Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. Bruce Gabrielson Keynote.  Five years since the release of the first Insider Threat State of the Art Report ◦ In reality, it’s been almost 7 years.

Published bySibyl Paul Modified over 9 years ago

Similar presentations

Presentation on theme: "Dr. Bruce Gabrielson Keynote.  Five years since the release of the first Insider Threat State of the Art Report ◦ In reality, it’s been almost 7 years."— Presentation transcript:

1 Dr. Bruce Gabrielson Keynote

2  Five years since the release of the first Insider Threat State of the Art Report ◦ In reality, it’s been almost 7 years since the data was current.  While many exciting changes and innovations have taken place since that time in a number of detection areas, we’ve still been hit with Manning, Snowden, and others less visible.  Newer tools are now available for general and focused monitoring plus models have been validated for predicting personal behavior.

3  Personal Profiling ◦ The precursors and threat indicators of potential malicious insider activities often associated with unhappiness, ethical or practical lifestyle issues  Activity Profiling ◦ What an individual does in relation to their job function  Behavior Profiling ◦ Specific activities that are suspicious in nature

4  Developed from actual instances and case studies ◦ These are often associated with ethical or practical lifestyle issues or developed by integrating employee data, including psychological or social data with audit data.  Profiling has been a primary focus of several research organizations over the past few years.

5  People tend to perform their work in a particular way on a regular basis.  By segmenting job descriptions into unique areas of activity, graphic models can be developed. NormalAbnormal

6  Primarily IA detectable suspicious activities related to hacking, masquerading, compromised credentials, exfiltration, bad behavior, etc. ◦ Use case examples compiled and published by NSA  Potentially detectable in near real time through audit data sequence analysis or other means ◦ Biometric analysis of keyboard profiling or mouse movements ◦ Multiple trusted remote login detection of compromised credentials

7  Protecting data isn’t always the problem.  Sometimes it’s the software and capabilities that need protecting. ◦ In the tactical data collection world, is the user the same as the remote user who initially logged on? ◦ What happens if a trusted user is logged on and the system is suddenly compromised by an untrusted insider with malicious intent?

8 Questions? Contact information: Dr. Bruce Gabrielson bgabrielson@caci.com

9

10 Known attack use cases were compiled in this document.

11 Continuous Monitoring

Download ppt "Dr. Bruce Gabrielson Keynote.  Five years since the release of the first Insider Threat State of the Art Report ◦ In reality, it’s been almost 7 years."

Similar presentations

John E. BucknerTilman L. Sheets Louisiana Tech University.

John E. BucknerTilman L. Sheets Louisiana Tech University.
SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.

SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,

1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
 What is Software Testing  Terminologies used in Software testing  Types of Testing  What is Manual Testing  Types of Manual Testing  Process that.

 What is Software Testing  Terminologies used in Software testing  Types of Testing  What is Manual Testing  Types of Manual Testing  Process that.
Department Of Computer Engineering

Department Of Computer Engineering
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
What is it, how does it work, and why is it important?

What is it, how does it work, and why is it important?

Similar presentations

Ads by Google