Logs vs Insiders

•

5 likes•1,287 views

This presentation discusses using logs vs insider attacks (internal threat); it also goes into how to "insider-proof" your logging.

Technology Business

Santa Clara Convention Center January 27 – 31, 2008 All The Technologies – One Great Place To Meet! Dr Anton Chuvakin Chief Logging Evangelist LogLogic Log Data: The Weapon Of Choice To Thwart Insider Threats

Outline ,[object Object],[object Object],[object Object],[object Object],[object Object]

Insider Threat? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Defining “Insider Threat” ,[object Object],[object Object]

Key Distinction ,[object Object],[object Object]

Why Fight? ,[object Object],[object Object],[object Object],[object Object],[object Object]

Why NOT Fight? ,[object Object],[object Object],[object Object],[object Object],[object Object]

Choices, Choices ,[object Object],[object Object],[object Object],[object Object],[object Object]

Repeat After Me … ,[object Object],[object Object],[object Object],[object Object]

What About Access Controls? ,[object Object],[object Object]

So, How Do You Fight!? ,[object Object],[object Object],[object Object]

Overview of Logs and Logging ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],What logs? From Where?

Why Logs vs Insiders? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Assumptions! ,[object Object],[object Object],[object Object],[object Object]

What Logs Are Most Useful? ,[object Object],[object Object],[object Object],[object Object]

Example: Firewall/Network Logs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Firewall/Network Logs AIs ,[object Object],[object Object],[object Object],[object Object]

Example: VPN Logs ,[object Object],[object Object],[object Object],[object Object]

VPN Logs AIs ,[object Object],[object Object],[object Object],[object Object]

Example: System Logs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Example: Web Logs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Example: Database Audit ,[object Object],[object Object],[object Object],[object Object],[object Object]

Database Audit AIs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Example: Honeypot Logs ,[object Object],[object Object],[object Object],[object Object],[object Object]

What You MUST Do?! ,[object Object],[object Object],[object Object],[object Object],[object Object]

Case Study ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

How to optimize logging? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Conclusions ,[object Object],[object Object],[object Object]

Thanks for Attending the Presentation! ,[object Object],[object Object],[object Object],[object Object],[object Object]

What's hot

Insider threat kill chainTarun Gupta,CRISC CISSP CISM CISA BCCE

Log Forensics from CEIC 2007Anton Chuvakin

CSF18 - For Your Ears Only - Sasha KranjacNCCOMMS

CONFidence 2007 Log Forensics TEASER PresoAnton Chuvakin

Ht t17SelectedPresentations

Database SecurityRabiaIftikhar10

Database securityZubair Rahim

Logging "BrainBox" Short ArticleAnton Chuvakin

Hacking databasessunil kumar

Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญBAINIDA

SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)Security Bootcamp

Threat hunting - Every day is hunting seasonBen Boyd

Goans-Helms-IT Security at Georgia Tech LibraryNational Information Standards Organization (NISO)

Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash

What Is "Secure"?Peter Coffee

What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...Edureka!

Ayala mar23National Information Standards Organization (NISO)

Database security for PHPRohan Faye

BeyondCorp Boston Meetup: Closing the Adherence GapIvan Dwyer

Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.

What's hot (20)

Insider threat kill chain

Log Forensics from CEIC 2007

CSF18 - For Your Ears Only - Sasha Kranjac

CONFidence 2007 Log Forensics TEASER Preso

Ht t17

Database Security

Database security

Logging "BrainBox" Short Article

Hacking databases

Current trends in information security โดย ผศ.ดร.ปราโมทย์ กั่วเจริญ

SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)

Threat hunting - Every day is hunting season

Goans-Helms-IT Security at Georgia Tech Library

Sophisticated Attacks vs. Advanced Persistent Security

What Is "Secure"?

What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...

Ayala mar23

Database security for PHP

BeyondCorp Boston Meetup: Closing the Adherence Gap

Combating Insider Threats – Protecting Your Agency from the Inside Out

Viewers also liked

All your logs are belong to you!Security BSides London

5 drought in romania mateescuGlobal Water Partnership Central and Eastern Europe

Log Management for PCI Compliance [OLD]Anton Chuvakin

Choosing Your Log Management Approach: Buy, Build or OutsourceAnton Chuvakin

Logs = AccountabilityAnton Chuvakin

Ch12 outlinemedinajg

Log management principle and usageBikrant Gautam

Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinAnton Chuvakin

AP Environmental Science Ch. 10, part 1 Miller LITEStephanie Beck

Chapter 11 lecture outlineMacomb Community College

Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin

Update from the North American Drought MonitorDRIscience

Blackhat Workshopwremes

Agriculture drought with remote sensingInstitute of Space Knowledge Development

Security Information and Event Management (SIEM)k33a

Viewers also liked (15)

All your logs are belong to you!

5 drought in romania mateescu

Log Management for PCI Compliance [OLD]

Choosing Your Log Management Approach: Buy, Build or Outsource

Logs = Accountability

Ch12 outline

Log management principle and usage

Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin

AP Environmental Science Ch. 10, part 1 Miller LITE

Chapter 11 lecture outline

Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin

Update from the North American Drought Monitor

Blackhat Workshop

Agriculture drought with remote sensing

Security Information and Event Management (SIEM)

Similar to Logs vs Insiders

Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Anton Chuvakin

Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008guestc0c304

Audit logs for Security and ComplianceAnton Chuvakin

What Every Organization Should Log And MonitorAnton Chuvakin

How to Gain Visibility and Control: Compliance Mandates, Security Threats and...Anton Chuvakin

Logs for Information Assurance and Forensics @ USMAAnton Chuvakin

Power of logs: practices for network securityInformation Technology Society Nepal

Using Logs for Breach Investigations and Incident Response by Dr Anton ChuvakinAnton Chuvakin

Six Mistakes of Log Management 2008Anton Chuvakin

Log Management For e-Discovery, Database Monitoring and Other Unusual UsesAnton Chuvakin

InfoSecConcepts.pptMobileAntitheft

InsiderThreat-2016NDITSMike Saunders

Log Standards & Future Trends by Dr. Anton ChuvakinAnton Chuvakin

What does "monitoring" mean? (FOSDEM 2017)Brian Brazil

Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru

Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinAnton Chuvakin

Web Proxy Log Analysis and Management 2007Anton Chuvakin

N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018Codemotion

FIRST 2006 Full-day Tutorial on Logs for Incident ResponseAnton Chuvakin

Something Fun About Using SIEM by Dr. Anton ChuvakinAnton Chuvakin

Similar to Logs vs Insiders (20)

Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008

Audit logs for Security and Compliance

What Every Organization Should Log And Monitor

How to Gain Visibility and Control: Compliance Mandates, Security Threats and...

Logs for Information Assurance and Forensics @ USMA

Power of logs: practices for network security

Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin

Six Mistakes of Log Management 2008

Log Management For e-Discovery, Database Monitoring and Other Unusual Uses

InfoSecConcepts.ppt

InsiderThreat-2016NDITS

Log Standards & Future Trends by Dr. Anton Chuvakin

What does "monitoring" mean? (FOSDEM 2017)

Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing

Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin

Web Proxy Log Analysis and Management 2007

N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018

FIRST 2006 Full-day Tutorial on Logs for Incident Response

Something Fun About Using SIEM by Dr. Anton Chuvakin

Recently uploaded

presentation ICT roal in 21st century educationjfdjdjcjdnsjd

Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1

MINDCTI Revenue Release Quarter One 2024MIND CTI

2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays

TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung

DBX First Quarter 2024 Investor PresentationDropbox

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz

Architecting Cloud Native ApplicationsWSO2

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo

TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays

Real Time Object Detection Using Open CVKhem

Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services

Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2

Recently uploaded (20)

presentation ICT roal in 21st century education

Boost Fertility New Invention Ups Success Rates.pdf

MINDCTI Revenue Release Quarter One 2024

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

DBX First Quarter 2024 Investor Presentation

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Architecting Cloud Native Applications

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Real Time Object Detection Using Open CV

Strategies for Landing an Oracle DBA Job as a Fresher

Exploring the Future Potential of AI-Enabled Smartphone Processors

Logs vs Insiders

1. Santa Clara Convention Center January 27 – 31, 2008 All The Technologies – One Great Place To Meet! Dr Anton Chuvakin Chief Logging Evangelist LogLogic Log Data: The Weapon Of Choice To Thwart Insider Threats

10.

11.

12.

13.

14.

15.

16.

17.

18.

19.

20.

21.

22.

23.

24.

25.

26.

27.

28.

29.

30.

Editor's Notes

Title: Log Data: The Weapon Of Choice to Thwart Insider Threats Description: Insider threats are always of concern to organizations. There is a way to track insider activity to provide a continuous fingerprint of everything that happens within the security perimeter. All users, whether trusted and non-malicious or malicious, leave traces of their activity in logs. As Anton Chuvakin will discuss, by analyzing these logs, organizations can gain insight into insider behavior and activity and can help investigate, detect, or even predict and prevent insider attacks. Outline: Basics on “insider threats” Types, research, past work (sheer amount of it!), etc Why “insider problem” is hard Can’t be solved by technology alone Also, hard to assess the scale Block vs log: control vs accountability Logs vs insiders Types of logs Case study Conclusion TRACK, not FIGHT insiders with technology Fight them with non-technology means, after you “got them”

Logs vs Insiders

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (15)

Similar to Logs vs Insiders

Similar to Logs vs Insiders (20)

More from Anton Chuvakin

More from Anton Chuvakin (20)

Recently uploaded

Recently uploaded (20)

Logs vs Insiders

Editor's Notes