SlideShare a Scribd company logo
Analyze. Detect. Protect.
ZoneFox – The modern business has noperimeter
The ever changing challenge
requires a new approach !
Background
Jonny Tennyson
Head ofCustomer Success
• Spun out ofNapier University Edinburgh by current CEO&Founder DrJamie Graves in 2011
• Multiple awardsfor CyberInnovation, Best Product, Best StartUp
• Global customers – ZoneFox Headquarters in Edinburgh
• Startup toscale - 3 people to30+
• Growth driven byinnovation anddifferentiation
• Customers in Finance, Retail, Legal, Technology, Manufacturing
Who are we?
ZoneFox is an award winning market leader in User
Behaviour Analytics, providing critical insights around
data-flow that you need to secure against theInsiderThreat.
A few of our reference customers…
Cyber Security - traditional methods
Intrusion Detection
Perimeter Protection
Anti Virus
Firewalls
Application Whitelisting
Network Packet Inspection
Encryption
Next Generation Anti Virus
Log aggregation & SIEM
Time to do something
different…..
Why such a risk in business today?
People working from home “a threat to
Cyber Security” charities warned
Neil Sinclair, London Digital Security Centre
So what is Insider Threat
?
• People – asset and a liability
• Accidental, malicious, careless, collusion
• Causes - lack of training, lack of controls, lack of
visibility, easy to bypass controls
Quittin’ Quentin
• Customer Data
• Intellectual Property
• Technical Data
• Commercial Documents
Disgruntled Dave
• Bright and Ambitious
• Un-kept Promises
• Undervalued
• Ignored
Sandra the Spy
• Financial Pressures
• Personal Matters that may lead
to blackmail
• Disgruntled – Show of defiance
Careless Caroline
• Ignorant of Security Policy
• Not been Trained
• Under Pressure
• Trying to get her job done
• Victim of Phishing/Social
Engineering
Did I just
accidentally send
that customer list
to someone?
I’ve just been
offered job with
our biggest
competitor
I’m really
annoyed that I
didn’t get that
promotion
The Insider Threat - Your top-
performing team…..
My account has
been compromised
Relevance to the Enterprise
Job titles that didn’t really exist 3 years ago;
• Head of Insider Threat Deloitte
• Insider Threat Consultant EY
• Insider Cyber Risk Assessor Barclays
• Insider Threat Analyst BAE Systems
• Director of Insider Threat GE
• Head of Investigation & Insider Threat Worldpay
• VP of Insider Threat Citizens Bank
• Insider Risk Manager Lloyds BG
• Head of Data – Insider Risk HSBC
Source - LinkedIn, Sept 2018
Telecom giant accuses employee
of data theft - May 2016
“Company insiders are behind 1 in
every 4 data breaches” The Register,
April 2018
Analyze. Detect. Protect.
Conclusion
• People / Employees are the perimeter
• Partners are the perimeter
• Supply chain is the perimeter
• Is there really a perimeter?
40 Torphichen Street, Edinburgh, EH3
8JB
+44 (0) 845 388 4999
info@zonefox.com
@zonefox
zonefox.com

More Related Content

What's hot

Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015
Matthew Rosenquist
 
Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the Retaliation
PECB
 
Cyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on SecurityCyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on Security
Ina Luft
 
Managing Insider Risk
Managing Insider RiskManaging Insider Risk
Managing Insider Risk
Phil Huggins FBCS CITP
 
Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull.com
 
Cyber Readiness and Hygiene for Government Contractors
Cyber Readiness and Hygiene for Government ContractorsCyber Readiness and Hygiene for Government Contractors
Cyber Readiness and Hygiene for Government Contractors
Government Technology & Services Coalition
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business Experience
National Retail Federation
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
Tripwire
 
What to expect at the 2015 Information Assurance for Forum
What to expect at the 2015 Information Assurance for ForumWhat to expect at the 2015 Information Assurance for Forum
What to expect at the 2015 Information Assurance for Forum
CentraComm
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
Matthew Rosenquist
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber Shocks
Phil Huggins FBCS CITP
 
Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT Security
Distil Networks
 
Security Compliance and Management - Issues Faced by Organisations Today.
Security Compliance and Management - Issues Faced by Organisations Today.Security Compliance and Management - Issues Faced by Organisations Today.
Security Compliance and Management - Issues Faced by Organisations Today.Gilbert Verdian
 
Cyber risk trends in 2015
Cyber risk trends in 2015Cyber risk trends in 2015
Cyber risk trends in 2015
Wynyard Group
 
HispanoTech Event - The Cyber Security Readiness of Canadian Organizations
HispanoTech Event - The Cyber Security Readiness of Canadian OrganizationsHispanoTech Event - The Cyber Security Readiness of Canadian Organizations
HispanoTech Event - The Cyber Security Readiness of Canadian OrganizationsFernando Blasco
 
Building an insider threat program
Building an insider threat programBuilding an insider threat program
Building an insider threat program
Veriato
 
Cyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 minsCyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 mins
INKPPT
 
Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017
japijapi
 
IT Security
IT SecurityIT Security
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)
Kroll
 

What's hot (20)

Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015
 
Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the Retaliation
 
Cyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on SecurityCyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on Security
 
Managing Insider Risk
Managing Insider RiskManaging Insider Risk
Managing Insider Risk
 
Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk
 
Cyber Readiness and Hygiene for Government Contractors
Cyber Readiness and Hygiene for Government ContractorsCyber Readiness and Hygiene for Government Contractors
Cyber Readiness and Hygiene for Government Contractors
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business Experience
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 
What to expect at the 2015 Information Assurance for Forum
What to expect at the 2015 Information Assurance for ForumWhat to expect at the 2015 Information Assurance for Forum
What to expect at the 2015 Information Assurance for Forum
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber Shocks
 
Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT Security
 
Security Compliance and Management - Issues Faced by Organisations Today.
Security Compliance and Management - Issues Faced by Organisations Today.Security Compliance and Management - Issues Faced by Organisations Today.
Security Compliance and Management - Issues Faced by Organisations Today.
 
Cyber risk trends in 2015
Cyber risk trends in 2015Cyber risk trends in 2015
Cyber risk trends in 2015
 
HispanoTech Event - The Cyber Security Readiness of Canadian Organizations
HispanoTech Event - The Cyber Security Readiness of Canadian OrganizationsHispanoTech Event - The Cyber Security Readiness of Canadian Organizations
HispanoTech Event - The Cyber Security Readiness of Canadian Organizations
 
Building an insider threat program
Building an insider threat programBuilding an insider threat program
Building an insider threat program
 
Cyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 minsCyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 mins
 
Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017
 
IT Security
IT SecurityIT Security
IT Security
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)
 

Similar to Perimeter Security: Why it's no longer enough, and where cybersecurity must adapt

MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
William McBorrough
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global Findings
Symantec
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sector
Core Security
 
The Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
The Works 2018 - Industry Track - Cybersecurity for Staffing AgenciesThe Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
The Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
David Dourgarian
 
Scot Secure 2017
Scot Secure 2017Scot Secure 2017
Scot Secure 2017
Ray Bugg
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
CCIAOR
 
The Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionThe Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 edition
Stephen Cobb
 
Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology Conference
Institute of Chartered Secretaries and Administrators
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
Livingstone Advisory
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
The Network Support Company
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
XeniT Solutions nv
 
Drivers & Enablers of Insider Threats by Christina Lekati
Drivers & Enablers of Insider Threats by Christina LekatiDrivers & Enablers of Insider Threats by Christina Lekati
Drivers & Enablers of Insider Threats by Christina Lekati
Christina Lekati
 
Harnessing UEBA and Machine Learning technologies to protect enterprises from...
Harnessing UEBA and Machine Learning technologies to protect enterprises from...Harnessing UEBA and Machine Learning technologies to protect enterprises from...
Harnessing UEBA and Machine Learning technologies to protect enterprises from...
ZoneFox
 
2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One
FRSecure
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise
Mourad Khalil
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015sarah kabirat
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
PECB
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition:  MePush Cyber Security for Small BusinessBe More Secure than your Competition:  MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small Business
Art Ocain
 

Similar to Perimeter Security: Why it's no longer enough, and where cybersecurity must adapt (20)

MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global Findings
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sector
 
The Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
The Works 2018 - Industry Track - Cybersecurity for Staffing AgenciesThe Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
The Works 2018 - Industry Track - Cybersecurity for Staffing Agencies
 
Scot Secure 2017
Scot Secure 2017Scot Secure 2017
Scot Secure 2017
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
The Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionThe Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 edition
 
Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology Conference
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
 
Drivers & Enablers of Insider Threats by Christina Lekati
Drivers & Enablers of Insider Threats by Christina LekatiDrivers & Enablers of Insider Threats by Christina Lekati
Drivers & Enablers of Insider Threats by Christina Lekati
 
Information Security
Information SecurityInformation Security
Information Security
 
Harnessing UEBA and Machine Learning technologies to protect enterprises from...
Harnessing UEBA and Machine Learning technologies to protect enterprises from...Harnessing UEBA and Machine Learning technologies to protect enterprises from...
Harnessing UEBA and Machine Learning technologies to protect enterprises from...
 
2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition:  MePush Cyber Security for Small BusinessBe More Secure than your Competition:  MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small Business
 

Recently uploaded

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 

Perimeter Security: Why it's no longer enough, and where cybersecurity must adapt

  • 1. Analyze. Detect. Protect. ZoneFox – The modern business has noperimeter The ever changing challenge requires a new approach !
  • 2. Background Jonny Tennyson Head ofCustomer Success • Spun out ofNapier University Edinburgh by current CEO&Founder DrJamie Graves in 2011 • Multiple awardsfor CyberInnovation, Best Product, Best StartUp • Global customers – ZoneFox Headquarters in Edinburgh • Startup toscale - 3 people to30+ • Growth driven byinnovation anddifferentiation • Customers in Finance, Retail, Legal, Technology, Manufacturing
  • 3. Who are we? ZoneFox is an award winning market leader in User Behaviour Analytics, providing critical insights around data-flow that you need to secure against theInsiderThreat. A few of our reference customers…
  • 4. Cyber Security - traditional methods Intrusion Detection Perimeter Protection Anti Virus Firewalls Application Whitelisting Network Packet Inspection Encryption Next Generation Anti Virus Log aggregation & SIEM
  • 5. Time to do something different…..
  • 6. Why such a risk in business today? People working from home “a threat to Cyber Security” charities warned Neil Sinclair, London Digital Security Centre
  • 7. So what is Insider Threat ? • People – asset and a liability • Accidental, malicious, careless, collusion • Causes - lack of training, lack of controls, lack of visibility, easy to bypass controls
  • 8. Quittin’ Quentin • Customer Data • Intellectual Property • Technical Data • Commercial Documents
  • 9. Disgruntled Dave • Bright and Ambitious • Un-kept Promises • Undervalued • Ignored
  • 10. Sandra the Spy • Financial Pressures • Personal Matters that may lead to blackmail • Disgruntled – Show of defiance
  • 11. Careless Caroline • Ignorant of Security Policy • Not been Trained • Under Pressure • Trying to get her job done • Victim of Phishing/Social Engineering
  • 12. Did I just accidentally send that customer list to someone? I’ve just been offered job with our biggest competitor I’m really annoyed that I didn’t get that promotion The Insider Threat - Your top- performing team….. My account has been compromised
  • 13. Relevance to the Enterprise Job titles that didn’t really exist 3 years ago; • Head of Insider Threat Deloitte • Insider Threat Consultant EY • Insider Cyber Risk Assessor Barclays • Insider Threat Analyst BAE Systems • Director of Insider Threat GE • Head of Investigation & Insider Threat Worldpay • VP of Insider Threat Citizens Bank • Insider Risk Manager Lloyds BG • Head of Data – Insider Risk HSBC Source - LinkedIn, Sept 2018
  • 14. Telecom giant accuses employee of data theft - May 2016 “Company insiders are behind 1 in every 4 data breaches” The Register, April 2018
  • 15. Analyze. Detect. Protect. Conclusion • People / Employees are the perimeter • Partners are the perimeter • Supply chain is the perimeter • Is there really a perimeter?
  • 16. 40 Torphichen Street, Edinburgh, EH3 8JB +44 (0) 845 388 4999 info@zonefox.com @zonefox zonefox.com

Editor's Notes

  1. Good morning, and thank you in advance for your attention over the next 15 minutes. We are ZoneFox, and today I’ve been asked to talk about the perimeter within the modern business, and whether it actually exists.
  2. Some Background first - ZoneFox was started out of Napier University in Edinburgh in 2011 and we shipped our first product to customers in 2013. We’ve won multiple awards since. Our growth curve has been incredible during that time and we consider ourselves now to be exiting the start up phase and truly entering the scale up phase.Our Initial investment has gone into R&D and now we are using that investment to Market and Sell ZoneFox on a Global basis. We’ve had a strong emphasis on the UK market to start, but we have some fantastic clients in the US and we’ll be using that to grow other markets in 2019.
  3. ZoneFox is an award winning market leader in User Behaviour Analytics, providing critical insights around data-flow that you need to secure against the insider threat. Below we have a number of publicly available reference clients that we work with. There are many verticals here, as you can see but these are companies with a familiar and very common challenge. Namely; Protection of their IP, their Brand Value and Reputation, Compliance, and more. Lots of recognisable names here - Rockstar North, who use our solution to protect the Grand Theft Auto game series, Pinsent Masons - a very well-known UK based international law firm. And some very well known Retail clients; such as Pret a Manger, and the Central England Co-operative group.
  4. On to the topic itself. This is what IT Security has looked like for the last 20-25 years. It’s the traditional Castle and Moat model. We have some very valid and necessary technologies here - [Name a few,] Simply put - exterior security, wrapped around everything you want to keep safe, with a secured entry in and out. It’s not an ineffective approach by any means, we’ve been doing this for so long for a reason; but today we let so many people inside this perimeter; family, friends - external partners and suppliers. Our focus on keeping the bad people out over the last two decades or more has taken us away from looking - and I mean really looking - at the threats that already exist inside the castle, and who has keys to the drawbridge. It’s no longer about blocking everything - it’s about getting an understanding of what’s going on inside your business.
  5. It’s time to do something different. This is an old slide but very pertinent, I think this sums up the secure perimeter approach quite well! You can build up your layered security - adding more and more layers until you have a layered wedding cake of a perimeter - but you’re still going to miss the key threats already within.
  6. So why is this such a risk in business today? Home working is becoming more and more common for a proportion of the week, in fact recently some of the largest financial institutions have downsized their real estate footprint to take account of this. The Head of Estates & Property at a large Bank recently told us that “if every employee turned up to the office one morning, we would have a huge problem” and I’ve spoken to employees at two other similarly sized organisations who say the same thing, and have enforced work-from-home days for their employees. The leader of the TUC stated only last week that, with the introduction of AI technologies that our jobs are easier to do, and that a 4 day working week is a reality in the UK very soon. Now I know; that’s an exciting prospect but that’s not my point - I’m just as excited as you are. But it highlights a very real and growing risk and this is one that is already prevalent across many organisations.
  7. Its true to say that people are our biggest asset. We are told this all the time. But, people make mistakes and people don’t always act as we expect them to, hence they are also one of our biggest weaknesses. We see this all the time and there are a few common themes of Insider Threat that can be identified. Let’s take a look at these now. First up…
  8. There comes a time in almost everyone’s career where they decide that a change is necessary. If they can’t change positions within their organization, they often leave for pastures new. Everyone wants to be able to provide value in their next role, but they may do it in different ways. In the case of Quittin’ Quentin, he decided to take customer data with him to provide great value to his new employer. When it comes to dealing with employee exits, be mindful of those who have access to:
  9. Dave was a bright employee who was promoted quite quickly. He thought he was helping the company by bringing to light a vulnerability in the company’s software, but since there was no real-world exploit, the management team decided to accept the risk for now and push forward. Dave’s advice was not heeded, although he thought he was really on to something. He tried several times to sway public opinion, and in the end his anger pushed him over the edge, causing him to resort to destroying a software release to prove a point. A point to note - some of the reasons that employees become disgruntled - and remember, these issues are from the employee’s perspective so can be difficult to spot:
  10. Forced into being a bad actor. Sandra the Spy’s situation is not unique. Many employees are in positions where they don’t make enough money. This isn’t necessarily an opinion, but a result of life choices. Sometimes parents need to care for their kids, but don’t feel that they make enough money to do so. Sometimes a couple would like to get married or put a down payment on a house, but money is perpetually tight. On occasion, a competing entity with few morals may take advantage, presenting an offer that the potential spy can’t (or feels they can’t) refuse, turning them to their side. Corporate spies don’t always have to be turned, mind you, they may also be planted in your organization early on by a competitor or a nation state to await further instruction. Fortunately, corporate espionage is not an ubiquitous threat to all organizations in all lines of business, but it’s always a possibility if your business revolves around intellectual property.
  11. A project manager, working 100MPH, under huge pressure, trying to please everyone. [Important point to note here] Caroline is definitely not a malicious actor. There is no motivation to steal, destroy, or otherwise harm her organization’s data. Unfortunately, Careless Caroline is an all too common character in today’s organization. Whether it’s leaving a workstation unlocked, leaving passwords on sticky notes, allowing strangers to tailgate when she swipes into the office, or clicking on malicious links without first understanding who sent the link or why, Careless Carolines everywhere are letting the bad guys in regularly. Even if they don’t mean to. Few technical controls can actually help stem this tide; if you want to help Careless Caroline be more careful in her day-to-day dealings, education – and monitoring - is key.
  12. So…here’s your team. Your team is the best team in the world. They’re all trustworthy and you have no need to doubt any of them. Until they come to leave you to join your biggest competitor. Still feel so confident about their trustworthiness? What projects have then been working on? What data did they have access to? Do you think that they could have stolen anything over the past few months? How do you know? We recently worked with a Formula 1 team who was concerned that key designs were at risk of theft from within. Now, Formula 1 is a sport where this is rife, as it’s such a technically driven, expensive, competitive sport. Needless to say, they were right to be concerned. After working with them for a short period of time, we discovered that an employee who was preparing to leave, had managed to gain access to their design files on the team’s car. And guess what they did next? They transferred the lot onto removable media. We find this same story replicated across just about every customer we work with – it’s time to rethink the perimeter.
  13. Some recent analysis conducted last week, have a look at the names of the companies on the right hand side and these ‘new genre’ job titles. This is a growing job area and its fair to say very few of these titles didn’t exist a few years ago? A bit like a ‘GDPR manager’ – there you go, had to get GDPR into the presentation at some point 
  14. Here we have further emphasis by recent publications and news articles that the old perimeter protection methodologies are dated. Tesla particularly damaging and again, extremely public. An “Oil and Gas customer” of ZoneFox’s - recently found 3D CAD designs going to Russia - they have no customers or partners in Russia. Industrial sabotage, caught in the act.
  15. If there is a perimeter – it’s people, employees. It’s partners. It’s our supply chain. BA was only the other week, they discovered where their perimeter really is, it was the same as Ticketmaster’s - and they’re potentially facing a £500M class-action suit as a result. These are not small names. So, is there really a perimeter? Thank you so much for listening, I hope this has provoked a thought or two and I look forward to speaking to you throughout today.