SlideShare a Scribd company logo

Insider threats and countermeasures

Download as PPSX, PDF
K
KAMRAN KHALID

This presentation helps you to understand what is insider threats and what are its countermeasures. You can understand this threat at a glance.

Technology
1 of 15
Insider Threats and Countermeasures BY: KAMRAN KHALID
Overview What is Insider Threats? Mistakes of Employee which creates threat Three Kinds of Insider Threats Source of Visibility Internal Visibility IT Sabotage Combating Insider Threat is a multidisciplinary challenge Conclusion
What is Insider Threats? An insider threat is a malicious threat to an organization that comes from following people within the organization ◦ Employees ◦ Former employees ◦ Contractors ◦ Business associates ◦ The person who have inside information concerning the organization's security practices, data and computer systems.
Mistakes of Employee which creates threat PASSWORD HANDLING • Shoulder Surfing:- When a person looks over another person’s shoulder and watches keystrokes or watches data as it appears on the screen in order to uncover information in an unauthorized manner. • Dumpster Diving:- When password is very hard to remember so user write it down, some times he write on a piece of paper which will be in garbage without discarding. The intruder would have to gain physical access to the premises, but the area where the garbage is kept is usually not highly guarded.
Three Kinds of Insider Threats Negligent Insiders • Employees who accidentally expose data. Malicious Insiders • Employees who intentionally expose data. Compromised Insiders • Employees whose access credentials or personal computers have been compromised by an outside attacker.
Three Kinds of Insider Threats Negligent Insiders • Prevention • Access controls • Encryption of data at rest • DRM? • Education Malicious Insiders • Prevention • Access Controls • Checks and Balances • Detection • Management Training • Monitoring Compromised Insiders • Detection
CERT: Common Sense Guide to Prevention and Detection of Insider Threats
Source of Visibility Firewall logs • Are you logging everything or just denies? Internal & Host IPS systems • HIPS potentially has a lot of breadth • Can be expensive to deploy • Signature based Log Management Solutions/SIEM • Are you collecting everything? • You can only see what gets logged Netflow • Lots of breadth, less depth • Lower disk space requirements Full Packet Capture • Deep but not broad • Expensive • High disk space requirements
Internal Visibility without Net flow DMZ VPN Internal Network Internet 3G Internet 3G Internet
Internal Visibility with Net flow Internet DMZ VPN Internal Network Internet NetFlow Packets start time end time mac address byte count - more - NetFlow 3G Internet 3G Internet NetFlow NetFlow NetFlow NetFlow NetFlow Collector
IT Sabotage Targeted monitoring of employees who are “on the HR radar” Access after termination (!) (accounts or open sessions) Unusual Access ◦ Times ◦ Devices ◦ Source Addresses ◦ Destination Addresses ◦ Mismatches
Combating Insider Threat is a multidisciplinary challenge IT cannot address insider threat by itself ◦ People have a tendency to think that IT is solely responsible for all computer security issues. Legal: Are policies in place? Are they realistic? Does legal support IT practices? HR: Who is coming and going? Who has workplace issues? Are there soft solutions? IT: Is the privacy of end users adequately protected? What impact on workplace harmony are policies, monitoring, and enforcement having? Are you applying policies consistently? IT HR Legal
Conclusion There are three kinds of insider threat • Negligent Insiders • Malicious Insiders • Compromised Insiders Managing the problem involves • Logs, Logs, Logs • Visibility into the internal network • A multidisciplinary team
References http://searchsecurity.techtarget.com/tip/Five-common-insider-threats-and-how-to-mitigate- them http://www.tripwire.com/state-of-security/incident-detection/identifying-and-preventing- insider-threats/ http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7118395
Thankyou

Recommended

Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chainTarun Gupta,CRISC CISSP CISM CISA BCCE
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider ThreatMurray Security Services
 
System Event Logs
System Event LogsSystem Event Logs
System Event Logsprimeteacher32
 
Insider threat
Insider threatInsider threat
Insider threatARCON TECHSOLUTIONS
 
Information security
Information securityInformation security
Information securityAlaaMahmoud108
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 

Recommended

Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chainTarun Gupta,CRISC CISSP CISM CISA BCCE
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider ThreatMurray Security Services
 
System Event Logs
System Event LogsSystem Event Logs
System Event Logsprimeteacher32
 
Insider threat
Insider threatInsider threat
Insider threatARCON TECHSOLUTIONS
 
Information security
Information securityInformation security
Information securityAlaaMahmoud108
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsHiren Selani
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Data security
Data securityData security
Data securityTapan Khilar
 
DLP Data leak prevention
DLP Data leak preventionDLP Data leak prevention
DLP Data leak preventionAriel Evans
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurancebdemchak
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Zero Trust
Zero TrustZero Trust
Zero TrustBoaz Shunami
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy Amiit Keshav Naik
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Insider threat event presentation
Insider threat event presentationInsider threat event presentation
Insider threat event presentationIISPEastMids
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziKashif Semple
 

More Related Content

What's hot

Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsHiren Selani
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
DLP Data leak prevention
DLP Data leak preventionDLP Data leak prevention
DLP Data leak preventionAriel Evans
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurancebdemchak
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 

What's hot (20)

Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 
Data security
Data securityData security
Data security
 
DLP Data leak prevention
DLP Data leak preventionDLP Data leak prevention
DLP Data leak prevention
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurance
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentation
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Zero Trust
Zero TrustZero Trust
Zero Trust
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 

Viewers also liked

Insider threat event presentation
Insider threat event presentationInsider threat event presentation
Insider threat event presentationIISPEastMids
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziKashif Semple
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insidersgjohansen
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
Snowden slides
Snowden slidesSnowden slides
Snowden slidesDavid West
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoMatt Frowert
 

Viewers also liked (8)

Insider threat event presentation
Insider threat event presentationInsider threat event presentation
Insider threat event presentation
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint Prezi
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insiders
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
Multimedia Privacy
Multimedia PrivacyMultimedia Privacy
Multimedia Privacy
 
Snowden slides
Snowden slidesSnowden slides
Snowden slides
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_Tyco
 

Similar to Insider threats and countermeasures

DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!Kevin Fisher
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesPeter Wood
 
DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015T. J. Saotome
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Vibrant Event
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
2.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-112.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-11mrmwood
 
The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.Teri Radichel
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsChristopher Frenz
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfMansoorAhmed57263
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 

Similar to Insider threats and countermeasures (20)

Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
 
Security Basics
Security BasicsSecurity Basics
Security Basics
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
 
DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015
 
Information security
Information securityInformation security
Information security
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityEthical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
2.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-112.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-11
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
 
The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Hacking
HackingHacking
Hacking
 
Cyber security
Cyber securityCyber security
Cyber security
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

Insider threats and countermeasures

  • 2. Overview What is Insider Threats? Mistakes of Employee which creates threat Three Kinds of Insider Threats Source of Visibility Internal Visibility IT Sabotage Combating Insider Threat is a multidisciplinary challenge Conclusion
  • 3. What is Insider Threats? An insider threat is a malicious threat to an organization that comes from following people within the organization ◦ Employees ◦ Former employees ◦ Contractors ◦ Business associates ◦ The person who have inside information concerning the organization's security practices, data and computer systems.
  • 4. Mistakes of Employee which creates threat PASSWORD HANDLING • Shoulder Surfing:- When a person looks over another person’s shoulder and watches keystrokes or watches data as it appears on the screen in order to uncover information in an unauthorized manner. • Dumpster Diving:- When password is very hard to remember so user write it down, some times he write on a piece of paper which will be in garbage without discarding. The intruder would have to gain physical access to the premises, but the area where the garbage is kept is usually not highly guarded.
  • 5. Three Kinds of Insider Threats Negligent Insiders • Employees who accidentally expose data. Malicious Insiders • Employees who intentionally expose data. Compromised Insiders • Employees whose access credentials or personal computers have been compromised by an outside attacker.
  • 6. Three Kinds of Insider Threats Negligent Insiders • Prevention • Access controls • Encryption of data at rest • DRM? • Education Malicious Insiders • Prevention • Access Controls • Checks and Balances • Detection • Management Training • Monitoring Compromised Insiders • Detection
  • 7. CERT: Common Sense Guide to Prevention and Detection of Insider Threats
  • 8. Source of Visibility Firewall logs • Are you logging everything or just denies? Internal & Host IPS systems • HIPS potentially has a lot of breadth • Can be expensive to deploy • Signature based Log Management Solutions/SIEM • Are you collecting everything? • You can only see what gets logged Netflow • Lots of breadth, less depth • Lower disk space requirements Full Packet Capture • Deep but not broad • Expensive • High disk space requirements
  • 9. Internal Visibility without Net flow DMZ VPN Internal Network Internet 3G Internet 3G Internet
  • 10. Internal Visibility with Net flow Internet DMZ VPN Internal Network Internet NetFlow Packets start time end time mac address byte count - more - NetFlow 3G Internet 3G Internet NetFlow NetFlow NetFlow NetFlow NetFlow Collector
  • 11. IT Sabotage Targeted monitoring of employees who are “on the HR radar” Access after termination (!) (accounts or open sessions) Unusual Access ◦ Times ◦ Devices ◦ Source Addresses ◦ Destination Addresses ◦ Mismatches
  • 12. Combating Insider Threat is a multidisciplinary challenge IT cannot address insider threat by itself ◦ People have a tendency to think that IT is solely responsible for all computer security issues. Legal: Are policies in place? Are they realistic? Does legal support IT practices? HR: Who is coming and going? Who has workplace issues? Are there soft solutions? IT: Is the privacy of end users adequately protected? What impact on workplace harmony are policies, monitoring, and enforcement having? Are you applying policies consistently? IT HR Legal
  • 13. Conclusion There are three kinds of insider threat • Negligent Insiders • Malicious Insiders • Compromised Insiders Managing the problem involves • Logs, Logs, Logs • Visibility into the internal network • A multidisciplinary team