Zivaro Inc, profile picture
Uploaded byZivaro Inc
1,033 views

Insider Threat Solution from GTRI

The document discusses insider threats, which are pervasive risks posed by employees or contractors that can lead to significant security breaches, with annual losses estimated at $2.9 trillion. It outlines the importance of prevention through a combination of vigilance, experienced partnerships, and advanced security capabilities. Additionally, it highlights various types of insider threats and the need for comprehensive protection measures against them.

Technology
Related topics:
Information Security

Embed presentation

WWW.GTRI.COM © 2016 Global Technology Resources, Inc. All rights reserved. Insider Threat Solution Understanding Prevalence and Preventative Measures
© 2016 Global Technology Resources, Inc. All Rights Reserved. 2 What Are Insider Threats? • Insider access: Employees, contractors • Exploits/exceeds authorized access • Affects security, systems, daily operations • Not all “malicious” or intentional • Negligence can result in a damaging attack
© 2016 Global Technology Resources, Inc. All Rights Reserved. 3 53% 34% 34% 30% Unintentional Exposure Intellectual Property Theft Unauthorized Access Insider Threat Incidents Are Pervasive Source: 2013 US State of Cybercrime Survey, CSO Magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University, and Price Waterhouse Cooper, June 2013 31% Theft of Other Assets/Data Experienced Insider Attack With Damage Greater Than Outside Attack
© 2016 Global Technology Resources, Inc. All Rights Reserved. 4 Insider Threats Impact Everyone Retail Media and Entertainment Government Industry Healthcare Energy and Utilities Small Business More…
© 2016 Global Technology Resources, Inc. All Rights Reserved. 5 Insider Threat Damage Leaked Unreleased Films 70 Million Customers PII Breach Attacked, Breached Substation 4 Million Personal Records Proprietary Formula Stolen, Sold PIN Pads in 63 Stores Hacked Sensitive Information, Salaries $10M Lawsuit Settlement $100M Security Program “Crown Jewel” Intelligence to China Chinese Competitor Bought Large, Class Action Law Suit
© 2016 Global Technology Resources, Inc. All Rights Reserved. 6 Insider Threat Protection • Best-of-breed solutions are important, but not fool proof • Vigilance is necessary to protect against insider threats that affect data, reputation, safety and the bottom line
© 2016 Global Technology Resources, Inc. All Rights Reserved. 7 Insider Threats: Where Exposure Occurs • Device Level Threats • Network Level Threats • User Proficiency Threats • User Behavior Threats • Social Media Threats
© 2016 Global Technology Resources, Inc. All Rights Reserved. 8 Network Level Threats Combating Threats: Critical Capabilities Profile Non- Standard Network Communication Detect Slow, Stealthy User Device Threats Identify Suspect Network Activity
© 2016 Global Technology Resources, Inc. All Rights Reserved. 9 Network Level Threat Protection • In-depth Security Context • Complete Picture of Network Activity • Actionable Security Intelligence • Faster Threat Detection • Advanced Forensic Tools • Improved Incident Response STEALTHWATCH BY LANCOPE
© 2016 Global Technology Resources, Inc. All Rights Reserved. 10 Summary • Insider Threats o Pervasive o Not limited to high-profile targets o Big business: Losses of $2.9 trillion annually1 • Insider Threat Protection o Starts with C-Level commitment o More than screening, perimeter security o Best accomplished with experienced partner/services provider 1. 2013 US State of Cybercrime Survey, CSO Magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University, and Price Waterhouse Cooper, June 2013
WWW.GTRI.COM © 2016 Global Technology Resources, Inc. All rights reserved. sales@gtri.com | 877.603.1984 | @gtri_global Thank You
Mark Belcher Ken Daniels Bart Gates Stealthwatch-Cisco Stealthwatch-CiscoStealthwatch-Cisco PAM CSE SAM Cisco Stealthwatch
IOT and what does it mean?
Shrinking the Attack Surface?????
Pace of Disruption 124 years 25 years 12 years
Scale of Disruption $300B $40B 1 Million Rooms
Cisco Security – Simple will get you breached but complex will get you beat! AnyConnect Threatgrid ISE AMP Talos TrustSec Firepower ASA ESA WSACisco StealthWatch OpenDNS
AnyConnect
Open DNS
ISE
ESA/WSA
ASA
FirePower/AMP
Talos
ThreatGrid
TrustSec
StealthWatch
Signature Anomaly Behavior Advanced Detection Methods Signature = Object against blacklist • IPS, Antivirus, Content Filter Behavior = Inspect Victim behavior against blacklist • Malware Sandbox, NBAD, HIPS, SIEM Anomaly = Inspect Victim behavior against whitelist • NBAD, Quantity/Metric based—not Signature based Signature Behavior Anomaly Known Exploits BEST Good Limited 0-day Exploits Limited BEST Good Insider Abuse Limited Limited BEST
enterprise network Attacker Perimeter (Inbound) Perimeter (Outbound) Infiltration and Backdoor establishment 1 C2 Server Admin Node Reconnaissance and Network Traversal 2 Exploitation and Privilege Elevation 3 Staging and Persistence (Repeat 2,3,4) 4 Data Exfiltration 5 Anatomy of a Data Breach
What does Stealthwatch do? Network Segmentation Internal Threat Visibility Incident Response
© 2014 Lancope, Inc. All rights reserved. Ideal Visibility Solution? 32 Full packet capture everywhere…? InternetAmador Delta Solano Edge Routing DMZ Switching Datacenter Switches Perimeter Security Core SwitchingHub Router WAN Routers Access Switching IDF Datacenter WAN DMZ Access 32
© 2014 Lancope, Inc. All rights reserved. Ubiquitous visibility via Telemetry 33 … your infrastructure is the source: InternetAmador Delta Solano Border DMZ Virtual Hosts Perimeter Datacenter WAN Hub WAN Access IDF Datacenter WAN DMZ Access Flow Flow Flow Flow Flow Flow Flow Flow Flow Flow Flow Flow Flow Flow Flow Flow 33 * For every 1MB of External (N/S) traffic 5MB of Internal (E/W) traffic is created
© 2014 Lancope, Inc. All rights reserved. Visibility via Flow Metadata 34 Telephone bill Flow
Host Groups – The Secret Sauce! 35 • Location – site – branch • Datacenter • Function – application • Business unit • Sensitivity – compliance • New malware families • Point-of-sale malware • Banking malware • Keylogger, exfil data • DDoS Outside – Internet • Geo-location • Business partners • Cloud providers • Social media Inside – Internal Command & Control Apply Network Segmentation Build Logical Boundaries
Profile Business Critical Processes
StealthWatch Enables Network Visibility EVERYTHING must touch the network KNOW every host Know what is NORMAL What else can the network tell me? RECORD every conversation Gain Context-Aware Security Company Network Assess Audit Posture Response Context Detect Alert to CHANGE Store for MONTHS
www.cs.co/sellingstealthwatch

More Related Content

PPTX
Insider threat v3
byLancope, Inc.
 
PDF
5 Signs you have an Insider Threat
byLancope, Inc.
 
PDF
Identify and Stop Insider Threats
byLancope, Inc.
 
PPTX
Insider threat kill chain
byTarun Gupta,CRISC CISSP CISM CISA BCCE
 
PDF
Detecting-Preventing-Insider-Threat
byMike Saunders
 
PPTX
Insider Threat Final Powerpoint Prezi
byKashif Semple
 
PPSX
Insider threats and countermeasures
byKAMRAN KHALID
 
PDF
Ht t17
bySelectedPresentations
 
Insider threat v3
byLancope, Inc.
 
5 Signs you have an Insider Threat
byLancope, Inc.
 
Identify and Stop Insider Threats
byLancope, Inc.
 
Insider threat kill chain
byTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Detecting-Preventing-Insider-Threat
byMike Saunders
 
Insider Threat Final Powerpoint Prezi
byKashif Semple
 
Insider threats and countermeasures
byKAMRAN KHALID
 
Ht t17
bySelectedPresentations
 

What's hot

PPTX
Insider Threat Summit - The Future of Insider Threat Detection
byObserveIT
 
PDF
How to Build an Insider Threat Program in 30 Minutes
byObserveIT
 
PDF
The Accidental Insider Threat
byMurray Security Services
 
PDF
Proactive Measures to Defeat Insider Threat
byAndrew Case
 
PPTX
Why Insider Threat is a C-Level Priority
byDavid Mai, MBA
 
PPTX
Insider Threat
byAndy Thompson
 
PDF
Internal Threats: The New Sources of Attack
byMekhi Da ‘Quay Daniels
 
PPTX
VAPT - Vulnerability Assessment & Penetration Testing
byNetpluz Asia Pte Ltd
 
PPT
The insider versus external threat
byzhihaochen
 
PPTX
Unintentional Insider Threat featuring Dr. Eric Cole
byDavid Mai, MBA
 
PDF
Insider threat
byARCON TECHSOLUTIONS
 
PDF
Expert FSO Insider Threat Awareness
byEric Schiowitz
 
PDF
Insider Threat Detection Recommendations
byAlienVault
 
PDF
Hunting for cyber threats targeting weapon systems
byFidelis Cybersecurity
 
PDF
Craft Your Cyber Incident Response Plan (Before It's Too Late)
byResilient Systems
 
PDF
Data Security in Healthcare
byQuick Heal Technologies Ltd.
 
PPTX
Insider Threats: Out of Sight, Out of Mind?
byObserveIT
 
PDF
VAPT Infomagnum
byARUN REDDY M
 
PDF
Cisa ransomware guide
byanpapathanasiou
 
DOCX
SEC440: Incident Response Plan
byThomas Christopher Ty
 
Insider Threat Summit - The Future of Insider Threat Detection
byObserveIT
 
How to Build an Insider Threat Program in 30 Minutes
byObserveIT
 
The Accidental Insider Threat
byMurray Security Services
 
Proactive Measures to Defeat Insider Threat
byAndrew Case
 
Why Insider Threat is a C-Level Priority
byDavid Mai, MBA
 
Insider Threat
byAndy Thompson
 
Internal Threats: The New Sources of Attack
byMekhi Da ‘Quay Daniels
 
VAPT - Vulnerability Assessment & Penetration Testing
byNetpluz Asia Pte Ltd
 
The insider versus external threat
byzhihaochen
 
Unintentional Insider Threat featuring Dr. Eric Cole
byDavid Mai, MBA
 
Insider threat
byARCON TECHSOLUTIONS
 
Expert FSO Insider Threat Awareness
byEric Schiowitz
 
Insider Threat Detection Recommendations
byAlienVault
 
Hunting for cyber threats targeting weapon systems
byFidelis Cybersecurity
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
byResilient Systems
 
Data Security in Healthcare
byQuick Heal Technologies Ltd.
 
Insider Threats: Out of Sight, Out of Mind?
byObserveIT
 
VAPT Infomagnum
byARUN REDDY M
 
Cisa ransomware guide
byanpapathanasiou
 
SEC440: Incident Response Plan
byThomas Christopher Ty
 

Viewers also liked

PDF
The Insider's Guide to the Insider Threat
byImperva
 
PPTX
Combating Insider Threats – Protecting Your Agency from the Inside Out
byLancope, Inc.
 
PPTX
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
byObserveIT
 
PPTX
Insider Threat Kill Chain: Detecting Human Indicators of Compromise
byTripwire
 
PDF
IQ4 Final Presentation (1)
byChathura Wickramage
 
PPTX
Insider Threat_BAH_Turner
byBob Turner
 
PPT
The insider versus external threat
byzhihaochen
 
PPTX
Why Insider Threat is a C-Level Priority
byObserveIT
 
PPTX
SolarWinds Federal Cybersecurity Survey 2015
bySolarWinds
 
PPTX
Gov Day Sacramento 2015 - User Behavior Analytics
bySplunk
 
PDF
Insider Threat – The Visual Conviction - FIRST 2007 - Sevilla
byRaffael Marty
 
PPTX
Insider Threat Experiences
byNapier University
 
PPTX
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
byObserveIT
 
PDF
Countering insider threat attacks - CDE themed call launch 14 May 2013
byDefence and Security Accelerator
 
PPTX
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
byPhil Legg
 
PDF
NIST - Cybersecurity Framework mindmap
byWAJAHAT IQBAL
 
PDF
007 tubing andpipe
byJohn Hutchison
 
PPT
Robotics classes in mumbai
byVibrant Technologies & Computers
 
The Insider's Guide to the Insider Threat
byImperva
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
byLancope, Inc.
 
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
byObserveIT
 
Insider Threat Kill Chain: Detecting Human Indicators of Compromise
byTripwire
 
IQ4 Final Presentation (1)
byChathura Wickramage
 
Insider Threat_BAH_Turner
byBob Turner
 
The insider versus external threat
byzhihaochen
 
Why Insider Threat is a C-Level Priority
byObserveIT
 
SolarWinds Federal Cybersecurity Survey 2015
bySolarWinds
 
Gov Day Sacramento 2015 - User Behavior Analytics
bySplunk
 
Insider Threat – The Visual Conviction - FIRST 2007 - Sevilla
byRaffael Marty
 
Insider Threat Experiences
byNapier University
 
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
byObserveIT
 
Countering insider threat attacks - CDE themed call launch 14 May 2013
byDefence and Security Accelerator
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
byPhil Legg
 
NIST - Cybersecurity Framework mindmap
byWAJAHAT IQBAL
 
007 tubing andpipe
byJohn Hutchison
 
Robotics classes in mumbai
byVibrant Technologies & Computers
 

Similar to Insider Threat Solution from GTRI

PPTX
Detect Threats Faster
byForce 3
 
PPTX
Insider threats webinar 01.28.15
byLancope, Inc.
 
PPTX
Defending Enterprise IT - beating assymetricality
byClaus Cramon Houmann
 
PPTX
Unintentional Insider Threat featuring Dr. Eric Cole
byDavid Mai, MBA
 
PPTX
Save Your Network – Protecting Healthcare Data from Deadly Breaches
byLancope, Inc.
 
PPTX
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
byLancope, Inc.
 
PPT
NetWitness
byTechBiz Forense Digital
 
PPTX
Presentation infra and_datacentrre_dialogue_v2
byClaus Cramon Houmann
 
PPTX
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
byAndrew Gerber
 
PPTX
Keynote at the Cyber Security Summit Prague 2015
byClaus Cramon Houmann
 
PDF
Stalking the Kill Chain
byEMC
 
PDF
idg_secops-solutions
byJonny Nässlander
 
PDF
Stu r37 a
bySelectedPresentations
 
PPTX
The Perimeter within Modern Business - does it exist?
byZoneFox
 
PDF
Security Industry Overview
byThomvest Ventures
 
PDF
Cyber Security Services for Mitigating Insider Threats.
bykandrasupriya99
 
PPTX
Keynote Information Security days Luxembourg 2015
byClaus Cramon Houmann
 
PPT
Managing insider threat
bymilliemill
 
PPTX
The Modern Business Has No Perimeter - ZoneFox
byZoneFox
 
PPTX
Cisco Network Insider: Three Ways to Secure your Network
byRobb Boyd
 
Detect Threats Faster
byForce 3
 
Insider threats webinar 01.28.15
byLancope, Inc.
 
Defending Enterprise IT - beating assymetricality
byClaus Cramon Houmann
 
Unintentional Insider Threat featuring Dr. Eric Cole
byDavid Mai, MBA
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
byLancope, Inc.
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
byLancope, Inc.
 
NetWitness
byTechBiz Forense Digital
 
Presentation infra and_datacentrre_dialogue_v2
byClaus Cramon Houmann
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
byAndrew Gerber
 
Keynote at the Cyber Security Summit Prague 2015
byClaus Cramon Houmann
 
Stalking the Kill Chain
byEMC
 
idg_secops-solutions
byJonny Nässlander
 
Stu r37 a
bySelectedPresentations
 
The Perimeter within Modern Business - does it exist?
byZoneFox
 
Security Industry Overview
byThomvest Ventures
 
Cyber Security Services for Mitigating Insider Threats.
bykandrasupriya99
 
Keynote Information Security days Luxembourg 2015
byClaus Cramon Houmann
 
Managing insider threat
bymilliemill
 
The Modern Business Has No Perimeter - ZoneFox
byZoneFox
 
Cisco Network Insider: Three Ways to Secure your Network
byRobb Boyd
 

More from Zivaro Inc

PPTX
How to Rightsize Your Citrix Investment
byZivaro Inc
 
PPTX
On-Prem vs. Cloud Collaboration Showdown
byZivaro Inc
 
PPTX
Beyond the Phish with GTRI and Wombat Security Technologies
byZivaro Inc
 
PDF
Big Data Workshop: Splunk and Dell EMC...Better Together
byZivaro Inc
 
PDF
Organizational Change Management
byZivaro Inc
 
PDF
Software-Defined WAN 101
byZivaro Inc
 
PDF
SDN Security: Two Sides of the Same Coin
byZivaro Inc
 
PPTX
Denver Big Data Analytics Day
byZivaro Inc
 
PDF
Support Software Defined Networking with Dynamic Network Architecture
byZivaro Inc
 
PDF
Cisco ACI: A New Approach to Software Defined Networking
byZivaro Inc
 
PDF
Software Defined Networking (SDN) Technology Brief
byZivaro Inc
 
PDF
Software Defined Networking (SDN) with VMware NSX
byZivaro Inc
 
PPTX
Splunk Enterprise 6.3 - Splunk Tech Day
byZivaro Inc
 
PPTX
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
byZivaro Inc
 
PPTX
GTRI Splunk Case Studies - Splunk Tech Day
byZivaro Inc
 
PPTX
GTRI Splunk Overview - Splunk Tech Day
byZivaro Inc
 
PDF
Successfully Deploying IPv6
byZivaro Inc
 
PPTX
Single Glass of Pain: See Your World, Maybe You Wish You Hadn't
byZivaro Inc
 
PPTX
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
byZivaro Inc
 
PDF
Successfully Deploying IPv6
byZivaro Inc
 
How to Rightsize Your Citrix Investment
byZivaro Inc
 
On-Prem vs. Cloud Collaboration Showdown
byZivaro Inc
 
Beyond the Phish with GTRI and Wombat Security Technologies
byZivaro Inc
 
Big Data Workshop: Splunk and Dell EMC...Better Together
byZivaro Inc
 
Organizational Change Management
byZivaro Inc
 
Software-Defined WAN 101
byZivaro Inc
 
SDN Security: Two Sides of the Same Coin
byZivaro Inc
 
Denver Big Data Analytics Day
byZivaro Inc
 
Support Software Defined Networking with Dynamic Network Architecture
byZivaro Inc
 
Cisco ACI: A New Approach to Software Defined Networking
byZivaro Inc
 
Software Defined Networking (SDN) Technology Brief
byZivaro Inc
 
Software Defined Networking (SDN) with VMware NSX
byZivaro Inc
 
Splunk Enterprise 6.3 - Splunk Tech Day
byZivaro Inc
 
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
byZivaro Inc
 
GTRI Splunk Case Studies - Splunk Tech Day
byZivaro Inc
 
GTRI Splunk Overview - Splunk Tech Day
byZivaro Inc
 
Successfully Deploying IPv6
byZivaro Inc
 
Single Glass of Pain: See Your World, Maybe You Wish You Hadn't
byZivaro Inc
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
byZivaro Inc
 
Successfully Deploying IPv6
byZivaro Inc
 

Recently uploaded

PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PPTX
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
Why Many Smart Device Platforms Fail to Scale?
byPromeraki Developments
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PPTX
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
PPTX
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
Rustici Software: eLearning standards in the age of AI
byRustici Software
 
PPTX
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
Why Many Smart Device Platforms Fail to Scale?
byPromeraki Developments
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
Rustici Software: eLearning standards in the age of AI
byRustici Software
 
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 

Insider Threat Solution from GTRI

  • 1.
    WWW.GTRI.COM © 2016 GlobalTechnology Resources, Inc. All rights reserved. Insider Threat Solution Understanding Prevalence and Preventative Measures
  • 2.
    © 2016 GlobalTechnology Resources, Inc. All Rights Reserved. 2 What Are Insider Threats? • Insider access: Employees, contractors • Exploits/exceeds authorized access • Affects security, systems, daily operations • Not all “malicious” or intentional • Negligence can result in a damaging attack
  • 3.
    © 2016 GlobalTechnology Resources, Inc. All Rights Reserved. 3 53% 34% 34% 30% Unintentional Exposure Intellectual Property Theft Unauthorized Access Insider Threat Incidents Are Pervasive Source: 2013 US State of Cybercrime Survey, CSO Magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University, and Price Waterhouse Cooper, June 2013 31% Theft of Other Assets/Data Experienced Insider Attack With Damage Greater Than Outside Attack
  • 4.
    © 2016 GlobalTechnology Resources, Inc. All Rights Reserved. 4 Insider Threats Impact Everyone Retail Media and Entertainment Government Industry Healthcare Energy and Utilities Small Business More…
  • 5.
    © 2016 GlobalTechnology Resources, Inc. All Rights Reserved. 5 Insider Threat Damage Leaked Unreleased Films 70 Million Customers PII Breach Attacked, Breached Substation 4 Million Personal Records Proprietary Formula Stolen, Sold PIN Pads in 63 Stores Hacked Sensitive Information, Salaries $10M Lawsuit Settlement $100M Security Program “Crown Jewel” Intelligence to China Chinese Competitor Bought Large, Class Action Law Suit
  • 6.
    © 2016 GlobalTechnology Resources, Inc. All Rights Reserved. 6 Insider Threat Protection • Best-of-breed solutions are important, but not fool proof • Vigilance is necessary to protect against insider threats that affect data, reputation, safety and the bottom line
  • 7.
    © 2016 GlobalTechnology Resources, Inc. All Rights Reserved. 7 Insider Threats: Where Exposure Occurs • Device Level Threats • Network Level Threats • User Proficiency Threats • User Behavior Threats • Social Media Threats
  • 8.
    © 2016 GlobalTechnology Resources, Inc. All Rights Reserved. 8 Network Level Threats Combating Threats: Critical Capabilities Profile Non- Standard Network Communication Detect Slow, Stealthy User Device Threats Identify Suspect Network Activity
  • 9.
    © 2016 GlobalTechnology Resources, Inc. All Rights Reserved. 9 Network Level Threat Protection • In-depth Security Context • Complete Picture of Network Activity • Actionable Security Intelligence • Faster Threat Detection • Advanced Forensic Tools • Improved Incident Response STEALTHWATCH BY LANCOPE
  • 10.
    © 2016 GlobalTechnology Resources, Inc. All Rights Reserved. 10 Summary • Insider Threats o Pervasive o Not limited to high-profile targets o Big business: Losses of $2.9 trillion annually1 • Insider Threat Protection o Starts with C-Level commitment o More than screening, perimeter security o Best accomplished with experienced partner/services provider 1. 2013 US State of Cybercrime Survey, CSO Magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University, and Price Waterhouse Cooper, June 2013
  • 11.
    WWW.GTRI.COM © 2016 GlobalTechnology Resources, Inc. All rights reserved. sales@gtri.com | 877.603.1984 | @gtri_global Thank You
  • 12.
    Mark Belcher KenDaniels Bart Gates Stealthwatch-Cisco Stealthwatch-CiscoStealthwatch-Cisco PAM CSE SAM Cisco Stealthwatch
  • 13.
    IOT and whatdoes it mean?
  • 14.
  • 15.
    Pace of Disruption 124years 25 years 12 years
  • 16.
  • 18.
    Cisco Security –Simple will get you breached but complex will get you beat! AnyConnect Threatgrid ISE AMP Talos TrustSec Firepower ASA ESA WSACisco StealthWatch OpenDNS
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
    Signature Anomaly Behavior Advanced DetectionMethods Signature = Object against blacklist • IPS, Antivirus, Content Filter Behavior = Inspect Victim behavior against blacklist • Malware Sandbox, NBAD, HIPS, SIEM Anomaly = Inspect Victim behavior against whitelist • NBAD, Quantity/Metric based—not Signature based Signature Behavior Anomaly Known Exploits BEST Good Limited 0-day Exploits Limited BEST Good Insider Abuse Limited Limited BEST
  • 30.
    enterprise network Attacker Perimeter (Inbound) Perimeter (Outbound) Infiltration and Backdoorestablishment 1 C2 Server Admin Node Reconnaissance and Network Traversal 2 Exploitation and Privilege Elevation 3 Staging and Persistence (Repeat 2,3,4) 4 Data Exfiltration 5 Anatomy of a Data Breach
  • 31.
    What does Stealthwatchdo? Network Segmentation Internal Threat Visibility Incident Response
  • 32.
    © 2014 Lancope,Inc. All rights reserved. Ideal Visibility Solution? 32 Full packet capture everywhere…? InternetAmador Delta Solano Edge Routing DMZ Switching Datacenter Switches Perimeter Security Core SwitchingHub Router WAN Routers Access Switching IDF Datacenter WAN DMZ Access 32
  • 33.
    © 2014 Lancope,Inc. All rights reserved. Ubiquitous visibility via Telemetry 33 … your infrastructure is the source: InternetAmador Delta Solano Border DMZ Virtual Hosts Perimeter Datacenter WAN Hub WAN Access IDF Datacenter WAN DMZ Access Flow Flow Flow Flow Flow Flow Flow Flow Flow Flow Flow Flow Flow Flow Flow Flow 33 * For every 1MB of External (N/S) traffic 5MB of Internal (E/W) traffic is created
  • 34.
    © 2014 Lancope,Inc. All rights reserved. Visibility via Flow Metadata 34 Telephone bill Flow
  • 35.
    Host Groups –The Secret Sauce! 35 • Location – site – branch • Datacenter • Function – application • Business unit • Sensitivity – compliance • New malware families • Point-of-sale malware • Banking malware • Keylogger, exfil data • DDoS Outside – Internet • Geo-location • Business partners • Cloud providers • Social media Inside – Internal Command & Control Apply Network Segmentation Build Logical Boundaries
  • 36.
  • 37.
    StealthWatch Enables NetworkVisibility EVERYTHING must touch the network KNOW every host Know what is NORMAL What else can the network tell me? RECORD every conversation Gain Context-Aware Security Company Network Assess Audit Posture Response Context Detect Alert to CHANGE Store for MONTHS
  • 38.

Editor's Notes

  • #3 Insider threats come in a variety of types but can best be defined at the highest level as: A current or former employee or contractor who exploits or exceeds his or her authorized level of network, system or data access in a manner that affects the security of the organizations data, systems or daily operations Not all of these threats are due to a maliciously intended insider, in fact the majority start as simple negligence whereby an otherwise non-threatening individual behaves in a manner not reflective of best practice and as a result opens the door for a malicious third party. The result is a damaging attack facilitated by the often simple act of negligence.
  • #9 Critical capabilities in combating network level threats Determine whether a device or set of devices is being accessed or utilized in a manner indicating that the host is communicating in non-standard ways across different end points both within and outside of the network Detect slow and stealthy threats that may leverage user devices Identify network activity suggestive of data exfiltration Can your organization make use of your infrastructure as a sensor for threats and then guard against them?
  • #10 Monitor Lancope's StealthWatch System leverages existing resources to deliver pervasive network visibility and continuously monitor for advanced threats. In-depth security context creates a complete picture of network activity. Detect The StealthWatch System transforms network data into actionable security intelligence for faster threat detection. Identify suspicious behaviors that could signify APTs, insider threats, DDoS attempts or malware. Analyze The StealthWatch System provides advanced forensic tools to help you understand the who, what, when, where, why and how of security breaches for improved incident response. Respond Continuously collect, analyze and store large amounts of valuable network data to effectively respond to threats before, during and after a security incident.
  • #11 While it is easy to rationalize that insider threats won’t happen to your organization it has become clear that this breed of threat is pervasive. Not limited to the obvious targets of government, financial and healthcare every organization type and size has a need to address this. As an example, real estate has a reported rate of 37% of attacks being insider in type. Losses of $2.9 trillion annually in employee fraud are reported globally and the US alone suffered $40 billion in losses during the most recently reported year. Dedicating resources to addressing this potential exposure should be a concern at the highest level in your organization. Screening employees and contractors and maintaining strong perimeter security is not enough to guard against insider threats. Partnering with a trusted service provider that can work with you to identify your needs and work through the implementation of the best suited solutions for your organization is the most effective approach to avoiding the pitfalls of this class of threat.