Fidelis Cybersecurity, profile picture
Uploaded byFidelis Cybersecurity
PPTX, PDF253 views

Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate

The document focuses on preventing data exfiltration through insider threats, defining categories and indicators of risk, and introducing methodologies for assessing and mitigating such threats. It highlights the importance of establishing behavioral baselines and discusses the role of metadata in enhancing security measures. Additionally, it showcases the Fidelis architecture and emphasizes a proactive approach in monitoring and managing insider threats.

Embed presentation

Downloaded 16 times
Insider Threat Part II Preventing Data Exfiltration
© Fidelis Cybersecurity Intro 2 Lucas Chumley Senior Sales Engineer Louis Smith Director, Sales Engineering
© Fidelis Cybersecurity Insider Threat Session I Round Up Defining an Insider Threat: • Categories of Insider Threat • Cross functional responsibilities • Indicators of Elevated Risk • The Struggle is Real • Assessing your Insider Threat Preparedness • Demo: Mitigate & Detect an Insider Threat 3
© Fidelis Cybersecurity Flavors of Data Exfiltration Digital IP, M&A Activity, Accounting Records, Customer Data 4 Physical Excessive printing, USB thumb drive control, physically moving media from one place to another, etc. Biggest Data Breaches of 21st Century Equifax: Over 145 million people were affected by the data breach which saw social security numbers, birth dates, home addresses and in some cases, drivers license numbers stolen www.csoonline.com
© Fidelis Cybersecurity Insider Threat – The Risk 5
© Fidelis Cybersecurity C2 Malware Anomaly 6 A malware anomaly may have been caused via a successful phishing attack that has resulted in an infected asset. Many hacking groups design malware with the sole purpose of exfiltrating data.
© Fidelis Cybersecurity Establishing a Baseline What’s normal? What’s not normal? 1) What is a baseline? 2) Examples of baselines vs. anomalous behavior 3) How Fidelis can help you establish a baseline 7
© Fidelis Cybersecurity The Fidelis Architecture 8
© Fidelis Cybersecurity Fidelis Secret Sauce 1. Metadata Helps the risk of : IoT devices, Cloud, Endpoint, File Servers, Network activity and Active Directory. Metadata also allows companies to Threat Hunt across their organization by way of reassembled Deep Session Inspection. 2. Minimize Dwell Time + Understanding Flavors of Data Exfil + Understanding the Types of Insider Threats + Establishing a Baseline = Reduced Dwell Time within your Organization 9
© Fidelis Cybersecurity Traditional Approach and Methodology 10 Monitor all behavior, all the time Detect and alert on baseline anomalies or divergence Investigate Alerts
© Fidelis Cybersecurity The Fidelis Difference 11 Monitor and apply automatic analysis to all behavior, all the time. Integrate prevention, detection, investigation and remediation tools to allow for simultaneous operations. Automated detection, identification and classification of key assets and their alerts to minimize both dwell time and investigation resources.

More Related Content

PDF
Part 1: Identifying Insider Threats with Fidelis EDR Technology
byFidelis Cybersecurity
 
PDF
Fidelis Endpoint® - Live Demonstration
byFidelis Cybersecurity
 
PDF
Threat intelligence Primary Tradecraft and Research
byFidelis Cybersecurity
 
PDF
The State of Threat Detection 2019
byFidelis Cybersecurity
 
PDF
Extend Network Visibility and Secure Applications and Data in Azure
byFidelis Cybersecurity
 
PDF
Applying intelligent deception to detect sophisticated cyber attacks
byFidelis Cybersecurity
 
PDF
Game Changing Cyber Defensive Strategies for 2019
byFidelis Cybersecurity
 
PDF
Putting Cyber Attackers on the Defensive
byFidelis Cybersecurity
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
byFidelis Cybersecurity
 
Fidelis Endpoint® - Live Demonstration
byFidelis Cybersecurity
 
Threat intelligence Primary Tradecraft and Research
byFidelis Cybersecurity
 
The State of Threat Detection 2019
byFidelis Cybersecurity
 
Extend Network Visibility and Secure Applications and Data in Azure
byFidelis Cybersecurity
 
Applying intelligent deception to detect sophisticated cyber attacks
byFidelis Cybersecurity
 
Game Changing Cyber Defensive Strategies for 2019
byFidelis Cybersecurity
 
Putting Cyber Attackers on the Defensive
byFidelis Cybersecurity
 

What's hot

PPTX
NormShield Cyber Threat & Vulnerability Orchestration Overview
byNormShield, Inc.
 
PDF
Secure Your Data with Fidelis Network® for DLP
byFidelis Cybersecurity
 
PDF
Extending Your Network Cloud Security to AWS
byFidelis Cybersecurity
 
PPTX
Critical Capabilities for MDR Services - What to Know Before You Buy
byFidelis Cybersecurity
 
PPTX
Outpost24 webinar: best practice for external attack surface management
byOutpost24
 
PDF
Hardware Security on Vehicles
byPriyanka Aash
 
PPTX
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
byOutpost24
 
PPTX
Netpluz DDoS Mitigation - Managed Cyber Security
byNetpluz Asia Pte Ltd
 
PPTX
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
byStorage Switzerland
 
PPTX
DC970 Presents: Defense in Depth
byIceQUICK
 
PDF
You can't detect what you can't see illuminating the entire kill chain
byFidelis Cybersecurity
 
PDF
Moving Beyond Zero Trust
byscoopnewsgroup
 
PDF
Evidence-Based Security: The New Top Five Controls
byPriyanka Aash
 
PPTX
Ransomware Detection: Don’t Pay Up. Backup.
bymarketingunitrends
 
PPTX
Ransomware Has Evolved And So Should Your Company
byVeriato
 
PDF
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
byNormShield, Inc.
 
PPTX
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
byPuneet Kukreja
 
POTX
Ransomware: Why Are Backup Vendors Trying To Scare You?
bymarketingunitrends
 
PDF
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
bySaraPia5
 
PDF
The Cost of Doing Nothing: A Ransomware Backup Story
byQuest
 
NormShield Cyber Threat & Vulnerability Orchestration Overview
byNormShield, Inc.
 
Secure Your Data with Fidelis Network® for DLP
byFidelis Cybersecurity
 
Extending Your Network Cloud Security to AWS
byFidelis Cybersecurity
 
Critical Capabilities for MDR Services - What to Know Before You Buy
byFidelis Cybersecurity
 
Outpost24 webinar: best practice for external attack surface management
byOutpost24
 
Hardware Security on Vehicles
byPriyanka Aash
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
byOutpost24
 
Netpluz DDoS Mitigation - Managed Cyber Security
byNetpluz Asia Pte Ltd
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
byStorage Switzerland
 
DC970 Presents: Defense in Depth
byIceQUICK
 
You can't detect what you can't see illuminating the entire kill chain
byFidelis Cybersecurity
 
Moving Beyond Zero Trust
byscoopnewsgroup
 
Evidence-Based Security: The New Top Five Controls
byPriyanka Aash
 
Ransomware Detection: Don’t Pay Up. Backup.
bymarketingunitrends
 
Ransomware Has Evolved And So Should Your Company
byVeriato
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
byNormShield, Inc.
 
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
byPuneet Kukreja
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
bymarketingunitrends
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
bySaraPia5
 
The Cost of Doing Nothing: A Ransomware Backup Story
byQuest
 

Similar to Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate

PPTX
Automation: Embracing the Future of SecOps
byIBM Security
 
PPT
NetWitness
byTechBiz Forense Digital
 
PPTX
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
byCloudera, Inc.
 
PDF
Data+Security+Masterclass Presentation.pdf
byckurt9676
 
PPTX
Enterprise IT Security| CIO Innovation and Leadership
byRedZone Technologies
 
PDF
Verizon Data Breach Digest 2016
byRyan Carleton
 
PDF
Fidelis Cybersecurity Overview
byDavid Legh-Page AME,SCE
 
PDF
Interset-advanced threat detection wp
byCMR WORLD TECH
 
PPTX
Cybersecurity - Sam Maccherola
byTechBiz Forense Digital
 
PDF
Spo2 t17
bySelectedPresentations
 
PDF
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
byNapier University
 
PDF
Ht t17
bySelectedPresentations
 
PPTX
Secure Iowa Oct 2016
byLarry Slobodzian
 
PPTX
Anomaly Detection and You
byMary Kelly Rich
 
PDF
10 Tips to Strengthen Your Insider Threat Program
byDtex Systems
 
PPT
The Insider Threat
byillustro
 
PDF
Data Security Metricsa Value Based Approach
byFlaskdata.io
 
PDF
The State of Data Security
byRazor Technology
 
PPTX
The Perimeter within Modern Business - does it exist?
byZoneFox
 
PDF
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
byDana Gardner
 
Automation: Embracing the Future of SecOps
byIBM Security
 
NetWitness
byTechBiz Forense Digital
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
byCloudera, Inc.
 
Data+Security+Masterclass Presentation.pdf
byckurt9676
 
Enterprise IT Security| CIO Innovation and Leadership
byRedZone Technologies
 
Verizon Data Breach Digest 2016
byRyan Carleton
 
Fidelis Cybersecurity Overview
byDavid Legh-Page AME,SCE
 
Interset-advanced threat detection wp
byCMR WORLD TECH
 
Cybersecurity - Sam Maccherola
byTechBiz Forense Digital
 
Spo2 t17
bySelectedPresentations
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
byNapier University
 
Ht t17
bySelectedPresentations
 
Secure Iowa Oct 2016
byLarry Slobodzian
 
Anomaly Detection and You
byMary Kelly Rich
 
10 Tips to Strengthen Your Insider Threat Program
byDtex Systems
 
The Insider Threat
byillustro
 
Data Security Metricsa Value Based Approach
byFlaskdata.io
 
The State of Data Security
byRazor Technology
 
The Perimeter within Modern Business - does it exist?
byZoneFox
 
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
byDana Gardner
 

Recently uploaded

PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PDF
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PDF
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
PPTX
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PPTX
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Machine Learning Primer: The Complete Crash Course (From Theory to Deployment)
byAeafat Ahmed Mubin
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
Lab 1.3 Introduction to GCP Automation - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Machine Learning Primer: The Complete Crash Course (From Theory to Deployment)
byAeafat Ahmed Mubin
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
Lab 1.3 Introduction to GCP Automation - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 

Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate

  • 1.
    Insider Threat PartII Preventing Data Exfiltration
  • 2.
    © Fidelis Cybersecurity Intro 2 LucasChumley Senior Sales Engineer Louis Smith Director, Sales Engineering
  • 3.
    © Fidelis Cybersecurity InsiderThreat Session I Round Up Defining an Insider Threat: • Categories of Insider Threat • Cross functional responsibilities • Indicators of Elevated Risk • The Struggle is Real • Assessing your Insider Threat Preparedness • Demo: Mitigate & Detect an Insider Threat 3
  • 4.
    © Fidelis Cybersecurity Flavorsof Data Exfiltration Digital IP, M&A Activity, Accounting Records, Customer Data 4 Physical Excessive printing, USB thumb drive control, physically moving media from one place to another, etc. Biggest Data Breaches of 21st Century Equifax: Over 145 million people were affected by the data breach which saw social security numbers, birth dates, home addresses and in some cases, drivers license numbers stolen www.csoonline.com
  • 5.
    © Fidelis Cybersecurity InsiderThreat – The Risk 5
  • 6.
    © Fidelis Cybersecurity C2Malware Anomaly 6 A malware anomaly may have been caused via a successful phishing attack that has resulted in an infected asset. Many hacking groups design malware with the sole purpose of exfiltrating data.
  • 7.
    © Fidelis Cybersecurity Establishinga Baseline What’s normal? What’s not normal? 1) What is a baseline? 2) Examples of baselines vs. anomalous behavior 3) How Fidelis can help you establish a baseline 7
  • 8.
    © Fidelis Cybersecurity TheFidelis Architecture 8
  • 9.
    © Fidelis Cybersecurity FidelisSecret Sauce 1. Metadata Helps the risk of : IoT devices, Cloud, Endpoint, File Servers, Network activity and Active Directory. Metadata also allows companies to Threat Hunt across their organization by way of reassembled Deep Session Inspection. 2. Minimize Dwell Time + Understanding Flavors of Data Exfil + Understanding the Types of Insider Threats + Establishing a Baseline = Reduced Dwell Time within your Organization 9
  • 10.
    © Fidelis Cybersecurity TraditionalApproach and Methodology 10 Monitor all behavior, all the time Detect and alert on baseline anomalies or divergence Investigate Alerts
  • 11.
    © Fidelis Cybersecurity TheFidelis Difference 11 Monitor and apply automatic analysis to all behavior, all the time. Integrate prevention, detection, investigation and remediation tools to allow for simultaneous operations. Automated detection, identification and classification of key assets and their alerts to minimize both dwell time and investigation resources.

Editor's Notes

  • #2 Fidelis Collector Presentation – Public Information.
  • #4 We covered the theory last time, this time we’re talking practical application
  • #5 Were any of these the result of insider threat? Yes – Equifax (Negligent) and Marriott (They acquired the breach - Negligent) Edward Snowden. Air gap – data was physically moved from one medium to another - mention the length of the breach Marriott – The attackers remained in the system after Marriott acquired Stargroup. Source: https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html
  • #7 https://attack.mitre.org/techniques/T1041/
  • #8 Baselining can be any number of things. Not just how much data, or where the data is coming from. Other things like 'people logging into their work stations at odd hours of the day'. If you log in between 9am and 5pm. Now, all of a sudden, that same user is logging in at 1am - there is a problem. In Network, we can apply an analytic rule - incoming connection on this port. The analytic rule can be applied to certain hours to catch anomalies. This will help you build a baseline between what's normal and what's note. Really it's about being able to identify the difference. What's normal & what's not. These are automated rules that can be set up, and there are also Data Science as a Service that we can apply to the baseline. Fidelis Offers Data Science as a Service - which helps customers create models to help establish baselines. Machine Learning plus targeted Human Learning & model creation is the utmost comprehensive way to establish baselines & anomalous behavior.
  • #9 The ways in which Fidelis could sold this issue…
  • #11  Generally, current solutions attempt to identify divergence from what is considered “normal” behavior for a given employee. When the software spots an anomaly, a small team investigates. While this method can be helpful, it usually falls short, for four reasons: By the time negative behaviors are detected, the breach has often already occurred. The organization is already at a disadvantage, and it cannot deploy an active defense. Monitoring for “divergence from normal behavior” creates a huge number of false positives, wasting much of the investigation team’s time. Serial bad actors may not be caught; malicious activity may be built into the baseline of “normal” activity. Collecting massive amounts of employee data creates privacy concerns and significant potential for abuse, and even gives off a high perception of privacy intrusion by end-users.
  • #12 We address these concerns in very innovative ways Monitor and apply automatic analysis to all behavior, all the time. Integrate prevention, detection, investigation and remediation tools to allow for simultaneous operations. Automated detection, identification and classification of key assets and their alerts to minimize both dwell time and investigation resources. A program to combat any form of insider threat has to focus on detection through the techniques we’ve discussed. Since those cannot be replaced, they had to be improved.