Presentation is loading. Please wait.

Presentation is loading. Please wait.

Insider Threat and Data Leakege Considerations and Solutions

Published bySimon Maxwell Modified over 6 years ago

Similar presentations

Presentation on theme: "Insider Threat and Data Leakege Considerations and Solutions"— Presentation transcript:

1 Insider Threat and Data Leakege Considerations and Solutions
OZGUR DANISMAN, MBA, CISSP, CISM Sales Engineering Manager, MENA

2 New Company, Uniquely Formed to Offer a New Approach to Security
Commercial Leader with Content Security & DLP Cloud / On-Premise / Hybrid Pioneer on Cyber Frontlines with Financial Resources Deep Understanding of Threat Detection Networking Innovator with Advanced Evasion Prevention Security at Scale

3 Core Products Core Business Data & Insider Threat Protection
Content Security Data & Insider Threat Protection AP-WEB SureView Insider Threat Core Business AP- AP-DATA Threat Protection Cloud / Appliance Security for Cloud Network Security Threat Protection for Linux AP-DATA DISCOVER Stonesoft & Sidewinder RiskVision

4 Challenges and Pressures to Protecting Users & Data
BUSINESS TRANSFORMATION BUSINESS TRANSFORMATION Increasingly Mobile Workforce Adoption of Cloud Infrastructure & expansion of supply chain Rapid IT delivery INDUSTRIALIZATION OF CYBERCRIME INDUSTRIALIZATION OF CYBERCRIME Compromises Users & Their Data Increasingly Sophisticated Campaigns DATA NETWORKS USERS WORKFORCE SKILLS & RESOURCING Shadow IT Security Awareness Lack of IT staff Static Budgets WORKFORCE SKILLS & RESOURCING INCREASING REGULTAOTRY SCOPE Breach Notification Consumer Rights Over Their Data Higher Penalties Infrastructure Scope INCREASING REGULTAOTRY SCOPE Enable Business Innovation and Agility Protect the Brand

5 How Industrial Hackers Monetize the Opportunity
Exploits $1000-$300K Mobile Malware $150 Social Security $1 Credit Card Data $0.25-$60 Spam $50/500K s Medical Record >$50 Global Cybercrime Market: $450B-$1T $ DDoS Facebook Account $1 for an account with 15 friends Malware Development $2500 (commercial malware) Bank Account Info >$1000 depending on account type and balance DDOS as a Service ~$7/hour WELCOME TO THE HACKERS’ ECONOMY Source: RSA/CNBC The question I’ve always had….and I get asked all the time is…..How do the Industrialized Hackers make money? There have been a number of articles published with the prices that the hackers are demanding for their stolen goods. Social Security & Pension data - $1 Go thru each ….emphasize exploit….up to $300,000. The overall market for CyberCriminals is estimated at anywhere from $450Billion to a Trillion, according to Congressional Testimony given by Ed Amoroso, Chief Security Officer from AT&T, and General Alexander, the former Director of the NSA. The bottom line is that Hacker Economy is Huge….and Growing. High School Group/mobile operator. Exploit kit 1k-300k, bank account 1000 USD-like drug dealing example/levels-country secure but it is international 5

6 Why to focus on Insider Threats? Source Verison DBIR 2016
Majority of breaches fall in 9 categories Insider threats has increased rapidly Crimeware is a big concern Source: Verison DBIR 2015

7 USER BEHAVIOR PERSONAS THAT POSE RISK TO AN ORGANIZATION
COMPROMISED USER Victims of: cyber attacks social engineering bribery or blackmail INTENTIONAL INSIDER Ethical rationalization Abuses privileges & access Knowingly transfers protected data externally ACCIDENTAL INSIDER Works around broken business processes Mistakes made during data transfer Misinterpreted training

8 Cost of an Insider Breach
COMPROMISED USER Victims of: cyber attacks social engineering bribery or blackmail INTENTIONAL INSIDER Ethical rationalization Abuses privileges & access Knowingly transfers protected data externally ACCIDENTAL INSIDER Works around broken business processes Mistakes made during data transfer Misinterpreted training Source Ponemon 2016

9 USER BEHAVIOR PERSONAS THAT POSE RISK TO AN ORGANIZATION
COMPROMISED USER Victims of: cyber attacks social engineering bribery or blackmail INTENTIONAL INSIDER Ethical rationalization Abuses privileges & access Knowingly transfers protected data externally ACCIDENTAL INSIDER Works around broken business processes Mistakes made during data transfer Misinterpreted training

10 INTRODUCING ‘Dwell-Time’
OUTSIDE ATTACKS STOLEN STOLEN Get Back To Normal Protect as much as possible Average time to identify UNINTENTIONAL insider breaches 158 BREACH DETECT DEFEND DECIDE INITIAL COMPROMISE LATERAL MOVEMENT DEFEAT INSIDER THREATS Reduce “Dwell Time” (when threats are in your network) to minimize theft and damage BREACH FIXED TIMELINE The insider threat problem requires a new approach, focused on decreasing this dwell time rather than trying to craft a policy to match every possible scenario. [CLICK] An insider is someone who is already “in” the system and already has level of access and associated privileges. The same is true for an outside attacker who has stolen credentials and is acting like an insider. [CLICK] This approach requires a deep understanding of what behavior is normal for the organization and what sequences of activity are abnormal. As technology is able to help humans quickly find and verify these malicious events, the dwell time between the inception and defeat of a threat is minimized. INCIDENT

11 MODERN BUSINESS IS ALL ABOUT SAFELY CONNECTING USERS TO DATA
Cloud Apps Mobile Corp Servers DATA USER BEHAVIOUR ANALYTICS (UBA) USERS Office DATA LOSS PREVENTION (DLP) NETWORKS + Websites Other Locations Partners & Supply Chain Endpoint Media Customers IN THE CLOUD, ON THE ROAD, IN THE OFFICE

12 Data LEAKAGE Prevention – architecture
IM Active Sync IM Cloud Active Sync FTP FTP Printer Storage Database Web Web Media Network Storage Network Printer Laptop Drives ENDPOINT Data in Use NETWORK Data in Motion DISCOVER Data at Rest

13 Data LEAKAGE Prevention is a Tool for Risk Reduction
1000 800 600 400 200 Visibility Remediation Incidents Per Week Notification Prevention

14 DLP secures sensitive data In Use & In Motion
Who What Where How Action Human Resources Source Code Evernote File Transfer Confirm Customer Service Credit Card Data Dropbox Web Block Marketing Personal Data Business Partner Instant Messaging Notify Finance M&A Plans Facebook Peer-to-Peer Remove Accounting Employee Salary OneDrive Encrypt Sales / Marketing Financial Report Malicious Server Print Quarantine Legal Patient Records Removable Media File Copy Confirm Technical Support Manufacturing Docs Competitor Print Screen Audit Engineering Research Customer Copy/Paste Notify

15 Insider Threat Mitigation
Presentation Title February 11, 2018 DLP Evolution Compliance Insider Threat Mitigation IP Protection Data Theft Prevention 2003 2010 2017 Pre-defined Compliance Policies Data Fingerprints Endpoint fingerprints OCR and Cumulative (DRIP) DLP Cloud & Mobile DLP Data Theft Risk Indicators Incident Risk Ranking Behavioral Analytics Speaker Name

16 User Behaviour Analytics
MACHINE LEARNING Policy Violations ORGANISATION Volume Anomaly INDIVIDUAL Volume Anomaly Policies 3rd Party Policies Scoring Engines

17 DLP Data Monitoring and Protection
Insider threat + DLP DLP Data Monitoring and Protection Monitor and protect IP and PII everywhere Insider Threat Behavioural Audit Establish a baseline of typical user behavior Identify potentially anomalous behaviors Insider Threat Focused Investigation Comprehensive, chronicled data collection Learn from incidents However, it is important to keep in mind that UBA tools are just part of the actual ‘solution’. A full DLP program, including endpoint based DLP, should be an integral part of a complete “Insider Threat Data Protection” program. Here you can see how they compliment each other. TRITON AP-DATA (DLP) Protect “sensitive data” in external communications Identify and describe sensitive data Provide visibility into the movement of sensitive data Educate users to communicate data safely Protect the data everywhere SureView Insider Threat Correlate “user” behavior to identify “risky users” Correlate security events and other user contextual data Data models identify and score risky users and score Administrator validates the behavior with on-demand forensics DLP Data Monitoring and Protection Data classification Data exfiltration controls across IT infrastructure Incident-based behavioral model Monitor and protect IP and PII everywhere Insider Threat Behavioral Audit Establish a baseline of typical user behavior Identify potentially anomalous behaviors User-based behavioral models Insider Threat Focused Investigation Comprehensive, chronicled collection from multiple data sources including AP-DATA All the details, insight and complete context of user actions Video replay of user activity Detect and deter insider threats

18 THANK YOU! Ozgur Danisman

Download ppt "Insider Threat and Data Leakege Considerations and Solutions"

Similar presentations

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Www.tectia.com COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.

IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Perimeters and Unicorns: Two Things That Only Exist in IT Fairyland Gary Paluch, CISSP, Sr. Sales Engineer.

Perimeters and Unicorns: Two Things That Only Exist in IT Fairyland Gary Paluch, CISSP, Sr. Sales Engineer.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection
Copyright 2009 Trend Micro Inc. Beyond AV security, now with DLP and web protection. Trend Micro PortalProtect SharePoint Security.

Copyright 2009 Trend Micro Inc. Beyond AV security, now with DLP and web protection. Trend Micro PortalProtect SharePoint Security.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
BEN ROBINSON, ACCOUNT EXECUTIVE, PALO ALTO NETWORKS SAFELY ENABLE YOUR SAAS APPLICATIONS.

BEN ROBINSON, ACCOUNT EXECUTIVE, PALO ALTO NETWORKS SAFELY ENABLE YOUR SAAS APPLICATIONS.
© 2009 WatchGuard Technologies WatchGuard XCS Data Loss Prevention Ensuring Privacy & Security of Outbound Content.

© 2009 WatchGuard Technologies WatchGuard XCS Data Loss Prevention Ensuring Privacy & Security of Outbound Content.
Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.

Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.
MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.

MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.
Reducing data loss by threats detection. InfoWatch Traffic Monitor & Workplace Security. Andrey Sokurenko Business Development Director.

Reducing data loss by threats detection. InfoWatch Traffic Monitor & Workplace Security. Andrey Sokurenko Business Development Director.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

Similar presentations

Ads by Google