (candy bar syndrome) “[…] spokeswoman, Molly Snyder, says the intruders had gained access to the system by using stolen credentials from a third- party vendor”

12 Risk and Irrational Biases

13 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL13 Fear and Frequency Large university 146,000 student records, including SSNs, exposed Cause? Copy/paste

14 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL14 Focus on Frequency

15 They got in - so now what?

16 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL16 6 Mitigation Tips 1. Eliminate Global Access 2. Eliminate Excessive Permissions 3. Alert on Privilege Escalations 4. Alert on Behavioral Deviations 5. Closely Monitor High-Risk People and Data 6. Setup Honeypots

17 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL17 Tip #1: Eliminate Global Access Locate groups like “Everyone” and “Authenticated Users” and replace them with tighter security groups How do I avoid cutting off legitimate access?

18 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL18 Tip #2: Eliminate Excessive Permissions People and software! Figure out what people have access to but shouldn’t Amazon-like recommendations Auto-expire temporary access Periodically review entitlements

19 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL19 Tip #3: Alert on Privilege Escalations Do you know when someone gets root access?

20 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL20 Tip #4: Alert on Behavioral Deviations Behavioral activity spikes (email, files, access denied) Monitor activity outside of normal business hours

21 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL21 Detecting Ransomware Alert on more than 100 file modify events from a single user in under a minute Alert triggers an action to: Notify IT admins Grab the username and machine Check the machine’s registry for key/value that CryptoLocker creates Get-Item HKCU:\Software\CryptoLocker\Files).GetValueNames() If value exists, disable user automatically: Disable-ADAccount -Identity $actingObject

22 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL22 Tip #5: Setup Honeypots Setup a shared folder that is open to everyone X:\Share\Payroll X:\Share\Confidential X:\Share\CEO See who abuses it

23 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL23 Tip #6: Monitor High Risk People and Data Alert or auto-quarantine sensitive data when it shows up in a public place Watch what root/domain admins are doing

24 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL24 Are you exposed? Free Threat Assessment

25 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL25 Key Findings from Express Assessment Data Risk Assessment Folders with Global Group Access 62% 672 users have non-expiring passwords Stale Data 15,132 Files containing US SSN Data KEY FINDINGS 12,000+ sensitive files with Global Group Access About 79% of all sensitive files 3.51% Folders with inconsistent permissions That is over 14,000 folders in your environment 14% of enabled user accounts are stale 652 Security groups with no users 37,825 Folders that have unresolved SIDs 3.74TB Amount of Stale Data 51,044 Folders contain Stale Data

26 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL Thank you! Jeff Vogt - Systems Engineer jvogt@varonis.com Kris Krustchinsky – Sales Representative, Corporate kriskr@varonis.com Jae Shin – Sales Representative, State/Local/Edu jshin@varonis.com jvogt@varonis.com kriskr@varonis.com jshin@varonis.com

Download ppt "VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL Our mission is to help enterprises realize value from their unstructured data. Insider Threats Malice, Mistakes,"

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Cyber Attack Scenario Overview Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.

Cyber Attack Scenario Overview Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.
By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Wardriving 7/29/2004 The “Bad Karma Gang”. Agenda Introduction to Wardriving The Tools of Wardriving Wardriving Green Lake.

Wardriving 7/29/2004 The “Bad Karma Gang”. Agenda Introduction to Wardriving The Tools of Wardriving Wardriving Green Lake.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Ken Paiboon 214.274.3436 ken@exabeam.com User Behavior Intelligence Fundamentals: Behaviors, Characteristics, and Facts Ken Paiboon 214.274.3436 ken@exabeam.com.

Ken Paiboon User Behavior Intelligence Fundamentals: Behaviors, Characteristics, and Facts Ken Paiboon
Network security policy: best practices

Network security policy: best practices
ELIMINATING DATA SECURITY THREATS Presented by: Michael Hartman Varonis Systems. Proprietary and confidential.

ELIMINATING DATA SECURITY THREATS Presented by: Michael Hartman Varonis Systems. Proprietary and confidential.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Opening SharePoint to External Users.  Centralize all files  Eliminate the need for Matching Subs RFI’s to our RFI’s (Dan Campbell, ETC)  Create a.

Opening SharePoint to External Users.  Centralize all files  Eliminate the need for Matching Subs RFI’s to our RFI’s (Dan Campbell, ETC)  Create a.

Similar presentations

Ads by Google