SlideShare a Scribd company logo

Combating Insider Threats – Protecting Your Agency from the Inside Out

Download as PPTX, PDF
Lancope, Inc.
Lancope, Inc.

When Edward Snowden leaked classified information to the mainstream media, it brought the dangers posed by insider threats to the forefront of public consciousness, and not without reason. Today’s agencies are drowning in fears surrounding sophisticated cyber-attacks but perhaps the most concerning type of attack out there – the insider threat. According to Forrester, abuse by malicious insiders makes up 25% of data breaches. Learn about the best practices and technologies you should be implementing now to avoid becoming the next victim of a high-profile attack. - Become aware of the different types of insider threats, including their motives and methods of attack - Understand why conventional security tools like firewalls, antivirus and IDS/IPS are powerless in the face of the insider threat - Gain clarity on the various technologies, policies and best practices that should be put in place to help detect and thwart insider threats - Discover how network logs, particularly NetFlow, can be used to cost-effectively monitor for suspicious insider behaviors that could indicate an attack - Know about emerging attack methods such as muleware that could further escalate insider threats in the coming years

Technology
1 of 47
Company Confidential - © 2015 Lancope, Inc. All rights reserved. Andrew Wild The Insider Threat: Protecting Your Organization from the Inside Out Chief Information Security Officer
Company Confidential - © 2016 Lancope, Inc. All rights reserved. Who am I? • Information security professional • Background in network engineering • U.S. Army veteran
Company Confidential - © 2015 Lancope, Inc. All rights reserved. Evolution of Cyber Conflict War Dialing, Phone Phreaking … Manual Attacks (1980s) Viruses, Worms … Mechanized Attacks (1988) Google, RSA … Talented Human / Mechanized Attackers (2009) Target, Neiman Marcus … DIY Human / Mechanized Attackers (2011) Intelligence Driven Human Defenders Manual Defenses Unplug Mechanized Defenses Firewall, IDS/IPS Targeted Human/Mechanized DefendersReputation, App-aware Firewall
Company Confidential - © 2016 Lancope, Inc. All rights reserved. Today’s Threat Landscape Despite $32 billion spent on conventional tools, threats continue to evade detection… …data breaches continue 17 http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Company Confidential - © 2016 Lancope, Inc. All rights reserved. Sobering Statistics http://www.idtheftcenter.org/images/breach/DataBreachReports_2015.pdf
Company Confidential - © 2016 Lancope, Inc. All rights reserved. http://www.idtheftcenter.org/images/breach/ITRCBreachStatsReportSummary2015.pdf
Company Confidential - © 2016 Lancope, Inc. All rights reserved.
Company Confidential - © 2016 Lancope, Inc. All rights reserved.
Company Confidential - © 2016 Lancope, Inc. All rights reserved.
Company Confidential - © 2016 Lancope, Inc. All rights reserved.
Company Confidential - © 2016 Lancope, Inc. All rights reserved.
Company Confidential - © 2016 Lancope, Inc. All rights reserved.
Company Confidential - © 2016 Lancope, Inc. All rights reserved. http://espn.go.com/mlb/story/_/id/14531169/christopher-correa-former-st-louis-cardinals-executive-pleads-guilty-hacking-houston-astros-database
Company Confidential - © 2016 Lancope, Inc. All rights reserved. CISO Thoughts on Another Breach in the News • Not another one…. • Is my organization prepared? – Could we detect this event? – Would we do better or worse than the latest victim? – Asset Management • Do we know what we have? – Access Control • Privileged Credential Management/Monitoring. • Egress filtering & monitoring • Network segmentation – Detection • How mature are our capabilities? • Do we have pervasive visibility across our entire environment? – Incident Response • Are we prepared to manage an incident like this? • What can we learn from the this recent breach?
Company Confidential - © 2016 Lancope, Inc. All rights reserved. Today Top Threats Still Get Through 243 days before attackers were discovered 621 incidents & over 44 million compromised records $3.03M is the avg. lost business cost of a breach in the US F W IPS IDS
Company Confidential - © 2015 Lancope, Inc. All rights reserved. • Employees • Contractors • Partners What/Who is an Insider?
Company Confidential - © 2015 Lancope, Inc. All rights reserved.
Company Confidential - © 2015 Lancope, Inc. All rights reserved. http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
Company Confidential - © 2015 Lancope, Inc. All rights reserved. http://www.bbc.com/news/world-us-canada-23123964
Company Confidential - © 2015 Lancope, Inc. All rights reserved. http://money.cnn.com/2015/10/07/media/matthew-keys-convicted-los-angeles-times/
Company Confidential - © 2015 Lancope, Inc. All rights reserved. Why are Insider Threats on the Rise?
Company Confidential - © 2015 Lancope, Inc. All rights reserved. What are the Top Types of Insider Threats?
Company Confidential - © 2015 Lancope, Inc. All rights reserved. Forrester Research: https://www.forrester.com/Understand The State Of Data Security And Privacy 2013 To 2014/fulltext/-/E-RES82021
Company Confidential - © 2015 Lancope, Inc. All rights reserved. https://www.clearswift.com/about-us/pr/press-releases/new-research-reveals-more-third-employees-willing-sell-private-company-data-and-proprietary
Company Confidential - © 2015 Lancope, Inc. All rights reserved. https://www.clearswift.com/about-us/pr/press-releases/new-research-reveals-more-third-employees-willing-sell-private-company-data-and-proprietary
Company Confidential - © 2015 Lancope, Inc. All rights reserved. http://www.verizonenterprise.com/DBIR/
Company Confidential - © 2015 Lancope, Inc. All rights reserved.
Company Confidential - © 2015 Lancope, Inc. All rights reserved.
Company Confidential - © 2015 Lancope, Inc. All rights reserved.
Company Confidential - © 2015 Lancope, Inc. All rights reserved. 5 Steps to Manage the Insider Threat • Create a strong insider policy • Improve awareness • Strong hiring processes with screening • Rigorous subcontracting & third party risk management • Monitor employees
Company Confidential - © 2015 Lancope, Inc. All rights reserved.
Company Confidential - © 2015 Lancope, Inc. All rights reserved.
Company Confidential - © 2015 Lancope, Inc. All rights reserved. We Have to Change the Game!
Company Confidential - © 2015 Lancope, Inc. All rights reserved. Changing the Game Defenders need to find hundreds of vulnerabilities and fix them all, while the attackers only need to find one Attackers need to complete a series of operations without being detected, while the defenders only need to detect them in one
Company Confidential - © 2016 Lancope, Inc. All rights reserved. Phases of the Attack Continuum (chain) Infiltration Exfiltration
Company Confidential - © 2016 Lancope, Inc. All rights reserved. Lancope’s Continuous Response Loop Detect AnalyzeRespond Monitor • Monitor • Detect • Analyze • Respond
Company Confidential - © 2016 Lancope, Inc. All rights reserved. Continuous Response along the Attack Continuum Infiltration Exfiltration Raising the cost to adversaries through Continuous Response Detect AnalyzeRespond Monitor Detect AnalyzeRespond Monitor Detect AnalyzeRespond Monitor Detect AnalyzeRespond Monitor Detect AnalyzeRespond Monitor Detect AnalyzeRespond Monitor
Company Confidential - © 2016 Lancope, Inc. All rights reserved. Detection Methodology • Signature = Inspect Object against blacklist – IPS, Antivirus, Content Filter • Behavioral = Inspect Victim behavior against blacklist – Malware Sandbox, NBAD, HIPS, SIEM • Anomaly = Inspect Victim behavior against whitelist – NBAD, Quantity/Metric-based – Not Signature-based Signature Behavioral Anomaly Known Exploits BEST Good Limited 0-day Exploits Limited BEST Good Credential Abuse Limited Limited BEST
Company Confidential - © 2016 Lancope, Inc. All rights reserved. WAN DATACENTER ACCESS CORE3560-X Atlanta New York San Jose 3850 Stack(s) Cat4k ASA Internet Cat6k VPC Servers 3925 ISR ASR-1000 Nexus 7000 UCS with Nexus 1000v © 2014 Lancope, Inc. All rights reserved. Network As A Sensor (NaaS) Internal Visibility from Edge to Access Edge WAN Firewall IPS Proxy Core Distribution Access UCS ISE Reputation
Company Confidential - © 2016 Lancope, Inc. All rights reserved. Flow – The Network Phone Bill Flow Cache Destination IP Origin IP Destination Port Origin Port L3 Protocol DSCP Flow Info Packet Bytes/Packet Origin IP , Port, Proto... 11000 1528 … … … … … … Monthly Statement Bill At-A-Glance Flow Record Telephone Bill
Company Confidential - © 2016 Lancope, Inc. All rights reserved. Network As A Sensor (NaaS)
Company Confidential - © 2016 Lancope, Inc. All rights reserved. Behavioral Detection Model As flows are collected, behavioral algorithms are applied to build “Security Events.” Security Events will add points to an alarm category to allow for easy summarization higher degree of confidence of the type of activity detected. Detect Behavioral Change Addr_Scan Bad_Flag Beaconing Host Bot Infected Host – Successful Brute Force Login Fake Application Flow_Denied ICMP Flood Max Flows Initiated Max Flows Served Suspect Quiet Long Flow Suspect Data Loss SYN Flood UDP Received… (+255 custom defined events) Security Events (94 +) Recon C&C Exploitation Data Hoarding Exfiltration Policy Violation DDoS Target Alarm Category Alarm Table Host Snapshot Email Syslog/ SIEM Mitigation Response
Company Confidential - © 2016 Lancope, Inc. All rights reserved. Behavioral Detection Model As flows are collected, behavioral algorithms are applied to build “Security Events”. Security Events will add points to an alarm category to allow for easy summarization higher degree of confidence of the type of activity detected. • 100% LAN accountability • 90+ days flow storage average • 365+ days summary data stored • Profile over 1M internal hosts Continuous Network Monitoring Apply Network Segmentation Thenetworkisyoursensor Outside - Internet • Geo Location • Business Partners • Cloud Providers • Social Media Inside - Internal • Location – Site - Branch • Datacenter • Function - Application • Business Unit • Sensitivity - Compliance Build logical boundaries Command & Control • New Malware Families • Point-of-Sale malware • Banking malware • Keylogger, Exfil data • DDOS
Company Confidential - © 2016 Lancope, Inc. All rights reserved. What is Context-Aware Security? The use of situational information (e.g. identity, location, time of day or type of endpoint device) to operationalize security and improve information security decisions. Context-Aware Security
Company Confidential - © 2016 Lancope, Inc. All rights reserved. Breaking Down the Boundaries
Company Confidential - © 2016 Lancope, Inc. All rights reserved. Conclusion • Data breaches are continuing, and growing in size • Shortage of IT security experts and the need for talent is growing. Automation is the way forward. • Cybersecurity is a knowledge-based game • Use your network as a sensor • Context-aware Security Analytics can improve detection and accelerate response through a Continuous Response Loop: • Monitor, Detect, Analyze, Respond (Repeat)
Company Confidential - © 2016 Lancope, Inc. All rights reserved. Thank you! Andrew Wild, Lancope @AWildCSO awild@lancope.com

Recommended

Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchLancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesLancope, Inc.
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Lancope, Inc.
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain OpenDNS
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
 

Recommended

Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchLancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesLancope, Inc.
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Lancope, Inc.
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain OpenDNS
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Fidelis Cybersecurity
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureFidelis Cybersecurity
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsSpyglass Security
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeCristian Garcia G.
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 
NormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield, Inc.
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensiveFidelis Cybersecurity
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Huntsman Security
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricRahul Neel Mani
 
Think Like a Hacker
Think Like a HackerThink Like a Hacker
Think Like a HackerNormShield, Inc.
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateFidelis Cybersecurity
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!NormShield, Inc.
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?centralohioissa
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy BeyondTrust
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Cybersecurity
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Splunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationSplunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationGeorg Knon
 

More Related Content

What's hot

Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Fidelis Cybersecurity
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureFidelis Cybersecurity
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsSpyglass Security
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeCristian Garcia G.
 
NormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield, Inc.
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensiveFidelis Cybersecurity
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Huntsman Security
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricRahul Neel Mani
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateFidelis Cybersecurity
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!NormShield, Inc.
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?centralohioissa
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy BeyondTrust
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Cybersecurity
 

What's hot (20)

Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in Azure
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark Arts
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nube
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
 
NormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration OverviewNormShield Cyber Threat & Vulnerability Orchestration Overview
NormShield Cyber Threat & Vulnerability Orchestration Overview
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the Defensive
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security Fabric
 
Think Like a Hacker
Think Like a HackerThink Like a Hacker
Think Like a Hacker
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
 

Similar to Combating Insider Threats – Protecting Your Agency from the Inside Out

Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Splunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationSplunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationGeorg Knon
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityGeorg Knon
 
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Adam Tice
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Scalar Security Roadshow - Toronto Stop
Scalar Security Roadshow - Toronto StopScalar Security Roadshow - Toronto Stop
Scalar Security Roadshow - Toronto StopScalar Decisions
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarEnhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarAdelaide Hill
 
What a locked down law firm looks like updated
What a locked down law firm looks like updatedWhat a locked down law firm looks like updated
What a locked down law firm looks like updatedDenim Group
 
Analytical Driven Security - Chip Copper
Analytical Driven Security - Chip CopperAnalytical Driven Security - Chip Copper
Analytical Driven Security - Chip Copperscoopnewsgroup
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunk
 
Forcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůForcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůMarketingArrowECS_CZ
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 

Similar to Combating Insider Threats – Protecting Your Agency from the Inside Out (20)

Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
Splunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationSplunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident Investigation
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise Security
 
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Scalar Security Roadshow - Toronto Stop
Scalar Security Roadshow - Toronto StopScalar Security Roadshow - Toronto Stop
Scalar Security Roadshow - Toronto Stop
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarEnhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 
What a locked down law firm looks like updated
What a locked down law firm looks like updatedWhat a locked down law firm looks like updated
What a locked down law firm looks like updated
 
Analytical Driven Security - Chip Copper
Analytical Driven Security - Chip CopperAnalytical Driven Security - Chip Copper
Analytical Driven Security - Chip Copper
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral Analytics
 
Forcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůForcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelů
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
PA SB DC Cyber Brief
PA SB DC Cyber Brief PA SB DC Cyber Brief
PA SB DC Cyber Brief
 

More from Lancope, Inc.

Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecurityLancope, Inc.
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlowLancope, Inc.
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is HereLancope, Inc.
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseLancope, Inc.
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesLancope, Inc.
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 
Protecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesProtecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesLancope, Inc.
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of SpartaLancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Lancope, Inc.
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowLancope, Inc.
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeLancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Reverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation TovarReverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation TovarLancope, Inc.
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramLancope, Inc.
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1Lancope, Inc.
 
What's New in StealthWatch v6.5
What's New in StealthWatch v6.5 What's New in StealthWatch v6.5
What's New in StealthWatch v6.5 Lancope, Inc.
 

More from Lancope, Inc. (20)

Solving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is Here
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident Response
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Protecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data BreachesProtecting the Crown Jewels from Devastating Data Breaches
Protecting the Crown Jewels from Devastating Data Breaches
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of Sparta
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14Looking for the weird webinar 09.24.14
Looking for the weird webinar 09.24.14
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Reverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation TovarReverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation Tovar
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response Program
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
What's New in StealthWatch v6.5
What's New in StealthWatch v6.5 What's New in StealthWatch v6.5
What's New in StealthWatch v6.5
 

Recently uploaded

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Combating Insider Threats – Protecting Your Agency from the Inside Out

  • 1. Company Confidential - © 2015 Lancope, Inc. All rights reserved. Andrew Wild The Insider Threat: Protecting Your Organization from the Inside Out Chief Information Security Officer
  • 2. Company Confidential - © 2016 Lancope, Inc. All rights reserved. Who am I? • Information security professional • Background in network engineering • U.S. Army veteran
  • 3. Company Confidential - © 2015 Lancope, Inc. All rights reserved. Evolution of Cyber Conflict War Dialing, Phone Phreaking … Manual Attacks (1980s) Viruses, Worms … Mechanized Attacks (1988) Google, RSA … Talented Human / Mechanized Attackers (2009) Target, Neiman Marcus … DIY Human / Mechanized Attackers (2011) Intelligence Driven Human Defenders Manual Defenses Unplug Mechanized Defenses Firewall, IDS/IPS Targeted Human/Mechanized DefendersReputation, App-aware Firewall
  • 4. Company Confidential - © 2016 Lancope, Inc. All rights reserved. Today’s Threat Landscape Despite $32 billion spent on conventional tools, threats continue to evade detection… …data breaches continue 17 http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  • 5. Company Confidential - © 2016 Lancope, Inc. All rights reserved. Sobering Statistics http://www.idtheftcenter.org/images/breach/DataBreachReports_2015.pdf
  • 6. Company Confidential - © 2016 Lancope, Inc. All rights reserved. http://www.idtheftcenter.org/images/breach/ITRCBreachStatsReportSummary2015.pdf
  • 7. Company Confidential - © 2016 Lancope, Inc. All rights reserved.
  • 8. Company Confidential - © 2016 Lancope, Inc. All rights reserved.
  • 9. Company Confidential - © 2016 Lancope, Inc. All rights reserved.
  • 10. Company Confidential - © 2016 Lancope, Inc. All rights reserved.
  • 11. Company Confidential - © 2016 Lancope, Inc. All rights reserved.
  • 12. Company Confidential - © 2016 Lancope, Inc. All rights reserved.
  • 13. Company Confidential - © 2016 Lancope, Inc. All rights reserved. http://espn.go.com/mlb/story/_/id/14531169/christopher-correa-former-st-louis-cardinals-executive-pleads-guilty-hacking-houston-astros-database
  • 14. Company Confidential - © 2016 Lancope, Inc. All rights reserved. CISO Thoughts on Another Breach in the News • Not another one…. • Is my organization prepared? – Could we detect this event? – Would we do better or worse than the latest victim? – Asset Management • Do we know what we have? – Access Control • Privileged Credential Management/Monitoring. • Egress filtering & monitoring • Network segmentation – Detection • How mature are our capabilities? • Do we have pervasive visibility across our entire environment? – Incident Response • Are we prepared to manage an incident like this? • What can we learn from the this recent breach?
  • 15. Company Confidential - © 2016 Lancope, Inc. All rights reserved. Today Top Threats Still Get Through 243 days before attackers were discovered 621 incidents & over 44 million compromised records $3.03M is the avg. lost business cost of a breach in the US F W IPS IDS
  • 16. Company Confidential - © 2015 Lancope, Inc. All rights reserved. • Employees • Contractors • Partners What/Who is an Insider?
  • 17. Company Confidential - © 2015 Lancope, Inc. All rights reserved.
  • 18. Company Confidential - © 2015 Lancope, Inc. All rights reserved. http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
  • 19. Company Confidential - © 2015 Lancope, Inc. All rights reserved. http://www.bbc.com/news/world-us-canada-23123964
  • 20. Company Confidential - © 2015 Lancope, Inc. All rights reserved. http://money.cnn.com/2015/10/07/media/matthew-keys-convicted-los-angeles-times/
  • 21. Company Confidential - © 2015 Lancope, Inc. All rights reserved. Why are Insider Threats on the Rise?
  • 22. Company Confidential - © 2015 Lancope, Inc. All rights reserved. What are the Top Types of Insider Threats?
  • 23. Company Confidential - © 2015 Lancope, Inc. All rights reserved. Forrester Research: https://www.forrester.com/Understand The State Of Data Security And Privacy 2013 To 2014/fulltext/-/E-RES82021
  • 24. Company Confidential - © 2015 Lancope, Inc. All rights reserved. https://www.clearswift.com/about-us/pr/press-releases/new-research-reveals-more-third-employees-willing-sell-private-company-data-and-proprietary
  • 25. Company Confidential - © 2015 Lancope, Inc. All rights reserved. https://www.clearswift.com/about-us/pr/press-releases/new-research-reveals-more-third-employees-willing-sell-private-company-data-and-proprietary
  • 26. Company Confidential - © 2015 Lancope, Inc. All rights reserved. http://www.verizonenterprise.com/DBIR/
  • 27. Company Confidential - © 2015 Lancope, Inc. All rights reserved.
  • 28. Company Confidential - © 2015 Lancope, Inc. All rights reserved.
  • 29. Company Confidential - © 2015 Lancope, Inc. All rights reserved.
  • 30. Company Confidential - © 2015 Lancope, Inc. All rights reserved. 5 Steps to Manage the Insider Threat • Create a strong insider policy • Improve awareness • Strong hiring processes with screening • Rigorous subcontracting & third party risk management • Monitor employees
  • 31. Company Confidential - © 2015 Lancope, Inc. All rights reserved.
  • 32. Company Confidential - © 2015 Lancope, Inc. All rights reserved.
  • 33. Company Confidential - © 2015 Lancope, Inc. All rights reserved. We Have to Change the Game!
  • 34. Company Confidential - © 2015 Lancope, Inc. All rights reserved. Changing the Game Defenders need to find hundreds of vulnerabilities and fix them all, while the attackers only need to find one Attackers need to complete a series of operations without being detected, while the defenders only need to detect them in one
  • 35. Company Confidential - © 2016 Lancope, Inc. All rights reserved. Phases of the Attack Continuum (chain) Infiltration Exfiltration
  • 36. Company Confidential - © 2016 Lancope, Inc. All rights reserved. Lancope’s Continuous Response Loop Detect AnalyzeRespond Monitor • Monitor • Detect • Analyze • Respond
  • 37. Company Confidential - © 2016 Lancope, Inc. All rights reserved. Continuous Response along the Attack Continuum Infiltration Exfiltration Raising the cost to adversaries through Continuous Response Detect AnalyzeRespond Monitor Detect AnalyzeRespond Monitor Detect AnalyzeRespond Monitor Detect AnalyzeRespond Monitor Detect AnalyzeRespond Monitor Detect AnalyzeRespond Monitor
  • 38. Company Confidential - © 2016 Lancope, Inc. All rights reserved. Detection Methodology • Signature = Inspect Object against blacklist – IPS, Antivirus, Content Filter • Behavioral = Inspect Victim behavior against blacklist – Malware Sandbox, NBAD, HIPS, SIEM • Anomaly = Inspect Victim behavior against whitelist – NBAD, Quantity/Metric-based – Not Signature-based Signature Behavioral Anomaly Known Exploits BEST Good Limited 0-day Exploits Limited BEST Good Credential Abuse Limited Limited BEST
  • 39. Company Confidential - © 2016 Lancope, Inc. All rights reserved. WAN DATACENTER ACCESS CORE3560-X Atlanta New York San Jose 3850 Stack(s) Cat4k ASA Internet Cat6k VPC Servers 3925 ISR ASR-1000 Nexus 7000 UCS with Nexus 1000v © 2014 Lancope, Inc. All rights reserved. Network As A Sensor (NaaS) Internal Visibility from Edge to Access Edge WAN Firewall IPS Proxy Core Distribution Access UCS ISE Reputation
  • 40. Company Confidential - © 2016 Lancope, Inc. All rights reserved. Flow – The Network Phone Bill Flow Cache Destination IP Origin IP Destination Port Origin Port L3 Protocol DSCP Flow Info Packet Bytes/Packet Origin IP , Port, Proto... 11000 1528 … … … … … … Monthly Statement Bill At-A-Glance Flow Record Telephone Bill
  • 41. Company Confidential - © 2016 Lancope, Inc. All rights reserved. Network As A Sensor (NaaS)
  • 42. Company Confidential - © 2016 Lancope, Inc. All rights reserved. Behavioral Detection Model As flows are collected, behavioral algorithms are applied to build “Security Events.” Security Events will add points to an alarm category to allow for easy summarization higher degree of confidence of the type of activity detected. Detect Behavioral Change Addr_Scan Bad_Flag Beaconing Host Bot Infected Host – Successful Brute Force Login Fake Application Flow_Denied ICMP Flood Max Flows Initiated Max Flows Served Suspect Quiet Long Flow Suspect Data Loss SYN Flood UDP Received… (+255 custom defined events) Security Events (94 +) Recon C&C Exploitation Data Hoarding Exfiltration Policy Violation DDoS Target Alarm Category Alarm Table Host Snapshot Email Syslog/ SIEM Mitigation Response
  • 43. Company Confidential - © 2016 Lancope, Inc. All rights reserved. Behavioral Detection Model As flows are collected, behavioral algorithms are applied to build “Security Events”. Security Events will add points to an alarm category to allow for easy summarization higher degree of confidence of the type of activity detected. • 100% LAN accountability • 90+ days flow storage average • 365+ days summary data stored • Profile over 1M internal hosts Continuous Network Monitoring Apply Network Segmentation Thenetworkisyoursensor Outside - Internet • Geo Location • Business Partners • Cloud Providers • Social Media Inside - Internal • Location – Site - Branch • Datacenter • Function - Application • Business Unit • Sensitivity - Compliance Build logical boundaries Command & Control • New Malware Families • Point-of-Sale malware • Banking malware • Keylogger, Exfil data • DDOS
  • 44. Company Confidential - © 2016 Lancope, Inc. All rights reserved. What is Context-Aware Security? The use of situational information (e.g. identity, location, time of day or type of endpoint device) to operationalize security and improve information security decisions. Context-Aware Security
  • 45. Company Confidential - © 2016 Lancope, Inc. All rights reserved. Breaking Down the Boundaries
  • 46. Company Confidential - © 2016 Lancope, Inc. All rights reserved. Conclusion • Data breaches are continuing, and growing in size • Shortage of IT security experts and the need for talent is growing. Automation is the way forward. • Cybersecurity is a knowledge-based game • Use your network as a sensor • Context-aware Security Analytics can improve detection and accelerate response through a Continuous Response Loop: • Monitor, Detect, Analyze, Respond (Repeat)
  • 47. Company Confidential - © 2016 Lancope, Inc. All rights reserved. Thank you! Andrew Wild, Lancope @AWildCSO awild@lancope.com

Editor's Notes

  1. 1980’s In August 1986 at Lawrence Berkley National Laboratory in California, Clifford Stoll a sys admin was looking into a $0.75 accounting error in computer usage. Reported as one of the first documented case of a computer break in. 1990s- early 2000s, started seeing automated attacks, scripts worms, viruses (Morris Worm was in 1988), Melissa Virus, infected macro virus March 26, 1999 I love you virus May 5, 2000, email virus, malware attachment Conficker a worm from November 2008. used advanced malware techniques. Largest computer work Late 2000 first appearance of what was defined as APT: Operation Aurora, launched against Google, Adobe, Juniper, Rackspace, Yahoo, Symantec and others. Mostly nation state level threat actors. Most recently, we’re seeing the monetization of advanced malware with packages available for sale such as the Zeus malware. The availability of sophisticated, advanced malware that can be purchased raises the stakes and makes everyone a target. Bots for hire, EaaS Rise of cyber security threat intelligence, information sharing, and automation of security intelligence into the detection process.
  2. So the irony is that despite $32 billions spent on preventative technologies, attacks still happen. Our market requires defense-in-depth, which is really a code to buy a lot of products. Although you’ve implemented a ton of products, the adversary is still moving faster than you have the ability to keep them out. Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  3. PII for as many as four million government employees, as well as up to 40 years of security clearance data
  4. So what does that imply? Well, of course, it implies that the adversary is already in. And with an adversary that has already essentially either put a botnet or piece of malware or maybe it’s something even more advanced and targeted, now the fact that that compromise sits inside your network requires a very different approach to how you want to go and find, remediate, identify inside of your environment. So when you look at Lancope’s StealthWatch, you talk about telemetry data, you’re talking about the ability to collect 90 or 100% accounting of every transaction in the network, and to be able to illuminate at a affordable rate, the ability to detect these types of rogue attacks that are happening inside that LAN. Sources: -Mandiant M-Trends® 2013:  The typical advanced attack goes unnoticed for nearly eight months. Attackers spend an estimated 243 days on a victim’s network before they are discovered –  173 days fewer than in 2011. Though organizations have reduced the average time between compromise and detection by 40%, many are still compromised for several years before detecting a breach. -Verizon’s 2013 Data Breach Investigations Report The report compiles information from over 47,000 security incidents and 621 confirmed data breaches that resulted in at least 44 million compromised records. -Ponemon’s 2013 Cost of Data Breach: United States Lost business costs were $3.03 million in 2012. These costs refer to abnormal turnover of customers (a higher than average loss of customers for the industry or organization), increased customer acquisition activities, reputation losses and diminished goodwill. During the eight years we studied this aspect of a data breach, the highest cost for lost business was $4.59 million in 2008. This year’s cost of lost business represents the lowest cost since the inception of this study in 2005.
  5. https://digitalsecurity.intel.com/clicksmart/en/ http://venturebeat.com/2014/06/19/95-of-successful-security-attacks-are-the-result-of-human-error/
  6. 3 - https://www.forrester.com/Understand 6 - http://www.lancope.com/ponemon-incident-response/ 7 - http://enterprise-encryption.vormetric.com/rs/vormetric/images/ap-vormetric-insider-threat-esg-research-brief.pdf 8 - http://enterprise-encryption.vormetric.com/2014-Insider-Threat-Report-European-Edition-US.html
  7. https://hbr.org/2014/09/the-danger-from-within/ar/pr
  8. 3 - https://www.forrester.com/Understand 6 - http://www.lancope.com/ponemon-incident-response/ 7 - http://enterprise-encryption.vormetric.com/rs/vormetric/images/ap-vormetric-insider-threat-esg-research-brief.pdf 8 - http://enterprise-encryption.vormetric.com/2014-Insider-Threat-Report-European-Edition-US.html
  9. 3 - https://www.forrester.com/Understand 6 - http://www.lancope.com/ponemon-incident-response/ 7 - http://enterprise-encryption.vormetric.com/rs/vormetric/images/ap-vormetric-insider-threat-esg-research-brief.pdf 8 - http://enterprise-encryption.vormetric.com/2014-Insider-Threat-Report-European-Edition-US.html
  10. Attackers are getting better/faster at what they do at a higher rate than defenders are improving their trade. The bad guys seldom need days to get their job done, while the good guys rarely manage to get theirs done in a month of Sundays.
  11. Lockheed Martin first discussed the “cyber kill chain” to describe the phases of how cyber attacks progress, to provide defenders an opportunity to disrupt the attack before the exfiltration.
  12. Continuous response loop is a variation of the US Air Force OODA loop, developed by USAF Colonel John Boyd Multiple non military model have been based upon this, including examples like: PDCA: Plan Do Check Act Observe Orient Decide Act
  13. So Cisco really likes this term, as do I, network as a sensor, right. You, you have your sensor grid already deployed, we are going to take advantage of the investment you’ve already made in that, in that route switch infrastructure to be able to provide you security analytics from within. So this is a, this slide really is intended to talk to the areas within the network that they can go and enable visibility today.
  14. DSCP: Differentiated services code point: a QOS value.
  15. Through baselining, a model of “normal” is created for the network, and security events trigger when host deviate from normal behavior. Points are assigned to one or multiple alarm categories to help prioritize the stages of an attack, and when events trigger can respond through GUI, email/syslog, and mitigation (ASA, ISE, etc…) Give examples of a host performing addr_scan (which builds Recon) followed by Brute Force Login (which builds Exploitation) followed by suspect data loss (which builds Exfiltration) and tunneling traffic with Fake Application (which builds C&C).
  16. Discuss collecting flows as close to the user edge as possible with the goal to provide 100% LAN host-to-host, east-west visibility: server to server within datacenter, host to host within same building, etc… will by default see north south traffic by focusing on east-west. Hover over the word FLOWS within continuous network monitoring Prior to talking about detection discuss long term retention of flows for forensics, good or bad traffic, everything is accounted for. On average 90+ days of flow storage but can be architected to meet requirements. ASK: can you pick any host on your network and pull back every conversation they were involved in for the past 3 months? Surface Threats through behavioral changes Forensics Capacity Planning Data for FW provisioning Rules to detect unauthorized traffic Discuss to concept of Host Groups for Network Segmentation: Physical segmentation can be challenging, especially after the network has been built Internal = Inside Internet = Outside Command and Control = known bad Click on “Apply Network Segmentation” to view an example host group tree. Once on the slide with the host group tree, Click on the Host Group tree to return to this slide. Further segment by compliance, location, crown jewels, datacenter, etc… Apply alarms (host lock/custom event) for unauthorized packets crossing boundaries or unwanted applications.
  17. The market is beginning define context-aware security, which Lancope has pioneered. Lancope has done this forever with flow data; we have spent half of our time determining how we enrich flow data. So the use of situational information like identity, location, time of data, application, etc. help our customers to operationalize security and improve security decisions. This is a perfect marriage of metadata and context for real time detection and post-incident response. This actionable security intelligence is where Lancope is driving in the future.
  18. Now the metadata we collect, we can talk more about but it really is a, it is a feature and a function that is embedded in every Layer-3 device you have inside this network. All you have to do is for command lines, go into your router or your switch, ask it to export this summary data to our device, and we will sit there in listening mode, ready to capture it, and begin profiling what that traffic actually looks like. So there is no cost to turn it on. It’s high, we are highly scalable. It provides low latency, minimal impact on your memory and CPU usage inside your environment, and it’s free. So what we’ve seen is, at Walmart, you know, in a day, in, in 10 minutes they turn on 5000 store routers and began pointing it back across their WAN into a single IP that was at the center of this chart, the FlowCollector. That’s how easy it is. Most of the onus actually falls on your network organization to go and instrument these commands inside of IOS, inside of your Cisco environment and point it back out to StealthWatch. And once that data starts hitting us, we begin auditing, accounting it, profiling it.