Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Insider Threat: How Does Your Security Stack Measure Up?

Security technologists, practitioners, and the media love to talk about the latest malware, and zero-day attacks that hackers and nation states direct against their targets. The reality is that a significant portion of security incidents and data breaches come from within an organization’s security perimeter. The insider threat is the unglamorous side of security, and one that most vendors and industry professionals tend to ignore. Which tools in your security stack truly address the insider threat problem? What percentage of your security budget is dedicated to this issue?
This presentation will explore the rise of the insider threat, and the five essential components of an effective approach to identifying and investigating breaches that result from the malicious or innocent actions of internal actors.

Learning Objectives:
• Learn about the trends, size & scope of the insider threat problem
• How to Evaluate your security stack against the insider threat problem
• Explore emerging concept of insider detection and investigation and the five required components of an insider threat approach.

  • Login to see the comments

  • Be the first to like this

Insider Threat: How Does Your Security Stack Measure Up?

  1. 1. Insider Threat: How Does Your Security Stack Measure Up? Rene Kolga, CISSP Head of Product, ThinAir
  2. 2. Does this security stack address the insider threat?
  4. 4. How Serious is Insider Threat? 25% of breaches come from insiders 58% of Financial Services attacks come from insiders 80% of Healthcare breaches come from insiders
  5. 5. Would you catch these insiders at your company?
  6. 6. Insider Detection and Investigation
  7. 7. How to address the insider threat problem?
  8. 8. 1. Endpoint Visibility » Endpoint is the point of interaction between people and data » Endpoint is where a lot of IP is created » Endpoint is often the blind spot
  9. 9. 2. Deep Context Visibility • M&A documents • PHI • PII • Financial information • Source code • Blueprints, etc. Network Device Application User Data (sensitive stuff here)
  10. 10. 3. Continuous Visibility » Track all interactions with information, continuously » Maintain historical audit log (6-24 months or longer) • Even if evidence has been tampered with or deleted
  11. 11. 4. Insider Behavior Detection » Detect insiders along the threat kill chain stages • Proactive prediction of exfiltration
  12. 12. 5. Business Impact » Provide business impact assessment » Value breach risk in $$$ vs. number of records lost
  13. 13. Let’s get started! » Insider threats are here to stay… » Visibility into user-information interaction is a must » Need the ability to quickly identify and investigate insider threats » Comprehensive program requires a blend of technology, policies and cultural changes
  14. 14. Thank You!