SlideShare une entreprise Scribd logo

Why Insider Threat is a C-Level Priority

Télécharger en tant que PPTX, PDF
ObserveIT
ObserveIT

Eric Cole probably the last person on earth you’d expect to encourage making insider threat a C-level priority after devoting a decade of his career to external threat and endpoint security, as the for CTO of McAfee and Chief Scientist for Lockheed Martin. But sometimes the best advice comes from the least expected places.

Technologie
1  sur  19
Why Insider Threat is a C-Level Priority by Dr. Eric Cole © 2016 Secure Anchor Consulting. All rights reserved.
Are You Focused on the Correct Area?
External vs Internal ● Deliberate/Malicious Insider ● Accidental Insider ● Source of the damage — External ● Cause of the damage — Internal
Paradigm Shift 53% of organizations have experienced an insider incident 33% of organizations have no formal response plan 54% of IT professionals believe an insider threat is harder to detect today
Nature of Insider Threats ● Two main forms of insider threat: — Deliberate/malicious insider — Accidental insider ● Why do insiders become targets? — As external targets become more difficult, attackers find insiders are an easier avenue to compromise
If You Have Employees/Contractors, You Have an Insider Threat Problem Bottom Line
Insider Threat Current State Insider threats are on IT’s radar Spending on insider threats will increase The financial impact is significant Organizations fail to focus on solutions Insider threat often the cause of damage Prevention is more a state of mind than a reality
Assessing Vulnerability to Insiders ● What information would an adversary target? ● What systems contain the information that attackers would target? ● Who has access to critical information? ● What would be the easiest way to compromise an insider? ● What measures or solutions can IT use to prevent/detect these attacks? ● Does our current budget appropriately address insider threats? ● What would a security roadmap that includes insider threats look like for our organization?
Insider Attack Chain – Bad Attacker Tipping Point - Going From Good to Bad Communicating via LinkedIn / Gmail message to competitor. Playing video games with lack of regard. 1 Searching for Data Password harvesting or unauthorized access to co- workers computers. 2 Capture and Hide the Data Encrypt and rename file extensions - password protected ZIP file. 3 Data Exfiltration Send ZIP file over Wetransfer - off hours transfers. 4
Insider Attack Chain – Negligent User Detect Negligent Behavior 1 Inform Users of Security Policy 2 Enforce Behavior Change 3
Solutions for Insider Threat
How well is your organization doing with insider threats? ● Policy ● Procedures ● Awareness ● Training ● Technology ● Administrative ● Executive Support We calculating your “insider threat GPA”, you can see what the biggest exposure you have to insider threats is likely to be. Write your organization’s report card and focus on the lowest scoring areas.
Preventing Insider Threat ● Deliberate Insider – Difficult — More focus on authorization and access ● Accidental Insider - Possible — Differentiate between required functionality and optional functionality — Typical avenues of attack ● Exe attachments ● Macros embedded in Office documents ● Active scripting ● HTML embedded content
Detecting Insider Threat Activity patterns focused on data: — Amount of data accessed — Failed access attempts — Data copied or sent to external sources There are differences in activity between a normal user and an insider threat.
Detecting Accidental Insider ● Accidental insider is being targeted by external entity ● Almost all external attackers setup C2 ● Focus on outbound traffic — Number of connections — Length of the connections — Amount of data — Percent that is encrypted — Destination IP address Focus on Command & Control Channel
Building an Insider Threat Program ● Determine access ● Profile user behavior ● Control administrator access ● Raise awareness ● Monitor activity Conventional wisdom does not work when it comes to security. Giving someone unneeded access just makes it easier for the adversary and increases the amount of damage that can be caused by a successful attack.
Make Sure You Are Solving the Correct Problem ● Always force a user to log in as a normal user. All operating systems can be configured to allow only normal user accounts to login and never allow someone with admin privileges to log directly into the system. ● Configure any application that needs to run with administrator privileges to either “Run as Administrator” or sudo to the appropriate access that is needed. ● Log and carefully review all privileged access. ● If an employee needs a system where they have to log in directly as administrator, give them a separate system for any access he or she may need to the Internet.
Summary ● Perform damage assessment of threats ● Map past and current investment against threats ● Determine exposure to insider threats ● Create attack models to identify exposures ● Identify root-cause vulnerabilities ● Block and remove the vector of the attack ● Control flow of inbound delivery methods ● Filter on executable, mail and web links ● Monitor and look for anomalies in outbound traffic Insider Threat Checklist
Thank You for Your Time! DR. Eric Cole Twitter: drericcole ecole@secureanchor.com eric@sans.org www.securityhaven.com

Recommandé

Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?ObserveIT
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionObserveIT
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeDavid Mai, MBA
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider ThreatsLancope, Inc.
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 

Recommandé

Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?ObserveIT
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionObserveIT
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeDavid Mai, MBA
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider ThreatsLancope, Inc.
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threatzhihaochen
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCybera Inc.
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasuresKAMRAN KHALID
 
How to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramHow to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramObserveIT
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsObserveIT
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider ThreatMurray Security Services
 
ObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity ManagementObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity ManagementObserveIT
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRIZivaro Inc
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chainTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3Lancope, Inc.
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessEric Schiowitz
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
Insider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and ProtectionInsider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and ProtectionObserveIT
 
Ht t17
Ht t17Ht t17
Ht t17SelectedPresentations
 
Insider threat
Insider threatInsider threat
Insider threatARCON TECHSOLUTIONS
 
Insider Threat
Insider ThreatInsider Threat
Insider ThreatAndy Thompson
 
Integrated cyber defense
Integrated cyber defenseIntegrated cyber defense
Integrated cyber defensekajal kumari
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insidersgjohansen
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatAndrew Case
 
Gov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsGov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsSplunk
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM Security
 

Contenu connexe

Tendances

The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threatzhihaochen
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCybera Inc.
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasuresKAMRAN KHALID
 
How to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramHow to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramObserveIT
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsObserveIT
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
ObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity ManagementObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity ManagementObserveIT
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRIZivaro Inc
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessEric Schiowitz
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
Insider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and ProtectionInsider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and ProtectionObserveIT
 
Integrated cyber defense
Integrated cyber defenseIntegrated cyber defense
Integrated cyber defensekajal kumari
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insidersgjohansen
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatAndrew Case
 

Tendances (20)

The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasures
 
How to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramHow to Implement an Insider Threat Program
How to Implement an Insider Threat Program
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
ObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity ManagementObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity Management
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
Insider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and ProtectionInsider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and Protection
 
Ht t17
Ht t17Ht t17
Ht t17
 
Insider threat
Insider threatInsider threat
Insider threat
 
Insider Threat
Insider ThreatInsider Threat
Insider Threat
 
Integrated cyber defense
Integrated cyber defenseIntegrated cyber defense
Integrated cyber defense
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insiders
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider Threat
 

En vedette

Gov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsGov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsSplunk
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM Security
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniLoay Elbasyouni
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threatzhihaochen
 
The Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatThe Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatImperva
 
Comprehensive Data Leak Prevention
Comprehensive Data Leak PreventionComprehensive Data Leak Prevention
Comprehensive Data Leak PreventionTanvir Hashmi
 
Proactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider ThreatProactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider ThreatPriyanka Aash
 
SplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunk
 
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT
 
Gov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsGov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsSplunk
 
Dealing with the insider threat.
Dealing with the insider threat.Dealing with the insider threat.
Dealing with the insider threat.Matt Lemon
 
Insider Threat Kill Chain: Detecting Human Indicators of Compromise
Insider Threat Kill Chain: Detecting Human Indicators of CompromiseInsider Threat Kill Chain: Detecting Human Indicators of Compromise
Insider Threat Kill Chain: Detecting Human Indicators of CompromiseTripwire
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsPriyanka Aash
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisPriyanka Aash
 
I am my worst enemy — A first person look at Insider Threat
I am my worst enemy — A first person look at Insider ThreatI am my worst enemy — A first person look at Insider Threat
I am my worst enemy — A first person look at Insider ThreatAhmed Masud
 
Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Priyanka Aash
 

En vedette (17)

Gov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsGov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior Analytics
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 
The Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatThe Insider's Guide to the Insider Threat
The Insider's Guide to the Insider Threat
 
Comprehensive Data Leak Prevention
Comprehensive Data Leak PreventionComprehensive Data Leak Prevention
Comprehensive Data Leak Prevention
 
Proactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider ThreatProactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider Threat
 
SplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security Ninjitsu
 
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric ColeObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
ObserveIT - Unintentional Insider Threat featuring Dr. Eric Cole
 
Gov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsGov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior Analytics
 
Dealing with the insider threat.
Dealing with the insider threat.Dealing with the insider threat.
Dealing with the insider threat.
 
Attack lecture #2 ppt
Attack lecture #2 pptAttack lecture #2 ppt
Attack lecture #2 ppt
 
Insider Threat Kill Chain: Detecting Human Indicators of Compromise
Insider Threat Kill Chain: Detecting Human Indicators of CompromiseInsider Threat Kill Chain: Detecting Human Indicators of Compromise
Insider Threat Kill Chain: Detecting Human Indicators of Compromise
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security Controls
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet Analysis
 
I am my worst enemy — A first person look at Insider Threat
I am my worst enemy — A first person look at Insider ThreatI am my worst enemy — A first person look at Insider Threat
I am my worst enemy — A first person look at Insider Threat
 
Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies
 

Similaire à Why Insider Threat is a C-Level Priority

Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeDavid Mai, MBA
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | SecloreSeclore
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...BeyondTrust
 
External Attacks Against Pivileged Accounts
External Attacks Against Pivileged AccountsExternal Attacks Against Pivileged Accounts
External Attacks Against Pivileged AccountsLindsay Marsh
 
Defending Against Internal Threats - Interop 2015
Defending Against Internal Threats - Interop 2015Defending Against Internal Threats - Interop 2015
Defending Against Internal Threats - Interop 2015identityautomation
 
User Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesUser Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesSpectorsoft
 
A Practical Security Framework for Website Owners
A Practical Security Framework for Website OwnersA Practical Security Framework for Website Owners
A Practical Security Framework for Website OwnersTony Perez
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
 
CISSP Week 9
CISSP Week 9CISSP Week 9
CISSP Week 9jemtallon
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?PECB
 

Similaire à Why Insider Threat is a C-Level Priority (20)

Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric Cole
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
 
Information Security
Information SecurityInformation Security
Information Security
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | Seclore
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
 
External Attacks Against Pivileged Accounts
External Attacks Against Pivileged AccountsExternal Attacks Against Pivileged Accounts
External Attacks Against Pivileged Accounts
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 
Defending Against Internal Threats - Interop 2015
Defending Against Internal Threats - Interop 2015Defending Against Internal Threats - Interop 2015
Defending Against Internal Threats - Interop 2015
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum 2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
User Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesUser Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To Companies
 
A Practical Security Framework for Website Owners
A Practical Security Framework for Website OwnersA Practical Security Framework for Website Owners
A Practical Security Framework for Website Owners
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
CISSP Week 9
CISSP Week 9CISSP Week 9
CISSP Week 9
 
insider threat research
insider threat researchinsider threat research
insider threat research
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?
 

Plus de ObserveIT

Observe it v67 webinar v5
Observe it v67 webinar v5Observe it v67 webinar v5
Observe it v67 webinar v5ObserveIT
 
ObserveIT Version 6.7 Release Highlights
ObserveIT Version 6.7 Release HighlightsObserveIT Version 6.7 Release Highlights
ObserveIT Version 6.7 Release HighlightsObserveIT
 
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...ObserveIT
 
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security StrategyObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security StrategyObserveIT
 
Cloud Security Allianz Webinar
Cloud Security Allianz WebinarCloud Security Allianz Webinar
Cloud Security Allianz WebinarObserveIT
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringObserveIT
 
Ins and outs of ObserveIT
Ins and outs of ObserveITIns and outs of ObserveIT
Ins and outs of ObserveITObserveIT
 
Super User or Super Threat?
Super User or Super Threat?Super User or Super Threat?
Super User or Super Threat?ObserveIT
 
Data Protection Webinar
Data Protection WebinarData Protection Webinar
Data Protection WebinarObserveIT
 
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...ObserveIT
 
Xerox: Improving Data & App Security
Xerox: Improving Data & App SecurityXerox: Improving Data & App Security
Xerox: Improving Data & App SecurityObserveIT
 
2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data BreachObserveIT
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinderObserveIT
 
3 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 20153 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 2015ObserveIT
 
Whitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and SolarisWhitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and SolarisObserveIT
 
ObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT Brochure - Like a Security Camera on your ServersObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT Brochure - Like a Security Camera on your ServersObserveIT
 
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...ObserveIT
 
Case Study - Auditing remote access of employees at a leading financial insti...
Case Study - Auditing remote access of employees at a leading financial insti...Case Study - Auditing remote access of employees at a leading financial insti...
Case Study - Auditing remote access of employees at a leading financial insti...ObserveIT
 
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN TreasuryCase Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN TreasuryObserveIT
 
Case Study - Establishing Visibility into Remote Vendor Access at Pelephone
Case Study - Establishing Visibility into Remote Vendor Access at PelephoneCase Study - Establishing Visibility into Remote Vendor Access at Pelephone
Case Study - Establishing Visibility into Remote Vendor Access at PelephoneObserveIT
 

Plus de ObserveIT (20)

Observe it v67 webinar v5
Observe it v67 webinar v5Observe it v67 webinar v5
Observe it v67 webinar v5
 
ObserveIT Version 6.7 Release Highlights
ObserveIT Version 6.7 Release HighlightsObserveIT Version 6.7 Release Highlights
ObserveIT Version 6.7 Release Highlights
 
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
 
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security StrategyObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
ObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy
 
Cloud Security Allianz Webinar
Cloud Security Allianz WebinarCloud Security Allianz Webinar
Cloud Security Allianz Webinar
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity Monitoring
 
Ins and outs of ObserveIT
Ins and outs of ObserveITIns and outs of ObserveIT
Ins and outs of ObserveIT
 
Super User or Super Threat?
Super User or Super Threat?Super User or Super Threat?
Super User or Super Threat?
 
Data Protection Webinar
Data Protection WebinarData Protection Webinar
Data Protection Webinar
 
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
User Activity Monitoring: Identify and Manage the Risk of Your Users - ISACA ...
 
Xerox: Improving Data & App Security
Xerox: Improving Data & App SecurityXerox: Improving Data & App Security
Xerox: Improving Data & App Security
 
2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data Breach
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder
 
3 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 20153 Tips for Managing Risky User Activity in 2015
3 Tips for Managing Risky User Activity in 2015
 
Whitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and SolarisWhitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and Solaris
 
ObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT Brochure - Like a Security Camera on your ServersObserveIT Brochure - Like a Security Camera on your Servers
ObserveIT Brochure - Like a Security Camera on your Servers
 
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
Case Study - System Access Audit Compliance at The Center to Promote HealthCa...
 
Case Study - Auditing remote access of employees at a leading financial insti...
Case Study - Auditing remote access of employees at a leading financial insti...Case Study - Auditing remote access of employees at a leading financial insti...
Case Study - Auditing remote access of employees at a leading financial insti...
 
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN TreasuryCase Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
Case Study - Customer Auditing and ISO 27001 Certification at BELLIN Treasury
 
Case Study - Establishing Visibility into Remote Vendor Access at Pelephone
Case Study - Establishing Visibility into Remote Vendor Access at PelephoneCase Study - Establishing Visibility into Remote Vendor Access at Pelephone
Case Study - Establishing Visibility into Remote Vendor Access at Pelephone
 

Dernier

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 

Why Insider Threat is a C-Level Priority

  • 1. Why Insider Threat is a C-Level Priority by Dr. Eric Cole © 2016 Secure Anchor Consulting. All rights reserved.
  • 2. Are You Focused on the Correct Area?
  • 3. External vs Internal ● Deliberate/Malicious Insider ● Accidental Insider ● Source of the damage — External ● Cause of the damage — Internal
  • 4. Paradigm Shift 53% of organizations have experienced an insider incident 33% of organizations have no formal response plan 54% of IT professionals believe an insider threat is harder to detect today
  • 5. Nature of Insider Threats ● Two main forms of insider threat: — Deliberate/malicious insider — Accidental insider ● Why do insiders become targets? — As external targets become more difficult, attackers find insiders are an easier avenue to compromise
  • 6. If You Have Employees/Contractors, You Have an Insider Threat Problem Bottom Line
  • 7. Insider Threat Current State Insider threats are on IT’s radar Spending on insider threats will increase The financial impact is significant Organizations fail to focus on solutions Insider threat often the cause of damage Prevention is more a state of mind than a reality
  • 8. Assessing Vulnerability to Insiders ● What information would an adversary target? ● What systems contain the information that attackers would target? ● Who has access to critical information? ● What would be the easiest way to compromise an insider? ● What measures or solutions can IT use to prevent/detect these attacks? ● Does our current budget appropriately address insider threats? ● What would a security roadmap that includes insider threats look like for our organization?
  • 9. Insider Attack Chain – Bad Attacker Tipping Point - Going From Good to Bad Communicating via LinkedIn / Gmail message to competitor. Playing video games with lack of regard. 1 Searching for Data Password harvesting or unauthorized access to co- workers computers. 2 Capture and Hide the Data Encrypt and rename file extensions - password protected ZIP file. 3 Data Exfiltration Send ZIP file over Wetransfer - off hours transfers. 4
  • 10. Insider Attack Chain – Negligent User Detect Negligent Behavior 1 Inform Users of Security Policy 2 Enforce Behavior Change 3
  • 12. How well is your organization doing with insider threats? ● Policy ● Procedures ● Awareness ● Training ● Technology ● Administrative ● Executive Support We calculating your “insider threat GPA”, you can see what the biggest exposure you have to insider threats is likely to be. Write your organization’s report card and focus on the lowest scoring areas.
  • 13. Preventing Insider Threat ● Deliberate Insider – Difficult — More focus on authorization and access ● Accidental Insider - Possible — Differentiate between required functionality and optional functionality — Typical avenues of attack ● Exe attachments ● Macros embedded in Office documents ● Active scripting ● HTML embedded content
  • 14. Detecting Insider Threat Activity patterns focused on data: — Amount of data accessed — Failed access attempts — Data copied or sent to external sources There are differences in activity between a normal user and an insider threat.
  • 15. Detecting Accidental Insider ● Accidental insider is being targeted by external entity ● Almost all external attackers setup C2 ● Focus on outbound traffic — Number of connections — Length of the connections — Amount of data — Percent that is encrypted — Destination IP address Focus on Command & Control Channel
  • 16. Building an Insider Threat Program ● Determine access ● Profile user behavior ● Control administrator access ● Raise awareness ● Monitor activity Conventional wisdom does not work when it comes to security. Giving someone unneeded access just makes it easier for the adversary and increases the amount of damage that can be caused by a successful attack.
  • 17. Make Sure You Are Solving the Correct Problem ● Always force a user to log in as a normal user. All operating systems can be configured to allow only normal user accounts to login and never allow someone with admin privileges to log directly into the system. ● Configure any application that needs to run with administrator privileges to either “Run as Administrator” or sudo to the appropriate access that is needed. ● Log and carefully review all privileged access. ● If an employee needs a system where they have to log in directly as administrator, give them a separate system for any access he or she may need to the Internet.
  • 18. Summary ● Perform damage assessment of threats ● Map past and current investment against threats ● Determine exposure to insider threats ● Create attack models to identify exposures ● Identify root-cause vulnerabilities ● Block and remove the vector of the attack ● Control flow of inbound delivery methods ● Filter on executable, mail and web links ● Monitor and look for anomalies in outbound traffic Insider Threat Checklist
  • 19. Thank You for Your Time! DR. Eric Cole Twitter: drericcole ecole@secureanchor.com eric@sans.org www.securityhaven.com