2. Your Speakers
Nick Cavalancia
Nick Cavalancia is a cyber-security expert with over 25 years of enterprise IT and
security experience. He regularly blogs, writes, and speaks on a wide range of cyber
security issues, helping organizations, IT professionals, MSPs, and technology vendors
understand the state of both insider and external threats, and how to build and
execute a strategy to minimize risk.
Patrick Knight
Patrick Knight is the Senior Director of Cyber Strategy and Technology at Veriato where he
helps organizations protect critical data from threats by trusted insiders. His cybersecurity
career spans 17 years helping enterprises protect against online threats and developing
anti-malware, network intrusion detection, computer and network forensics and
encryption technologies.
3. Agenda
• Dark Web 101: Defining the Threat
• Employees and the Dark Web: Why and How?
• Detecting and Blocking Dark Web activity
4. • TOR Browser
• Browser Extensions
• VPN Use (optional)
Dark Web 101
GETTING ON THE DARK WEB
12. Employees and the Dark Web
• Direct Access to Bad Guys
• Monetization
– Data
– Credentials
• Solicitation
• Exfiltration
HOW CAN THE DARK WEB BE USED?
13. Detecting Employee Dark Web Activity
• TOR browser (process, application title, files)
• Site names - e.g. .onion (window title)
• Network Traffic
• Presence of VPN
• Leading threat indicators
WHAT ARE THE TELLTALE SIGNS?
14. Blocking the Dark Web
• Use of the TOR browser
• Network traffic to .onion sites
• Use of VPN
WHAT SHOULD YOU DISALLOW?
15. Stopping the Dark Web Threat
• Employees-turned-insiders are a legitimate threat
• The Dark Web enables so much threatening behavior
• Detection and blocking require some effort, but are
achievable.
16. Cerebral Insider Threat Intelligence Platform
Cerebral provides an end-to-end integrated internal threat intelligence
platform that maximizes both security and efficiency while providing the
concrete proof to take legal action.
• Powered by AI
• Fully Integrated
• Scalable
• Cloud or On-Prem
• Eyes on Glass Technology
Let’s talk a bit about whether it’s illegal to be on the Dark Web, to use the TOR browser, etc.
[I’ll cover this briefly]
While our focus today is the dark web, all of the “sub-surface” web is leveraged by cybercriminals, insiders, etc., correct? (thinking we’d talk about non-crawled, but accessible data as sources of data breaches, data sharing, etc.)
[I’m thinking I’ll verbally hand “control” over to you to cover these next 6 slides relatively quickly as more an education of the audience with a bit of back-and-forth, rather than formal questions on each slide (we’ll run out of time). I’ll have some commentary, but you’ll drive the coverage of these while I do the clicking).
[I’ll go over each of these first and then ask you the following questions]
What other ways have you seen employees use the Dark Web for personal gain?
Which of these is most prevalent?
[I’ll go over each of these first and then ask you the following questions]
Patrick, what other ways have you found useful to detect DW activity?
Which of these do you see as being most effective?
(I purposely left the list short) Patrick, what else are you seeing customers doing to block the dark web?