Presentation is loading. Please wait.

Presentation is loading. Please wait.

2015 Security Conference Dietrich Benjes VP UK, Ireland & Middle East.

Published byRandolph Morton Modified over 9 years ago

Similar presentations

Presentation on theme: "2015 Security Conference Dietrich Benjes VP UK, Ireland & Middle East."— Presentation transcript:

1 2015 Security Conference Dietrich Benjes VP UK, Ireland & Middle East

2 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL Our mission is to help enterprises realize value from their unstructured data. Insider Threats Malice, Mistakes, and Mountain Lions

3 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL3 About Varonis Started operations in 2005 Over 3000 Customers (as of September, 2014) Software Solutions for Human Generated Data

4 The Varonis Origin Story

5 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL5 Agenda The anatomy of insider breaches Real world breaches: stats and examples Our irrational biases about risk 6 tips for mitigating insider threats

6 The Varonis Origin Story

7 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL7 The Script Get inside (if not there already) Snoop around Exfiltration Get the data out without sounding alarms Enumerate current access; attempt to elevate Visa cards anyone? Usually done by phishing or social engineering PS C:\Users\eddard> findstr /r "^4[0-9]{12}(?:[0-9]{3})?$"

8 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL8 By the Numbers

9 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL9 Privilege Abuse

10 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL10 Our Own Worst Enemy

11 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL11 Snooping Behind the Firewall

12 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL12 Target as a Target $162 million breach Lots of fancy tools watching the perimeter (candy bar syndrome) “[…] spokeswoman, Molly Snyder, says the intruders had gained access to the system by using stolen credentials from a third- party vendor”

13 Risk and Irrational Biases

14 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL14 Fear and Frequency Large university 146,000 student records, including SSNs, exposed Cause? Copy/paste

15 A Story About Trees

16 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL16 Focus on Frequency

17 They’re in—now what?

18 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL18 6 Mitigation Tips 1. Eliminate Global Access 2. Eliminate Excessive Permissions 3. Alert on Privilege Escalations 4. Alert on Behavioral Deviations 5. Setup Honeypots 6. Closely Monitor High-Risk People and Data

19 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL19 Tip #1: Eliminate Global Access Locate groups like “Everyone” and “Authenticated Users” and replace them with tighter security groups How do I avoid cutting off legitimate access?

20 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL20 Tip #2: Eliminate Excessive Permissions People and software! Figure out what people have access to but shouldn’t Amazon-like recommendations Auto-expire temporary access Periodically review entitlements

21 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL21 Tip #3: Alert on Privilege Escalations Do you know when someone gets root access?

22 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL22 Tip #4: Alert on Behavioral Deviations Behavioral activity spikes (email, files, access denied) Monitor activity outside of normal business hours

23 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL23 Detecting CryptoLocker Alert on more than 100 file modify events from a single user in under a minute Alert triggers an action to: Notify IT admins Grab the username and machine Check the machine’s registry for key/value that CryptoLocker creates Get-Item HKCU:\Software\CryptoLocker\Files).GetValueNames() If value exists, disable user automatically: Disable-ADAccount -Identity $actingObject

24 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL24 Tip #5: Setup Honeypots Setup a shared folder that is open to everyone X:\Share\Payroll X:\Share\Confidential X:\Share\CEO See who abuses it

25 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL25 Tip #6: Monitor High Risk People and Data Alert or auto-quarantine sensitive data when it shows up in a public place Watch what root/domain admins are doing Watch what contractors are doing

26 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL26 Where to get the slides http://bit.ly/insiderTHREATS

27 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL27 Free Threat Assessment http://bit.ly/threatcheck

28 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL Thank you!

Download ppt "2015 Security Conference Dietrich Benjes VP UK, Ireland & Middle East."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.

© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Cyber Attack Scenario Overview Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.

Cyber Attack Scenario Overview Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.
By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Wardriving 7/29/2004 The “Bad Karma Gang”. Agenda Introduction to Wardriving The Tools of Wardriving Wardriving Green Lake.

Wardriving 7/29/2004 The “Bad Karma Gang”. Agenda Introduction to Wardriving The Tools of Wardriving Wardriving Green Lake.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Ken Paiboon 214.274.3436 ken@exabeam.com User Behavior Intelligence Fundamentals: Behaviors, Characteristics, and Facts Ken Paiboon 214.274.3436 ken@exabeam.com.

Ken Paiboon User Behavior Intelligence Fundamentals: Behaviors, Characteristics, and Facts Ken Paiboon
Network security policy: best practices

Network security policy: best practices
ELIMINATING DATA SECURITY THREATS Presented by: Michael Hartman Varonis Systems. Proprietary and confidential.

ELIMINATING DATA SECURITY THREATS Presented by: Michael Hartman Varonis Systems. Proprietary and confidential.
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

Similar presentations

Ads by Google