SlideShare a Scribd company logo

How to Catch a Wolf in Sheep's Clothing

ThinAir
ThinAir

www.thinair.com Concern about insider threats are rampant. Disgruntled employees that have access to sensitive data are common. When a breach does occur how do you identify which computers were involved in the breach? This session, originally held at Techno Security & Digital Forensics Conference, will discuss some of the major pain points of an insider threat investigation and how to mitigate them. We’ll also review three different case studies that occurred at Google, Palantir and the DOD.

Technology
1 of 18
Download to read offline
How to Catch a Wolf in Sheep’s Clothing Techno Security & Digital Forensics Conference
Roadmap o Insider Threat Landscape □ What has changed the landscape? □ Trends □ Security priorities in a changing landscape o Identifying “At Risk” assets o Even the savviest companies have “Insider” problems □ Google / Waymo -> unable to attribute actions to an individual □ Palantir -> limiting scope of an investigation o Pain points in an Insider Threat Investigation o Mitigating an Insider Threat o Conclusions / Recommendations
Who is a Threat? (Is it not always clear)
Quick Overview - Insider Threats o Due to the increased importance of technology (aka digitalization), employees have greater ability to rapidly cause more damage o 74% of companies feel they are vulnerable to insider threats, with 7% reporting extreme vulnerability o Insider threats can go undetected for years o It is hard to distinguish harmful actions from regular work o Data is increasingly easy to monetize on the dark web o Access to data is required for people to do their job These trends will result in insider threats becoming increasingly dangerous
Trends Not just growth but other qualitative trends… o Some employees are interested in personal or financial gain o According to Verizon’s DBIR, 77 percent of internal breaches were deemed to be by employees, 11 percent by external actors only, 3 percent were from partners and 8 percent involved internal-external collusion o Of that 77 percent 31.5 percent of breaches stem from malicious insiders, with another 23.5 percent resulting from actions by inadvertent actors o 90 percent of organizations reported suffering from at least one data breach in the last two years, with 45 percent reporting five or more breaches (Ponemon Institute)
Security Priorities - Increase Visibility and Context Visibility Context Who has access to sensitive data? What events lead up to a data breach? Which computers and applications access sensitive data? What has an employee been doing in the days leading up to leaving the company? Are data governance policies being followed? Are your DLP rules providing adequate protection? How do you enable your employees to be productive in an increasingly fast-paced data-driven world while maintaining the security of your organization’s data?
Profiles of Insider Threats https://www.intel.com/content/dam/www/public/us/en/documents/best-practices/a-field-guide-to-insider-threat-paper.pdf
Identifying at Risk Assets Easy to Monetize Easy to Remove Difficult to Attribute High Impact
How do you Identify Risky Insiders?
Waymo + Uber
Palantir
Pain Points in an Investigation Detecting How do you discriminate between normal activity and activity leading to an insider driven breach? Investigating Difficult to identify which computer / person was involved in the breach. In large organizations often 1000+ devices / people could be involved Attributing Hard to prove that a specific person performed certain actions
Insider Threat Kill Chain
Developing an Insider Threat Program Gain senior leadership endorsement Develop repeatable process to monitor and mitigate insider threats Identify and understand critical assets Use analytics to strengthen the program backbone Coordinate with legal counsel to address privacy, data protection and data transfer Screen employees and vendors regularly Implement processes following uniform standards involving the right stakeholders Create curriculum to generate awareness about insider threats and their risks
Insider Threat Solution Ecosystem Network based tools Behavior based tools Employee screening tools Endpoint tools
Summary o Insider threats are a major problem and will become even worse in the future o Organizations need increased visibility into user-information interaction o Evaluate new nimble/easy to use security tools that can help you quickly identify, investigate and mitigate insider threats o Developing an Insider threat program needs to be a priority and needs to be continuously updated as the organization evolves
Thank You www.thinair.com testdrive@thinair.com

Recommended

Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
dianadvo
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider Threat
Andrew Case
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
PECB
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasures
KAMRAN KHALID
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber Security
Allen Zhang
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
centralohioissa
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistance
Paul-Charife Allen
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
Lancope, Inc.
 

Recommended

Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
dianadvo
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider Threat
Andrew Case
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
PECB
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasures
KAMRAN KHALID
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber Security
Allen Zhang
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
centralohioissa
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistance
Paul-Charife Allen
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
Lancope, Inc.
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Resilient Systems
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
The Network Support Company
 
Proactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider ThreatProactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider Threat
Priyanka Aash
 
Human Error in Cyber Security
Human Error in Cyber SecurityHuman Error in Cyber Security
Human Error in Cyber Security
Antti Ollila
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
Mekhi Da ‘Quay Daniels
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
zhihaochen
 
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016Data exfiltration so many threats 2016
Data exfiltration so many threats 2016
FitCEO, Inc. (FCI)
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
Murray Security Services
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
Stephen Cobb
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
centralohioissa
 
Comprehensive Data Leak Prevention
Comprehensive Data Leak PreventionComprehensive Data Leak Prevention
Comprehensive Data Leak Prevention
Tanvir Hashmi
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
Tarun Gupta,CRISC CISSP CISM CISA BCCE
 
You will be breached
You will be breachedYou will be breached
You will be breached
Mike Saunders
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1
NetWatcher
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
Stephen Cobb
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
Abdul Manaf Vellakodath
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
Zivaro Inc
 
Ht t17
Ht t17Ht t17
Ht t17
SelectedPresentations
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
banerjeea
 
Information Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based ApproachInformation Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based Approach
Global Business Events - the Heart of your Network.
 

More Related Content

What's hot

Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Resilient Systems
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
centralohioissa
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
Zivaro Inc
 

What's hot (20)

Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
 
Proactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider ThreatProactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider Threat
 
Human Error in Cyber Security
Human Error in Cyber SecurityHuman Error in Cyber Security
Human Error in Cyber Security
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016Data exfiltration so many threats 2016
Data exfiltration so many threats 2016
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
 
Comprehensive Data Leak Prevention
Comprehensive Data Leak PreventionComprehensive Data Leak Prevention
Comprehensive Data Leak Prevention
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
You will be breached
You will be breachedYou will be breached
You will be breached
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
 
Ht t17
Ht t17Ht t17
Ht t17
 

Similar to How to Catch a Wolf in Sheep's Clothing

Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
banerjeea
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
Mark Lanterman
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0
Satyanandan Atyam
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity Literacy
Casey Fleming
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
galagirishp
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
Russell Publishing
 

Similar to How to Catch a Wolf in Sheep's Clothing (20)

Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
Information Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based ApproachInformation Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based Approach
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
 
How Data Loss Prevention End-Point Agents Use HPE IDOL’s Comprehensive Data C...
How Data Loss Prevention End-Point Agents Use HPE IDOL’s Comprehensive Data C...How Data Loss Prevention End-Point Agents Use HPE IDOL’s Comprehensive Data C...
How Data Loss Prevention End-Point Agents Use HPE IDOL’s Comprehensive Data C...
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
DataGravity Security Pop Quiz
DataGravity Security Pop QuizDataGravity Security Pop Quiz
DataGravity Security Pop Quiz
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0
 
Riverside Healthcare Accelerate Tech 2016 presentation
Riverside Healthcare Accelerate Tech 2016 presentationRiverside Healthcare Accelerate Tech 2016 presentation
Riverside Healthcare Accelerate Tech 2016 presentation
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity Literacy
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
 
Spo2 t17
Spo2 t17Spo2 t17
Spo2 t17
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
The Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideThe Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice Guide
 
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdfInsider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
A Survey On Data Leakage Detection
A Survey On Data Leakage DetectionA Survey On Data Leakage Detection
A Survey On Data Leakage Detection
 

Recently uploaded

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
Expeed Software
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 

Recently uploaded (20)

Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 

How to Catch a Wolf in Sheep's Clothing

  • 1. How to Catch a Wolf in Sheep’s Clothing Techno Security & Digital Forensics Conference
  • 2. Roadmap o Insider Threat Landscape □ What has changed the landscape? □ Trends □ Security priorities in a changing landscape o Identifying “At Risk” assets o Even the savviest companies have “Insider” problems □ Google / Waymo -> unable to attribute actions to an individual □ Palantir -> limiting scope of an investigation o Pain points in an Insider Threat Investigation o Mitigating an Insider Threat o Conclusions / Recommendations
  • 3. Who is a Threat? (Is it not always clear)
  • 4.
  • 5. Quick Overview - Insider Threats o Due to the increased importance of technology (aka digitalization), employees have greater ability to rapidly cause more damage o 74% of companies feel they are vulnerable to insider threats, with 7% reporting extreme vulnerability o Insider threats can go undetected for years o It is hard to distinguish harmful actions from regular work o Data is increasingly easy to monetize on the dark web o Access to data is required for people to do their job These trends will result in insider threats becoming increasingly dangerous
  • 6. Trends Not just growth but other qualitative trends… o Some employees are interested in personal or financial gain o According to Verizon’s DBIR, 77 percent of internal breaches were deemed to be by employees, 11 percent by external actors only, 3 percent were from partners and 8 percent involved internal-external collusion o Of that 77 percent 31.5 percent of breaches stem from malicious insiders, with another 23.5 percent resulting from actions by inadvertent actors o 90 percent of organizations reported suffering from at least one data breach in the last two years, with 45 percent reporting five or more breaches (Ponemon Institute)
  • 7. Security Priorities - Increase Visibility and Context Visibility Context Who has access to sensitive data? What events lead up to a data breach? Which computers and applications access sensitive data? What has an employee been doing in the days leading up to leaving the company? Are data governance policies being followed? Are your DLP rules providing adequate protection? How do you enable your employees to be productive in an increasingly fast-paced data-driven world while maintaining the security of your organization’s data?
  • 8. Profiles of Insider Threats https://www.intel.com/content/dam/www/public/us/en/documents/best-practices/a-field-guide-to-insider-threat-paper.pdf
  • 9. Identifying at Risk Assets Easy to Monetize Easy to Remove Difficult to Attribute High Impact
  • 10. How do you Identify Risky Insiders?
  • 13. Pain Points in an Investigation Detecting How do you discriminate between normal activity and activity leading to an insider driven breach? Investigating Difficult to identify which computer / person was involved in the breach. In large organizations often 1000+ devices / people could be involved Attributing Hard to prove that a specific person performed certain actions
  • 15. Developing an Insider Threat Program Gain senior leadership endorsement Develop repeatable process to monitor and mitigate insider threats Identify and understand critical assets Use analytics to strengthen the program backbone Coordinate with legal counsel to address privacy, data protection and data transfer Screen employees and vendors regularly Implement processes following uniform standards involving the right stakeholders Create curriculum to generate awareness about insider threats and their risks
  • 16. Insider Threat Solution Ecosystem Network based tools Behavior based tools Employee screening tools Endpoint tools
  • 17. Summary o Insider threats are a major problem and will become even worse in the future o Organizations need increased visibility into user-information interaction o Evaluate new nimble/easy to use security tools that can help you quickly identify, investigate and mitigate insider threats o Developing an Insider threat program needs to be a priority and needs to be continuously updated as the organization evolves