The traditional office has now morphed into a hybrid model where most employees work remotely. The shift to remote work isn't entirely new. Between 2005 and 2018, there was a 173% increase in the US remote workforce.
This trend spiked significantly in 2020 when roughly 88% of organizations worldwide encouraged remote work to flatten the COVID-19 spread.
Join Dr. Christine Izuakor and Veriato's Head of Marketing, Pete Nourse In this free webinar as they discuss:
How corporate office perimeters continue to evolve in real-time as the world changes
Latest threats to organizations in and out of the office in the new year
Keeping your data and systems safe while they sit in your employees' house
A user-centric approach to extending security beyond the traditional office perimeter
2. Confidential
Your speakers
Dr. Christine Izuakor
Dr. Izuakor is the Founder and CEO of Cyber Pop-up. She has 10 years of
Fortune 100 enterprise technology and leadership experience, including
building numerous security functions from the ground up at United
Airlines. She earned a PhD in Security Engineering, is a cyber security
professor, writes and speaks on a wide range of cyber security issues
globally, and helps corporations solve a broad range of strategic
cybersecurity challenges.
Pete Nourse
Pete is the CMO of Veriato. He is a seasoned technology marketing
executive with over 20 years of experience leading marketing for
multiple, multinational corporations. He has been focused in the
cybersecurity field since 2001. Prior to joining Veriato, he worked for
companies including Bitdefender, nCipher, Avid Technologies, and EDS.
5. Confidential
72% of security professionals are
concerned that remote employees break
security policies and expose systems to
risk.
Black Hat
6. Confidential
Today’s agenda
• The evolution of the office perimeter
• Latest threats to organizations in and out of the office
• Keeping your data and systems safe while they sit in
your employees' house
• A user-centric approach to extending security beyond
the traditional office perimeter
7. Confidential
The “new office perimeter”
• Companies struggle to balance the shrinking office footprint vs. explosive
growth in the mobile footprint
9. Confidential
Keys to extending security beyond
the office
• Basic security hygiene
• Insider threat detection
• Zero trust strategies
• Ransomware protection
• Productivity monitoring
10. Confidential
User-centric security a key
strategy in the extended office
• Keep users at the core your
remote security strategy
• Draw key insights from data
through user behavior analytics
16. Confidential
CONFIDENTIAL
Cerebral lets you
• Track, Analyze & Record all user activity (at home or in
office)
• Provides daily productivity reports (Excel or Netflix?)
• Fine Grain control over who and what is monitored
(privacy)
• Psycholinguistic sentiment analysis (disengagement
indicator)
21. Confidential
• 84% believe remote work is here to stay
• 18% say cybersecurity is not a priority at home
• 23% experienced increased incidents during
pandemic
Massively Expanded
Risk Footprint
22. Confidential
CONFIDENTIAL
T I M E
R
I
S
K
Managing Corporate Risk Timeline
P R E - B R E A C H P O S T - B R E A C H
M O M E N T o f
B R E A C H
E m p l o y e e s
C o n t r a c t o r s
E x - e m p l o y e e s
I m p o s t e r s
V a l u a b l e
D a t a
Real
Time
Alerting
Predictive
Threat Hunting
Intelligent
Incident
Response
24. Confidential
CONFIDENTIAL
Predictive Analytics
Best in Class Technology
• Utilizes advanced machine learning techniques
o Based on the Palo Alto Research Center PARC
o Tested against the CERT Insider Threat Center dataset that
comprise computer employee activities within a large business or
government organization over a 500-day period
• Cerebral ML adds to the best (sophisticated DARPA-supported ML)
• Veriato proprietary innovations :
1. Adds consideration activity with psychological factors
2. Passes over “dirty data” and adjusts noise due to changing
domains clusters
• In CERT benchmark testing resulted in fewer false
alarms
• < 3% FA than similar algorithms
Veriato’s ML results currently
unbeaten, including beating
Microsoft’s ML algorithm in head
to head testing
25. Alerting
Enterprise Wide Risk Scoring
• Calculates continuous user risk scores for all employees
• Ranks risky users in a watchlist
• Predicts and prevents by observing trends in user risk score time series
Maximized Efficiency
27. Eyes On Glass Technology
Exactly What Happened (UAM)
• Time-Capsule DVR screenshot review
• See all onscreen actions
• Play it back like your DVR
• Export as BMP, JPG or AVI
Video Playback
Christine: set context
Also, 50% of employees share a company issued device with friends and family.
Christine: set context
Christine: set context
Christine: *walkthrough agenda and what attendees will walk away with*
Christine: ”Explain what is meant by the "new office perimeter". How has this concept evolved over time?”
Pete: Discuss the shrinking office footprint, and growing mobile footprint. (Data in the kitchen, data on the beach, data in unknown places.)
Visibility and monitoring technology
Christine: ”What new threats are you all seeing arise given this continual shift?”
Pete: Discuss insider threats, data loss, compliance issues, anything else you want to add
Christine: Add a bit on ransomware and backup challenges.
Christine: ”What are some key recommendations to keeping data and systems secure beyond the traditional office perimeter?”
Pete: Discuss remote employee monitoring and insider threat detection, concept of zero trust, ransomsafe, added value of productivity monitoring, etc.
Christine: Add a bit on training and awareness; also don't neglect what you left on prem.
Christine: ”As perimeters get blurred, we're all learning that while perimeters are still important we have to focus more on the nodes within - aka users. Tell us more about user-centric approaches to extending security beyond the traditional office perimeter.”
Pete: Plug Veriato products and lead into a demo or product slides?
Add any demo slides Pete
Today we’re going to show you Cerebral. Cerebral is an Ai power insider threat platform that integrates User Behavior Analytics and User Activity Monitoring to provide a powerful Next Gen solution. Cerebral’s predictive analytics allow a security team to proactively hunt threats.
I’d like to give you an overview of Cerebral’s components and how it works as well as a some common use cases from some of our customers. Does that sound OK?
Before we dive in could you take a couple of minutes and tell me what you’re using now for insider threat security and what objective you have?
Thanks for sharing that, it will help tailor our conversation.
Cerebral is an insider threat intelligence platform that integrates User & entity behavior analytics, daily risk scoring and user activity monitoring which includes video screenshot playback.
The power comes from the integration which allows you to identify and close investigation dramatically faster that with legacy or network analysis tools.
Cerebral is software based but it does require a SQL DB to store the data. From your management console you can remotely push the Cerebral agent out to the endpoint machines (PCs, Macs, and Androids). The agent deploys and runs in stealth mode unless you choose to make it visible to the end user. The devices can be anywhere in the world as long as they have an internet or network connection to communicate back to the server.
As soon as the agents are deployed they start watching all user activity on the endpoint 24/7. A dynamic behavioral profile is created for every user over a 20-30 day period. This dynamic digital fingerprint sets a behavioral baseline for both the person and the group the person’s associated with
Lets take a look at Productivity and engagement
Cerebral will;
Track all activity at home or in the office
Provide productivity reporting which I’ll show you in a minute
Give you fine grain control over who and what is monitored – Privacy is always a concern – we can talk more about this later if it’s a concern for your team
And we can tell you when people are starting to mentally disengage from the company
Employee engagement leads to 59% lower employee turnover, so it has a huge bottom-line impact
Cerebral’s AI utilizes psycholinguistics to identify signs of disengagement – a top concern of every HR exec.
Analyzes languageused by an employee in an email and picks up subtle clues that a person is disengaging – for example someone stops saying “we” and instead says “they”
Key Point – Lay out exact capabilities regarding productivity & engagement
Let’s take a look at how simple it is to review productivity.
Here’s the active VS. idle time indicator – the light blue shows when people are active. So it looks like most people got going between 8:30 and 9:00. But then you notice that this guy down here who I’m guessing had a 9:00 tee time because he checked in at 8:00 for 10 minutes and then was idle for the rest of the day
Key Point – Easy to view and spot probs
After the initial wave of pandemic panic, with getting people set up remotely laptops and VPN connections etc. we started receiving calls to help with a new problem – compliance.
Key Point – A new problem has arisen
Concept - Others are concerned, you should be too
Let’s look at a scenario;
A hospital has sent all there billing and insurance reps. to work from home
Each morning John sits in his kitchen, clicks onto the VPN and download the patient records so he can start working (click)
If during the day, he clicks the VPN disconnect button on their screen, the Hospital has lost all visibility (click) – they don’t know what he’s doing with the patient data
They are out of compliance
Cerebral eliminates this problem because it’s not VPN reliant (click)
Communication can be set up through a private URL so anytime the person is online data will flow back to the console
(Click) Additionally – even if John shuts down there wifi and goes offline completely, Cerebral is still monitoring and recording all activity so a definitive record and auditable trail is maintained and stored locally. The next time John goes online, all the data will upload to the server.
Because data is stored in a SQL database, reports can be queried to meet any compliance reporting requirement.
Key Point – an end to end story to illustrate overcoming the compliance nightmare remote workers cause is easily resolved with Veriato
Finally let’s look at Insider Threat Security
As employees left their office environment and began working in spare bedrooms and at kitchen tables, with critical data, the risk footprint for organizations suddenly grew exponentially.
Valuable IP, customer, patient and financial data is now outside the firewalls spread across the city region or country with no visibility into what employees are doing all day.
With 60% of breaches coming from employees/contractors/partners… pre-covid - Insider threat security is more important than ever.
Key Point – The risk footprint expanded so you need to pay closer attention
Christine:
Compliance is a start, but compliant doesn’t mean secure. We have bigger issues.
Most companies are accepting that this could be permanent – in fact, a report from Pulse Secure found that 84% of US organizations expect a broader and more persistent remote work adoption after the coronavirus pandemic passes.
However, adopting remote-first work policies comes with security challenges for tech leaders. Some studies have shown that remote employees are less likely to follow security best practices — for example, a report by Malwarebytes showcasing security in today's work from home environment found 18% of respondents said cybersecurity was not a priority.
And in a report commissioned by (ISC)², nearly one fourth (23%) of infosec professionals said that cybersecurity incidents experienced by their organization have increased since transitioning to remote work.
When looking at the Risk Timeline there are 2 components – the valuable data and the people affiliated with the organization
We look at the risk timeline in 3 phases
Pre-Breach
Moment of breach
Post Breach
As time moves forward without resolution the risk grows
Ideally we’d love to stop every threat at Pre-Breach phase, but unfortunately that’s not a reality so we want to minimize corporate risk at each phase
Use predictive analytics to proactively hunt threats - to ID employees that are exhibiting signs of risk - to head off as many breaches as possible
If a breach occurs – need to be alerted right away – the industry average of 206 days to discover a breach is completely unacceptable
Incident response;
Understand context right away so that appropriate action can be taken within minutes (not hours, not days)
Understand how the breach occurred
Understand if accomplices inside or outside of the organizations
Create an evidence trail to allow prosecution
Veriato is watching all human activity on the network.
As soon as the agent is deployed on the endpoint, Veriato AI utilizes machine learning to create baselines on all employees. These digital fingerprint are used to look for behavioral anomalies. Cerebral continually analyzes and records all user activity on the endpoint 24/7 including, emails, chats, web usage, files movement, network usage, geofencing, psycholinguistics and more
Alert Events -When conditions set in an Alerting Policy are met, an "Alert Event" is recorded
Call Events - Phone numbers of incoming and outgoing calls and duration of call mobile devices only
Chat/IM Events - Content from and information about a chat room session or Instant Message session
Document Events - Printing, moving, renaming, copying of a file and all relevant information
Email Events - All email sent/received and email file attachments
File Transfer Events - All Peer-to-Peer, FTP, and HTTP file transactions
Keystroke Events - All typed keystrokes and characters, visible or not
Keyword Alert Events - Any event that triggered an alert, based on detection of a keyword at the client
Network Events - All communication with other computers on the network intranet or internet
Online Search Events - Searches entered and hits received from search engines
Application Events -Every program opened and the activity within it
Screen Snapshots - A picture every 30 seconds or specified time of the user's screen, as the user sees it
User Status Events - Log on and log off times; periods of activity and inactivity
Website Events - All domains and URLs visited
Cerebral’s Predictive analytics are best in class and even build off of the DODs DARPA ML
Cerebral’s AI is constantly analyzing all data gathered and creates a dynamic risk score for all employees.
A security analyst can simply check the risk score dashboard each morning to proactively identify people that deserve a closer look. Here we see 6 people flagged red as high risk. You click on any person (click) and get the details about the activities that moved them into the red.
Key Point –A key part of threat hunting and a huge efficiency maximizer (minimize the risk by proactively looking at possible needles in the haystack)
The power of cerebral comes from its artificial intelligence and integrated functionality.
It watches everyone 24/7
It analyzes all behavior
It alerts you when there’s a sign of threat
It lets see video of exactly what’s happening
Letting you react in minutes instead of days weeks or months
Cerebral’s eyes on glass technology gives you immediate visibility, so you know exactly what’s going on.
If the alert comes in at 9:35 am, security can immediately use our Time-Capsule DVR to go back in time and cue up video of Joe’s screen from 30 minutes before the alert and watch everything he does. Is he just working on a big report or is he encrypting the data and hiding it in a PowerPoint presentation and using obfuscation tools to cover his tracks?
Do you give him a raise for working hard… or call HR and the police?
Now you know exactly what to do within minutes!
Key Point –See the context immediately – react in minutes – minimize the Risk by stopping the bleeding fast
Christine:
Transition to Q&A and then close out session