Extending CyberSecurity Beyond The Office Perimeter
•Download as PPTX, PDF•
1 like•94 views
The traditional office has now morphed into a hybrid model where most employees work remotely. The shift to remote work isn't entirely new. Between 2005 and 2018, there was a 173% increase in the US remote workforce. This trend spiked significantly in 2020 when roughly 88% of organizations worldwide encouraged remote work to flatten the COVID-19 spread. Join Dr. Christine Izuakor and Veriato's Head of Marketing, Pete Nourse In this free webinar as they discuss: How corporate office perimeters continue to evolve in real-time as the world changes Latest threats to organizations in and out of the office in the new year Keeping your data and systems safe while they sit in your employees' house A user-centric approach to extending security beyond the traditional office perimeter
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Extending CyberSecurity Beyond The Office Perimeter
Similar to Extending CyberSecurity Beyond The Office Perimeter (20)
More from Veriato
More from Veriato (10)
Recently uploaded
Recently uploaded (20)
Extending CyberSecurity Beyond The Office Perimeter
- 1. Confidential Dr. Christine Izuakor Pete Nourse Extending Cybersecurity Beyond The Office Perimeter
- 2. Confidential Your speakers Dr. Christine Izuakor Dr. Izuakor is the Founder and CEO of Cyber Pop-up. She has 10 years of Fortune 100 enterprise technology and leadership experience, including building numerous security functions from the ground up at United Airlines. She earned a PhD in Security Engineering, is a cyber security professor, writes and speaks on a wide range of cyber security issues globally, and helps corporations solve a broad range of strategic cybersecurity challenges. Pete Nourse Pete is the CMO of Veriato. He is a seasoned technology marketing executive with over 20 years of experience leading marketing for multiple, multinational corporations. He has been focused in the cybersecurity field since 2001. Prior to joining Veriato, he worked for companies including Bitdefender, nCipher, Avid Technologies, and EDS.
- 3. Confidential 25% employees admit sharing passwords with family & friends. SailPoint Remote Work Report
- 4. Confidential 28% of employees don't lock their phones. - Pew Research
- 5. Confidential 72% of security professionals are concerned that remote employees break security policies and expose systems to risk. Black Hat
- 6. Confidential Today’s agenda • The evolution of the office perimeter • Latest threats to organizations in and out of the office • Keeping your data and systems safe while they sit in your employees' house • A user-centric approach to extending security beyond the traditional office perimeter
- 7. Confidential The “new office perimeter” • Companies struggle to balance the shrinking office footprint vs. explosive growth in the mobile footprint
- 8. Confidential Extended risk footprint raises security concerns • Insider threats • Data loss • Compliance challenges
- 9. Confidential Keys to extending security beyond the office • Basic security hygiene • Insider threat detection • Zero trust strategies • Ransomware protection • Productivity monitoring
- 10. Confidential User-centric security a key strategy in the extended office • Keep users at the core your remote security strategy • Draw key insights from data through user behavior analytics
- 11. Confidential Keep security up, as office walls come down.
- 13. Confidential CONFIDENTIAL Single Integrated Platform USER & ENTITY BEHAVIOR ANALYTICS (UEBA) + USER ACTIVITY MONITORING (UAM) + PREDICTIVE RISK SCORING Ai POWERED THREAT HUNTING
- 14. Confidential CONFIDENTIAL Macs PCs Androids Cerebral Management Console SQL Server Cerebral Works in Physical & Virtualized Environment Windows Servers (including terminal servers)
- 16. Confidential CONFIDENTIAL Cerebral lets you • Track, Analyze & Record all user activity (at home or in office) • Provides daily productivity reports (Excel or Netflix?) • Fine Grain control over who and what is monitored (privacy) • Psycholinguistic sentiment analysis (disengagement indicator)
- 17. Confidential CONFIDENTIAL Active Vs. Idle Time Summary
- 19. Confidential CONFIDENTIAL Work from Home Compliance Nightmare VPN Violation
- 21. Confidential • 84% believe remote work is here to stay • 18% say cybersecurity is not a priority at home • 23% experienced increased incidents during pandemic Massively Expanded Risk Footprint
- 22. Confidential CONFIDENTIAL T I M E R I S K Managing Corporate Risk Timeline P R E - B R E A C H P O S T - B R E A C H M O M E N T o f B R E A C H E m p l o y e e s C o n t r a c t o r s E x - e m p l o y e e s I m p o s t e r s V a l u a b l e D a t a Real Time Alerting Predictive Threat Hunting Intelligent Incident Response
- 23. Watching Analyzing Recording 24/7/365 File Transfers Document Tracking Network Usage Applications Used User Status Geofencing Email content Chats & IMs Websites visited & Online Searches Keystrokes Android Phone Use Compromised Credentials Psycholinguistics Printer & USB Ai
- 24. Confidential CONFIDENTIAL Predictive Analytics Best in Class Technology • Utilizes advanced machine learning techniques o Based on the Palo Alto Research Center PARC o Tested against the CERT Insider Threat Center dataset that comprise computer employee activities within a large business or government organization over a 500-day period • Cerebral ML adds to the best (sophisticated DARPA-supported ML) • Veriato proprietary innovations : 1. Adds consideration activity with psychological factors 2. Passes over “dirty data” and adjusts noise due to changing domains clusters • In CERT benchmark testing resulted in fewer false alarms • < 3% FA than similar algorithms Veriato’s ML results currently unbeaten, including beating Microsoft’s ML algorithm in head to head testing
- 25. Alerting Enterprise Wide Risk Scoring • Calculates continuous user risk scores for all employees • Ranks risky users in a watchlist • Predicts and prevents by observing trends in user risk score time series Maximized Efficiency
- 26. The Complete Insider Threat Intelligence Platform Integrated & Intelligent
- 27. Eyes On Glass Technology Exactly What Happened (UAM) • Time-Capsule DVR screenshot review • See all onscreen actions • Play it back like your DVR • Export as BMP, JPG or AVI Video Playback
- 28. Confidential Empowering Cybersecurity Beyond the Office Perimeter Contact Us For a Cerebral Demo Sales@Veriato.com 1-888-598-2788
Editor's Notes
- Christine: *kick off session*
- Christine: *introduce speakers*
- Christine: set context Also, 50% of employees share a company issued device with friends and family.
- Christine: set context
- Christine: set context
- Christine: *walkthrough agenda and what attendees will walk away with*
- Christine: ”Explain what is meant by the "new office perimeter". How has this concept evolved over time?” Pete: Discuss the shrinking office footprint, and growing mobile footprint. (Data in the kitchen, data on the beach, data in unknown places.) Visibility and monitoring technology
- Christine: ”What new threats are you all seeing arise given this continual shift?” Pete: Discuss insider threats, data loss, compliance issues, anything else you want to add Christine: Add a bit on ransomware and backup challenges.
- Christine: ”What are some key recommendations to keeping data and systems secure beyond the traditional office perimeter?” Pete: Discuss remote employee monitoring and insider threat detection, concept of zero trust, ransomsafe, added value of productivity monitoring, etc. Christine: Add a bit on training and awareness; also don't neglect what you left on prem.
- Christine: ”As perimeters get blurred, we're all learning that while perimeters are still important we have to focus more on the nodes within - aka users. Tell us more about user-centric approaches to extending security beyond the traditional office perimeter.” Pete: Plug Veriato products and lead into a demo or product slides?
- Add any demo slides Pete
- Today we’re going to show you Cerebral. Cerebral is an Ai power insider threat platform that integrates User Behavior Analytics and User Activity Monitoring to provide a powerful Next Gen solution. Cerebral’s predictive analytics allow a security team to proactively hunt threats. I’d like to give you an overview of Cerebral’s components and how it works as well as a some common use cases from some of our customers. Does that sound OK? Before we dive in could you take a couple of minutes and tell me what you’re using now for insider threat security and what objective you have? Thanks for sharing that, it will help tailor our conversation.
- Cerebral is an insider threat intelligence platform that integrates User & entity behavior analytics, daily risk scoring and user activity monitoring which includes video screenshot playback. The power comes from the integration which allows you to identify and close investigation dramatically faster that with legacy or network analysis tools. Cerebral is software based but it does require a SQL DB to store the data. From your management console you can remotely push the Cerebral agent out to the endpoint machines (PCs, Macs, and Androids). The agent deploys and runs in stealth mode unless you choose to make it visible to the end user. The devices can be anywhere in the world as long as they have an internet or network connection to communicate back to the server. As soon as the agents are deployed they start watching all user activity on the endpoint 24/7. A dynamic behavioral profile is created for every user over a 20-30 day period. This dynamic digital fingerprint sets a behavioral baseline for both the person and the group the person’s associated with
- Lets take a look at Productivity and engagement
- Cerebral will; Track all activity at home or in the office Provide productivity reporting which I’ll show you in a minute Give you fine grain control over who and what is monitored – Privacy is always a concern – we can talk more about this later if it’s a concern for your team And we can tell you when people are starting to mentally disengage from the company Employee engagement leads to 59% lower employee turnover, so it has a huge bottom-line impact Cerebral’s AI utilizes psycholinguistics to identify signs of disengagement – a top concern of every HR exec. Analyzes languageused by an employee in an email and picks up subtle clues that a person is disengaging – for example someone stops saying “we” and instead says “they” Key Point – Lay out exact capabilities regarding productivity & engagement
- Let’s take a look at how simple it is to review productivity. Here’s the active VS. idle time indicator – the light blue shows when people are active. So it looks like most people got going between 8:30 and 9:00. But then you notice that this guy down here who I’m guessing had a 9:00 tee time because he checked in at 8:00 for 10 minutes and then was idle for the rest of the day Key Point – Easy to view and spot probs
- After the initial wave of pandemic panic, with getting people set up remotely laptops and VPN connections etc. we started receiving calls to help with a new problem – compliance. Key Point – A new problem has arisen Concept - Others are concerned, you should be too
- Let’s look at a scenario; A hospital has sent all there billing and insurance reps. to work from home Each morning John sits in his kitchen, clicks onto the VPN and download the patient records so he can start working (click) If during the day, he clicks the VPN disconnect button on their screen, the Hospital has lost all visibility (click) – they don’t know what he’s doing with the patient data They are out of compliance Cerebral eliminates this problem because it’s not VPN reliant (click) Communication can be set up through a private URL so anytime the person is online data will flow back to the console (Click) Additionally – even if John shuts down there wifi and goes offline completely, Cerebral is still monitoring and recording all activity so a definitive record and auditable trail is maintained and stored locally. The next time John goes online, all the data will upload to the server. Because data is stored in a SQL database, reports can be queried to meet any compliance reporting requirement. Key Point – an end to end story to illustrate overcoming the compliance nightmare remote workers cause is easily resolved with Veriato
- Finally let’s look at Insider Threat Security As employees left their office environment and began working in spare bedrooms and at kitchen tables, with critical data, the risk footprint for organizations suddenly grew exponentially. Valuable IP, customer, patient and financial data is now outside the firewalls spread across the city region or country with no visibility into what employees are doing all day. With 60% of breaches coming from employees/contractors/partners… pre-covid - Insider threat security is more important than ever. Key Point – The risk footprint expanded so you need to pay closer attention
- Christine: Compliance is a start, but compliant doesn’t mean secure. We have bigger issues. Most companies are accepting that this could be permanent – in fact, a report from Pulse Secure found that 84% of US organizations expect a broader and more persistent remote work adoption after the coronavirus pandemic passes. However, adopting remote-first work policies comes with security challenges for tech leaders. Some studies have shown that remote employees are less likely to follow security best practices — for example, a report by Malwarebytes showcasing security in today's work from home environment found 18% of respondents said cybersecurity was not a priority. And in a report commissioned by (ISC)², nearly one fourth (23%) of infosec professionals said that cybersecurity incidents experienced by their organization have increased since transitioning to remote work.
- When looking at the Risk Timeline there are 2 components – the valuable data and the people affiliated with the organization We look at the risk timeline in 3 phases Pre-Breach Moment of breach Post Breach As time moves forward without resolution the risk grows Ideally we’d love to stop every threat at Pre-Breach phase, but unfortunately that’s not a reality so we want to minimize corporate risk at each phase Use predictive analytics to proactively hunt threats - to ID employees that are exhibiting signs of risk - to head off as many breaches as possible If a breach occurs – need to be alerted right away – the industry average of 206 days to discover a breach is completely unacceptable Incident response; Understand context right away so that appropriate action can be taken within minutes (not hours, not days) Understand how the breach occurred Understand if accomplices inside or outside of the organizations Create an evidence trail to allow prosecution
- Veriato is watching all human activity on the network. As soon as the agent is deployed on the endpoint, Veriato AI utilizes machine learning to create baselines on all employees. These digital fingerprint are used to look for behavioral anomalies. Cerebral continually analyzes and records all user activity on the endpoint 24/7 including, emails, chats, web usage, files movement, network usage, geofencing, psycholinguistics and more Alert Events -When conditions set in an Alerting Policy are met, an "Alert Event" is recorded Call Events - Phone numbers of incoming and outgoing calls and duration of call mobile devices only Chat/IM Events - Content from and information about a chat room session or Instant Message session Document Events - Printing, moving, renaming, copying of a file and all relevant information Email Events - All email sent/received and email file attachments File Transfer Events - All Peer-to-Peer, FTP, and HTTP file transactions Keystroke Events - All typed keystrokes and characters, visible or not Keyword Alert Events - Any event that triggered an alert, based on detection of a keyword at the client Network Events - All communication with other computers on the network intranet or internet Online Search Events - Searches entered and hits received from search engines Application Events -Every program opened and the activity within it Screen Snapshots - A picture every 30 seconds or specified time of the user's screen, as the user sees it User Status Events - Log on and log off times; periods of activity and inactivity Website Events - All domains and URLs visited
- Cerebral’s Predictive analytics are best in class and even build off of the DODs DARPA ML
- Cerebral’s AI is constantly analyzing all data gathered and creates a dynamic risk score for all employees. A security analyst can simply check the risk score dashboard each morning to proactively identify people that deserve a closer look. Here we see 6 people flagged red as high risk. You click on any person (click) and get the details about the activities that moved them into the red. Key Point –A key part of threat hunting and a huge efficiency maximizer (minimize the risk by proactively looking at possible needles in the haystack)
- The power of cerebral comes from its artificial intelligence and integrated functionality. It watches everyone 24/7 It analyzes all behavior It alerts you when there’s a sign of threat It lets see video of exactly what’s happening Letting you react in minutes instead of days weeks or months
- Cerebral’s eyes on glass technology gives you immediate visibility, so you know exactly what’s going on. If the alert comes in at 9:35 am, security can immediately use our Time-Capsule DVR to go back in time and cue up video of Joe’s screen from 30 minutes before the alert and watch everything he does. Is he just working on a big report or is he encrypting the data and hiding it in a PowerPoint presentation and using obfuscation tools to cover his tracks? Do you give him a raise for working hard… or call HR and the police? Now you know exactly what to do within minutes! Key Point –See the context immediately – react in minutes – minimize the Risk by stopping the bleeding fast
- Christine: Transition to Q&A and then close out session