Insider Threat: How Does Your Security Stack Measure Up?
Security technologists, practitioners, and the media love to talk about the latest malware, and zero-day attacks that hackers and nation states direct against their targets. The reality is that a significant portion of security incidents and data breaches come from within an organization’s security perimeter. The insider threat is the unglamorous side of security, and one that most vendors and industry professionals tend to ignore. Which tools in your security stack truly address the insider threat problem? What percentage of your security budget is dedicated to this issue? This presentation will explore the rise of the insider threat, and the five essential components of an effective approach to identifying and investigating breaches that result from the malicious or innocent actions of internal actors. Learning Objectives: • Learn about the trends, size & scope of the insider threat problem • How to Evaluate your security stack against the insider threat problem • Explore emerging concept of insider detection and investigation and the five required components of an insider threat approach.
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (9)
Ähnlich wie Insider Threat: How Does Your Security Stack Measure Up?
Ähnlich wie Insider Threat: How Does Your Security Stack Measure Up? (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Insider Threat: How Does Your Security Stack Measure Up?
- 1. Insider Threat: How Does Your Security Stack Measure Up? Rene Kolga, CISSP Head of Product, ThinAir
- 2. Does this security stack address the insider threat?
- 4. How Serious is Insider Threat? 25% of breaches come from insiders 58% of Financial Services attacks come from insiders 80% of Healthcare breaches come from insiders
- 5. Would you catch these insiders at your company?
- 6. Insider Detection and Investigation
- 7. How to address the insider threat problem?
- 8. 1. Endpoint Visibility » Endpoint is the point of interaction between people and data » Endpoint is where a lot of IP is created » Endpoint is often the blind spot
- 9. 2. Deep Context Visibility • M&A documents • PHI • PII • Financial information • Source code • Blueprints, etc. Network Device Application User Data (sensitive stuff here)
- 10. 3. Continuous Visibility » Track all interactions with information, continuously » Maintain historical audit log (6-24 months or longer) • Even if evidence has been tampered with or deleted
- 11. 4. Insider Behavior Detection » Detect insiders along the threat kill chain stages • Proactive prediction of exfiltration
- 12. 5. Business Impact » Provide business impact assessment » Value breach risk in $$$ vs. number of records lost
- 13. Let’s get started! » Insider threats are here to stay… » Visibility into user-information interaction is a must » Need the ability to quickly identify and investigate insider threats » Comprehensive program requires a blend of technology, policies and cultural changes
Hinweis der Redaktion
- Strong position/fully credentialed. Need complete visibility at every stage and earlier the better… Many security tools are focused on the Exfil stage only (DLP, FW), but they always find a way…sophisticated insiders (they have insider knowledge of org’s security control)…Innocent can catch, but not highly motivated
- Growth of unstructured data vs. structured – faster. IDG: Unstructured data is growing at the rate of 62% per year. IDG: By 2022, 93% of all data in the digital universe was unstructured. Gartner: Data volume is set to grow 800% over the next 5 years and 80% of it will reside as unstructured data. Endpoint is the point of interaction between people and data
- You don’t know in advance what is or will be sensitive…you cannot predict the future. M&A example – your partner becomes your acquirer… As much as 80% of company’s worth lies in its IP. At the same time, up to 50% of this IP lives exclusively on endpoints (Deloitte).
- Average time to identify the breach – 191 days. Average time to contain the breach – 66 days. Typical insider campaigns last for months or even years…. Of course you can’t store data in perpetuity, so there a ways to address that.
- Timing is important, but you also need to know where your insider are along the stages of exfiltration...by stage, by office, by department, by system type, etc.
- What does a lost record mean to you? 10m records lost? What is you could say it is $25M to the organization…Attach a real dollar value..prioritize the efforts…Bio-tech What if you could tell your CISO or CFO the exact value of a particular device or a team? Or the exact cost of a specific breach? And all of that in minutes or seconds, instead of weeks or months. Business impact – two elements: ….(2) This gives you an ability to justify a insider threat program and tool.
- Average enterprise employee will leave for a new job in 2-5 years and 50% will take data with them when they go.