Presentation is loading. Please wait.

Presentation is loading. Please wait.

Terry Ray VP Global Security Engineering The Insider's View To Insider Threats © 2012 Imperva, Inc. All rights reserved.

Published byHoward Webster Modified over 9 years ago

Similar presentations

Presentation on theme: "Terry Ray VP Global Security Engineering The Insider's View To Insider Threats © 2012 Imperva, Inc. All rights reserved."— Presentation transcript:

1 Terry Ray VP Global Security Engineering The Insider's View To Insider Threats © 2012 Imperva, Inc. All rights reserved.

2 Agenda  Insider Threat Research in the Past  Our Methodology  Common Practices CONFIDENTIAL 2

3 © 2012 Imperva, Inc. All rights reserved. UK: Taking it with them when they go  70% of employees plan to take something with them when they leave the job + Intellectual Property: 27% + Customer data: 17%  Over 50% feel they own it Source: November 2010 London Street Survey of 1026 people, Imperva

4 © 2012 Imperva, Inc. All rights reserved. Human nature at work?  62% took data when they left a job  56% admit internal hacking  70% of Chinese admit to accessing information they shouldn’t  36% feel they own it Source: February 2011 Shanghai and Beijing Street Survey of 1012 people, Imperva

5 © 2012 Imperva, Inc. All rights reserved. Insider Threat Research in the Past  Didn’t provide a holistic approach and often focused on piecemeal activities, such as: + Threat modeling + Technology  Vendor centric: Focus on the latest three-letter acronym (TLA) approach.  Difficult to implement. CONFIDENTIAL 5

6 © 2012 Imperva, Inc. All rights reserved. Our Methodology CONFIDENTIAL 6 Jim’s Approach Start with 1,435 good companies. Examine their performance over 40 years. Find the 11 companies that became great. Our Approach Start with 1,000 good companies. Examine their breach history. Examine the 30 companies that became great.

7 © 2012 Imperva, Inc. All rights reserved. Our Sample Global Audience Enterprises across five continents. 7 Many Shapes and Sizes Multiple verticals across a broad revenue spectrum.

8 © 2012 Imperva, Inc. All rights reserved. Someone who has trust and access and acquires intellectual property and/or data in excess of acceptable business requirements. They do so: + Maliciously + Accidentally + By being compromised 8 Insider Threat Defined

9 © 2012 Imperva, Inc. All rights reserved. The Catalog

10 © 2012 Imperva, Inc. All rights reserved. #1 Information security enables the business to grow, but grow securely

11 © 2012 Imperva, Inc. All rights reserved.  What: Understand appetite for business risk and work with business to put a plan in place.  How + Work with line of business and speak to the right people and understand what they protect and how much would be willing to protect—early in the process. + Make it personal + Explains how to strengthen the business. + Use compliance to differentiate + Create informal teams 11 Practice #1: Building A Business Case

12 © 2012 Imperva, Inc. All rights reserved.  What: Organizational model  Two approaches + Centralized model: one team that oversees all security. + Decentralized model: Embed security with various business units 12 Practice #2: Build the A-Team

13 © 2012 Imperva, Inc. All rights reserved.  What: InfoSec works with HR during on boarding and off boarding process as well as implementing security programs  Checklist: + Training and communications around security. + Onboarding –Background checks –Psych testing + Violations + Terminations 13 Practice #3: Work with HR

14 © 2012 Imperva, Inc. All rights reserved.  What: Creating a legal environment that promotes security.  How + Create scary legal policies, for example, implements compliance and legal policies around on and off boarding. + Contract reviews with partners. + Approve policies (email usage, network usage, social networks usage, care of laptops and other portable devices, monitoring of user behavior). 14 Practice #4: Work with Legal

15 © 2012 Imperva, Inc. All rights reserved.  What: Education programs to raise security awareness and efficacy.  How + Regular security training to cover threats and LOB role. –Ideally would like to be done twice per year. –Training is constant and uses real world episodes: email, newsletters, and is not subject to timing. –Online security awareness training + Educate yourself! 15 Practice #5: Education

16 © 2012 Imperva, Inc. All rights reserved. #2 Prioritizing

17 © 2012 Imperva, Inc. All rights reserved.  What: + Identify what makes your company unique  How (Checklist): + Build a full employee inventory: total, transient, permanent, mobility, access restrictions + Partner profiling + Map threats –Identify malicious scenarios –Identify accidental scenarios + Define audit requirements + Define visibility requirements 17 Practice #1: Size the Challenge

18 © 2012 Imperva, Inc. All rights reserved.  What: Know who and what to secure.  How + Don’t get inundated by data. + Build and parse an inventory of what needs to be secured + Put in the basic controls and then build + Determine what needs to be automated 18 Practice #2: Start small, think BIG

19 © 2012 Imperva, Inc. All rights reserved.  What: Automate certain security processes.  How: Find what systems you can automate, such as: + Online training + System inventory by an automated server discovery process + Fraud prevention + Provisioning and de-provisioning privileges + Employee departure (HR system can notify the IT immediately and remove the permissions) + Clean up of dormant accounts 19 Practice #3: Automation

20 © 2012 Imperva, Inc. All rights reserved. #3 Access Controls

21 © 2012 Imperva, Inc. All rights reserved.  What: Lock down admins and superusers and develop a separate policy.  How + Use business owner to verify. + Privileged user monitoring + Periodic review by business + Eliminate dormant accounts + Separate policies for administrators 21 Practice #1: Quis custodiet ipsos custodes?

22 © 2012 Imperva, Inc. All rights reserved.  What: Comprehensive permissions structure that is comprehensive and flexible.  How + Use business owner to verify. + Start with permissions discovery + Recognizes key events: –Job changes –Terminations –Sensitive transactions should require additional approvals to prevent fraud. –Cloud + Automate 22 Practice #2: Develop a Permissions Strategy

23 © 2012 Imperva, Inc. All rights reserved.  What: Weirdness probably means trouble.  How + Profile normal, acceptable usage and access to sensitive items by –Volume –Access speed –Privilege level + Put in place monitoring or “cameras in the vault.” 23 Practice #3: Look for Aberrant Behavior

24 © 2012 Imperva, Inc. All rights reserved.  What: Dealing with company and personal devices.  How + View data theft as a function of aberrant behavior + Put controls and monitoring on apps and databases. + Remote wipe. 24 Practice #4: Device Management

25 © 2012 Imperva, Inc. All rights reserved. #4 Technology

26 © 2012 Imperva, Inc. All rights reserved.  What: Pick the right technology with constant readjustment.  How + Maps back to threats + KEY: Rebalance your portfolio, periodically assessing what you need and what you don’t. 26 Practice #1: Rebalancing the Portfolio Crap

27 © 2012 Imperva, Inc. All rights reserved. Thanks

Download ppt "Terry Ray VP Global Security Engineering The Insider's View To Insider Threats © 2012 Imperva, Inc. All rights reserved."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Www.cleo.com Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Appendix B: Designing Policies for Managing Networks.

Appendix B: Designing Policies for Managing Networks.
1. Failure is when users do not feel they get what they paid for. 2. Failure is when the overall organization fails to adopt the solution.

1. Failure is when users do not feel they get what they paid for. 2. Failure is when the overall organization fails to adopt the solution.
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.

Shooting The Moving Target…… Internal Controls & Segregation of Duties (SOD) Session Code: 503 Jasvir Gill, Virsa Systems Donnie Looper, Eastman Chemical.
Risk Management Vs Risk avoidance William Gillette.

Risk Management Vs Risk avoidance William Gillette.
Vulnerability Assessments

Vulnerability Assessments
High-Level Assessment Month Year

High-Level Assessment Month Year
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network security policy: best practices

Network security policy: best practices
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.

© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Similar presentations

Ads by Google