KK
Uploaded byKAMRAN KHALID
PPSX, PPTX1,219 views

Insider threats and countermeasures

The document discusses insider threats, which are malicious risks to an organization posed by individuals within, including employees and contractors. It categorizes insider threats into negligent, malicious, and compromised insiders and outlines various measures for prevention and detection. The conclusion emphasizes the need for a multidisciplinary approach involving IT, HR, and legal considerations to effectively manage insider threats.

Technology
Related topics:
Information Security

Embed presentation

Download as PPSX, PPTX
Insider Threats and Countermeasures BY: KAMRAN KHALID
Overview What is Insider Threats? Mistakes of Employee which creates threat Three Kinds of Insider Threats Source of Visibility Internal Visibility IT Sabotage Combating Insider Threat is a multidisciplinary challenge Conclusion
What is Insider Threats? An insider threat is a malicious threat to an organization that comes from following people within the organization ◦ Employees ◦ Former employees ◦ Contractors ◦ Business associates ◦ The person who have inside information concerning the organization's security practices, data and computer systems.
Mistakes of Employee which creates threat PASSWORD HANDLING • Shoulder Surfing:- When a person looks over another person’s shoulder and watches keystrokes or watches data as it appears on the screen in order to uncover information in an unauthorized manner. • Dumpster Diving:- When password is very hard to remember so user write it down, some times he write on a piece of paper which will be in garbage without discarding. The intruder would have to gain physical access to the premises, but the area where the garbage is kept is usually not highly guarded.
Three Kinds of Insider Threats Negligent Insiders • Employees who accidentally expose data. Malicious Insiders • Employees who intentionally expose data. Compromised Insiders • Employees whose access credentials or personal computers have been compromised by an outside attacker.
Three Kinds of Insider Threats Negligent Insiders • Prevention • Access controls • Encryption of data at rest • DRM? • Education Malicious Insiders • Prevention • Access Controls • Checks and Balances • Detection • Management Training • Monitoring Compromised Insiders • Detection
CERT: Common Sense Guide to Prevention and Detection of Insider Threats
Source of Visibility Firewall logs • Are you logging everything or just denies? Internal & Host IPS systems • HIPS potentially has a lot of breadth • Can be expensive to deploy • Signature based Log Management Solutions/SIEM • Are you collecting everything? • You can only see what gets logged Netflow • Lots of breadth, less depth • Lower disk space requirements Full Packet Capture • Deep but not broad • Expensive • High disk space requirements
Internal Visibility without Net flow DMZ VPN Internal Network Internet 3G Internet 3G Internet
Internal Visibility with Net flow Internet DMZ VPN Internal Network Internet NetFlow Packets start time end time mac address byte count - more - NetFlow 3G Internet 3G Internet NetFlow NetFlow NetFlow NetFlow NetFlow Collector
IT Sabotage Targeted monitoring of employees who are “on the HR radar” Access after termination (!) (accounts or open sessions) Unusual Access ◦ Times ◦ Devices ◦ Source Addresses ◦ Destination Addresses ◦ Mismatches
Combating Insider Threat is a multidisciplinary challenge IT cannot address insider threat by itself ◦ People have a tendency to think that IT is solely responsible for all computer security issues. Legal: Are policies in place? Are they realistic? Does legal support IT practices? HR: Who is coming and going? Who has workplace issues? Are there soft solutions? IT: Is the privacy of end users adequately protected? What impact on workplace harmony are policies, monitoring, and enforcement having? Are you applying policies consistently? IT HR Legal
Conclusion There are three kinds of insider threat • Negligent Insiders • Malicious Insiders • Compromised Insiders Managing the problem involves • Logs, Logs, Logs • Visibility into the internal network • A multidisciplinary team
References http://searchsecurity.techtarget.com/tip/Five-common-insider-threats-and-how-to-mitigate- them http://www.tripwire.com/state-of-security/incident-detection/identifying-and-preventing- insider-threats/ http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7118395
Thankyou

More Related Content

PPTX
Cybersecurity Awareness Training
byDave Monahan
 
PPTX
Burpsuite 101
byn|u - The Open Security Community
 
PPTX
Cyber Security Best Practices
byEvolve IP
 
PPTX
Web Security Attacks
bySajid Hasan
 
PPSX
Security Awareness Training
byWilliam Mann
 
PPTX
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
PDF
Cyber security training
byWilmington University
 
PPTX
Cloud Security
byDevyani Vaidya
 
Cybersecurity Awareness Training
byDave Monahan
 
Burpsuite 101
byn|u - The Open Security Community
 
Cyber Security Best Practices
byEvolve IP
 
Web Security Attacks
bySajid Hasan
 
Security Awareness Training
byWilliam Mann
 
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
Cyber security training
byWilmington University
 
Cloud Security
byDevyani Vaidya
 

What's hot

PPTX
Cyber Security Fundamentals
byApurv Singh Gautam
 
PPTX
Cybersecurity Audit
byEC-Council
 
PPTX
Introduction to penetration testing
byNezar Alazzabi
 
PDF
Application Threat Modeling
byPriyanka Aash
 
PPTX
Information Security Awareness Training Open
byFred Beck MBA, CPA
 
PDF
Introduction to QRadar
byPencilData
 
PPTX
Logging, monitoring and auditing
byPiyush Jain
 
PDF
Introduction to Web Application Penetration Testing
byNetsparker
 
PDF
Password Management
byRick Chin
 
PPTX
Ethical hacking
byAnumadil1
 
PPTX
Information security awareness - 101
bymateenzero
 
PPTX
Phishing awareness
byPhishingBox
 
PDF
The Accidental Insider Threat
byMurray Security Services
 
PDF
Customer information security awareness training
byAbdalrhmanTHassan
 
PPT
Application Security
byReggie Niccolo Santos
 
PPTX
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
PPTX
Siber Güvenlik
byTarık Savaş Öpöz
 
PPTX
System hacking
byCAS
 
PDF
Information Security Awareness Training
byRandy Bowman
 
PPTX
IBM QRadar BB & Rules
byMuhammad Abdel Aal
 
Cyber Security Fundamentals
byApurv Singh Gautam
 
Cybersecurity Audit
byEC-Council
 
Introduction to penetration testing
byNezar Alazzabi
 
Application Threat Modeling
byPriyanka Aash
 
Information Security Awareness Training Open
byFred Beck MBA, CPA
 
Introduction to QRadar
byPencilData
 
Logging, monitoring and auditing
byPiyush Jain
 
Introduction to Web Application Penetration Testing
byNetsparker
 
Password Management
byRick Chin
 
Ethical hacking
byAnumadil1
 
Information security awareness - 101
bymateenzero
 
Phishing awareness
byPhishingBox
 
The Accidental Insider Threat
byMurray Security Services
 
Customer information security awareness training
byAbdalrhmanTHassan
 
Application Security
byReggie Niccolo Santos
 
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
Siber Güvenlik
byTarık Savaş Öpöz
 
System hacking
byCAS
 
Information Security Awareness Training
byRandy Bowman
 
IBM QRadar BB & Rules
byMuhammad Abdel Aal
 

Viewers also liked

PPTX
Insider threat event presentation
byIISPEastMids
 
PPTX
Insider Threat Final Powerpoint Prezi
byKashif Semple
 
PPTX
Insider threat kill chain
byTarun Gupta,CRISC CISSP CISM CISA BCCE
 
PPT
Malicious Insiders
bygjohansen
 
PDF
Insider Threat Detection Recommendations
byAlienVault
 
PDF
5 Signs you have an Insider Threat
byLancope, Inc.
 
PPTX
Multimedia Privacy
bySymeon Papadopoulos
 
PDF
Insider threat
byARCON TECHSOLUTIONS
 
PPTX
Snowden slides
byDavid West
 
PDF
Insider Threats Webinar Final_Tyco
byMatt Frowert
 
Insider threat event presentation
byIISPEastMids
 
Insider Threat Final Powerpoint Prezi
byKashif Semple
 
Insider threat kill chain
byTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Malicious Insiders
bygjohansen
 
Insider Threat Detection Recommendations
byAlienVault
 
5 Signs you have an Insider Threat
byLancope, Inc.
 
Multimedia Privacy
bySymeon Papadopoulos
 
Insider threat
byARCON TECHSOLUTIONS
 
Snowden slides
byDavid West
 
Insider Threats Webinar Final_Tyco
byMatt Frowert
 

Similar to Insider threats and countermeasures

PPTX
Insider threat v3
byLancope, Inc.
 
PDF
Cyber Security Services for Mitigating Insider Threats.
bykandrasupriya99
 
PPTX
Insider Threat Experiences
byNapier University
 
PDF
Internal Threats: The New Sources of Attack
byMekhi Da ‘Quay Daniels
 
PDF
_Insider Threat Prevention_ Protecting Your Business from Internal Risks
byRemoteDesk1
 
PPTX
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
byObserveIT
 
PPTX
Unintentional Insider Threat featuring Dr. Eric Cole
byDavid Mai, MBA
 
PPTX
Unintentional Insider Threat featuring Dr. Eric Cole
byDavid Mai, MBA
 
PPTX
How to Protect your organization from within.pptx
byJosephMwakai
 
PDF
Insider Threat Detection | 5 Tools to Protect Your Business.pdf
byTime Champ
 
PPTX
Why Insider Threat is a C-Level Priority
byObserveIT
 
PPTX
Why Insider Threat is a C-Level Priority
byDavid Mai, MBA
 
PDF
02 presentation-christianprobst
byInfinIT - Innovationsnetværket for it
 
PPT
The insider versus external threat
byzhihaochen
 
PPT
The insider versus external threat
byzhihaochen
 
PPTX
Managing Insider Threat
byiris_cheung
 
PDF
Accidental Insider Threat - 2018 Version
byMurray Security Services
 
PPT
The Inside Job: Detecting, Preventing and Investigating Data Theft
byCase IQ
 
PPT
Accidental Insider
byBarry Caplin
 
PDF
Ht t17
bySelectedPresentations
 
Insider threat v3
byLancope, Inc.
 
Cyber Security Services for Mitigating Insider Threats.
bykandrasupriya99
 
Insider Threat Experiences
byNapier University
 
Internal Threats: The New Sources of Attack
byMekhi Da ‘Quay Daniels
 
_Insider Threat Prevention_ Protecting Your Business from Internal Risks
byRemoteDesk1
 
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
byObserveIT
 
Unintentional Insider Threat featuring Dr. Eric Cole
byDavid Mai, MBA
 
Unintentional Insider Threat featuring Dr. Eric Cole
byDavid Mai, MBA
 
How to Protect your organization from within.pptx
byJosephMwakai
 
Insider Threat Detection | 5 Tools to Protect Your Business.pdf
byTime Champ
 
Why Insider Threat is a C-Level Priority
byObserveIT
 
Why Insider Threat is a C-Level Priority
byDavid Mai, MBA
 
02 presentation-christianprobst
byInfinIT - Innovationsnetværket for it
 
The insider versus external threat
byzhihaochen
 
The insider versus external threat
byzhihaochen
 
Managing Insider Threat
byiris_cheung
 
Accidental Insider Threat - 2018 Version
byMurray Security Services
 
The Inside Job: Detecting, Preventing and Investigating Data Theft
byCase IQ
 
Accidental Insider
byBarry Caplin
 
Ht t17
bySelectedPresentations
 

Recently uploaded

PDF
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
PPTX
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
PDF
Why Many Smart Device Platforms Fail to Scale?
byPromeraki Developments
 
PDF
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
PDF
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
PDF
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
PDF
Mesh WiFi Router: The Smart Solution for Fast, Seamless, Whole-Home Internet
byAeroMesh Systems
 
PDF
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PDF
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
PDF
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
PPTX
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
PDF
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
PDF
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
PPTX
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
PDF
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
Why Many Smart Device Platforms Fail to Scale?
byPromeraki Developments
 
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
Mesh WiFi Router: The Smart Solution for Fast, Seamless, Whole-Home Internet
byAeroMesh Systems
 
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 

Insider threats and countermeasures

  • 1.
  • 2.
    Overview What is InsiderThreats? Mistakes of Employee which creates threat Three Kinds of Insider Threats Source of Visibility Internal Visibility IT Sabotage Combating Insider Threat is a multidisciplinary challenge Conclusion
  • 3.
    What is InsiderThreats? An insider threat is a malicious threat to an organization that comes from following people within the organization ◦ Employees ◦ Former employees ◦ Contractors ◦ Business associates ◦ The person who have inside information concerning the organization's security practices, data and computer systems.
  • 4.
    Mistakes of Employeewhich creates threat PASSWORD HANDLING • Shoulder Surfing:- When a person looks over another person’s shoulder and watches keystrokes or watches data as it appears on the screen in order to uncover information in an unauthorized manner. • Dumpster Diving:- When password is very hard to remember so user write it down, some times he write on a piece of paper which will be in garbage without discarding. The intruder would have to gain physical access to the premises, but the area where the garbage is kept is usually not highly guarded.
  • 5.
    Three Kinds ofInsider Threats Negligent Insiders • Employees who accidentally expose data. Malicious Insiders • Employees who intentionally expose data. Compromised Insiders • Employees whose access credentials or personal computers have been compromised by an outside attacker.
  • 6.
    Three Kinds ofInsider Threats Negligent Insiders • Prevention • Access controls • Encryption of data at rest • DRM? • Education Malicious Insiders • Prevention • Access Controls • Checks and Balances • Detection • Management Training • Monitoring Compromised Insiders • Detection
  • 7.
    CERT: Common SenseGuide to Prevention and Detection of Insider Threats
  • 8.
    Source of Visibility Firewalllogs • Are you logging everything or just denies? Internal & Host IPS systems • HIPS potentially has a lot of breadth • Can be expensive to deploy • Signature based Log Management Solutions/SIEM • Are you collecting everything? • You can only see what gets logged Netflow • Lots of breadth, less depth • Lower disk space requirements Full Packet Capture • Deep but not broad • Expensive • High disk space requirements
  • 9.
    Internal Visibility without Netflow DMZ VPN Internal Network Internet 3G Internet 3G Internet
  • 10.
    Internal Visibility with Netflow Internet DMZ VPN Internal Network Internet NetFlow Packets start time end time mac address byte count - more - NetFlow 3G Internet 3G Internet NetFlow NetFlow NetFlow NetFlow NetFlow Collector
  • 11.
    IT Sabotage Targeted monitoringof employees who are “on the HR radar” Access after termination (!) (accounts or open sessions) Unusual Access ◦ Times ◦ Devices ◦ Source Addresses ◦ Destination Addresses ◦ Mismatches
  • 12.
    Combating Insider Threatis a multidisciplinary challenge IT cannot address insider threat by itself ◦ People have a tendency to think that IT is solely responsible for all computer security issues. Legal: Are policies in place? Are they realistic? Does legal support IT practices? HR: Who is coming and going? Who has workplace issues? Are there soft solutions? IT: Is the privacy of end users adequately protected? What impact on workplace harmony are policies, monitoring, and enforcement having? Are you applying policies consistently? IT HR Legal
  • 13.
    Conclusion There are threekinds of insider threat • Negligent Insiders • Malicious Insiders • Compromised Insiders Managing the problem involves • Logs, Logs, Logs • Visibility into the internal network • A multidisciplinary team
  • 14.
  • 15.