The Insider's Guide to the Insider Threat
 

The Insider's Guide to the Insider Threat

on

  • 2,922 views

Pinpointing the source and scope of data theft is often hard to quantify, especially since your largest internal threat may actually be one of your most loyal employees. This presentation presents the ...

Pinpointing the source and scope of data theft is often hard to quantify, especially since your largest internal threat may actually be one of your most loyal employees. This presentation presents the findings of the first-ever global insider threat study that catalogs common practices used by leading organizations across numerous verticals. This presentation will define the insider threat, quantify the prevalence of the problem, and uncover controls that have proven most effective at minimizing the risk of insider threats.

Statistics

Views

Total Views
2,922
Views on SlideShare
1,718
Embed Views
1,204

Actions

Likes
1
Downloads
27
Comments
0

7 Embeds 1,204

http://blog.imperva.com 1165
http://www.linkedin.com 22
http://www.scoop.it 12
http://www.typepad.com 2
http://webcache.googleusercontent.com 1
http://imperva.typepad.com 1
http://translate.googleusercontent.com 1
More...

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

The Insider's Guide to the Insider Threat The Insider's Guide to the Insider Threat Presentation Transcript

  • The Insiders Guide To Insider ThreatsRob RachwaldDirector of Security Strategy © 2012 Imperva, Inc. All rights reserved.
  • Agenda  Past Insider Threat Research  Our Methodology  Common Practices © 2012 Imperva, Inc. All rights reserved.
  • Today’s PresenterRob Rachwald, Dir. of Security Strategy, Imperva Research + Directs security strategy + Works with the Imperva Application Defense Center Security experience + Fortify Software and Coverity + Helped secure Intel’s supply chain software + Extensive international experience in Japan, China, France, and Australia Thought leadership + Presented at RSA, InfoSec, OWASP, ISACA + Appearances on CNN, SkyNews, BBC, NY Times, and USA Today Graduated from University of California, Berkeley © 2012 Imperva, Inc. All rights reserved.
  • United Kingdom: Taking it with them when they go  70% of employees plan to take something with them when they leave the job + Intellectual property: 27% + Customer data: 17%  Over 50% feel they own the dataSource: November 2010 London Street Survey of 1026 people, Imperva © 2012 Imperva, Inc. All rights reserved.
  • Shanghai and Beijing: Human nature at work?  62% took data when they left a job  56% admit to internal hacking  70% of Chinese admit to accessing information they shouldn’t have  36% feel they own the dataSource: February 2011 Shanghai and Beijing Street Survey of 1012 people, Imperva © 2012 Imperva, Inc. All rights reserved.
  • Insider Threat Research in the Past  Did not provide a holistic approach and often focused on piecemeal activities, such as: + Threat modeling + Technology  Vendor centric: Focused on the latest three-letter acronym (TLA) approach  Difficult to implement 6 © 2012 Imperva, Inc. All rights reserved.
  • Our Methodology Jim’s Approach Start with 1,435 good companies. Examine their performance over 40 years. Find the 11 companies that became great. Our Variation Start with 1,000 good companies. + Collect good practices. + But harder to qualify statistically. 7 © 2012 Imperva, Inc. All rights reserved.
  • Our Sample Global Audience Many Shapes and Sizes Enterprises across five Multiple verticals across a continents. broad revenue spectrum. 8 © 2012 Imperva, Inc. All rights reserved.
  • Insider Threat Defined  Someone who has trust and access, and acquires intellectual property and/or data in excess of acceptable business requirements.  They do so: + Maliciously + Accidentally + By being compromised 9 © 2012 Imperva, Inc. All rights reserved.
  • The Catalog © 2012 Imperva, Inc. All rights reserved.
  • #1 Information security enables the business to grow, but grow securely11 © 2012 Imperva, Inc. All rights reserved.
  • Practice #1: Building a Business Case  What: + Understand appetite for business risk and work with business to put a plan in place  How: + Work with line of business and speak to the right people, and understand what they protect and how much they would be willing to protect — early in the process + Make it personal + Explain how to strengthen the business + Use compliance to differentiate + Create informal teams 12 © 2012 Imperva, Inc. All rights reserved.
  • Practice #2: Build the A-Team  What: + Organizational model  How (two approaches): + Centralized model: one team that oversees all security + Decentralized model: Embed security with various business units 13 © 2012 Imperva, Inc. All rights reserved.
  • Practice #3: Work with HR  What: + InfoSec works with HR during the onboarding and offboarding process as well as implementing security programs  How (checklist): + Training and communications around security + Onboarding – Background checks – Psych testing – Special screening for executives + Violations + Terminations 14 © 2012 Imperva, Inc. All rights reserved.
  • Practice #4: Work with Legal  What: + Create a legal environment that promotes security  How: + Create scary legal policies, for example, implement compliance and legal policies around on and offboarding + Contract reviews with partners + Approve policies (email usage, network usage, social network usage, care of laptops and other portable devices, monitoring of user behavior) 15 © 2012 Imperva, Inc. All rights reserved.
  • Practice #5: Education  What: + Education programs to raise security awareness and efficacy  How: + Regular security training to cover threats and LOB role – Ideally, twice per year – Constant training that uses real world episodes (email, newsletters) that are not subject to timing – Online security awareness training + Educate yourself! 16 © 2012 Imperva, Inc. All rights reserved.
  • #2 Prioritizing17 © 2012 Imperva, Inc. All rights reserved.
  • Practice #1: Size the Challenge  What: + Identify what makes your company unique  How (checklist): + Build a full employee inventory: total, transient, permanent, mobility, access restrictions + Partner profiling + Map threats – Identify malicious scenarios – Identify accidental scenarios + Define audit requirements + Define visibility requirements 18 © 2012 Imperva, Inc. All rights reserved.
  • Practice #2: Start small , think BIG  What: + Know who and what to secure  How: + Do not become inundated by data + Build and parse an inventory of what needs to be secured + Put in the basic controls, and then build + Determine what needs to be automated 19 © 2012 Imperva, Inc. All rights reserved.
  • Practice #3: Automation  What: + Automate certain security processes  How: + Find what systems you can automate, such as: – Online training – System inventory by an automated server discovery process – Fraud prevention – Provisioning and de-provisioning privileges – Employee departure (HR systems can notify IT immediately and remove permissions) – Clean-up dormant accounts 20 © 2012 Imperva, Inc. All rights reserved.
  • #3 Access Controls21 © 2012 Imperva, Inc. All rights reserved.
  • Practice #1: Quis custodiet ipsos custodes?  What: + Lockdown admins and superusers, and develop a separate policy  How: + Use business owner to verify + Privileged user monitoring + Periodic review by business + Eliminate dormant accounts + Separate policies for administrators 22 © 2012 Imperva, Inc. All rights reserved.
  • Practice #2: Develop a Permissions Strategy  What: + Permissions structure that is comprehensive and flexible  How: + Use business owner to verify + Start with permissions discovery + Recognize key events: – Job changes – Terminations – Sensitive transactions should require additional approvals to prevent fraud – Cloud + Automate 23 © 2012 Imperva, Inc. All rights reserved.
  • Practice #3: Look for Aberrant Behavior  What: + Weirdness probably means trouble  How: + Profile normal, acceptable usage and access to sensitive items by… – Volume – Access speed – Privilege level + Put in place monitoring or “cameras in the vault” 24 © 2012 Imperva, Inc. All rights reserved.
  • Practice #4: Device Management  What: + Manage company and personal devices  How: + View data theft as a function of aberrant behavior + Put controls and monitoring on apps and databases + Remote wipe 25 © 2012 Imperva, Inc. All rights reserved.
  • #4 Technology26 © 2012 Imperva, Inc. All rights reserved.
  • Practice #1: Rebalancing the Portfolio  What: + Pick the right technology with constant readjustments  How: + Map back to threats + Key: Rebalance your portfolio periodically and assess what you need and what you don’t! 27 © 2012 Imperva, Inc. All rights reserved.
  • Webinar Materials Join LinkedIn Group Imperva Data Security Direct for… Answers to Post-Webinar Attendee Discussions Questions Webinar Webinar Slides Recording Link © 2012 Imperva, Inc. All rights reserved.
  • www.imperva.com © 2012 Imperva, Inc. All rights reserved.