1 / 40

The Enemy Within

Learn about the dangers of insider threats and how to detect, prevent, and sustain a secure state. Discover examples of insider threats, the vulnerability of data, and the importance of monitoring user behavior.

enadeau
Download Presentation

The Enemy Within

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Enemy Within Understanding Insider Threats

  2. About Me • Sonya Wilcox • Sales Engineer • https://www.linkedin.com/in/sonyalee/ • www.varonis.com

  3. Agenda • A few thoughts on ransomware • Examples of insider threats • Detection, response, recovery and prevention

  4. $17,000 40 BTC

  5. But what’s a hospital’s data actually worth? What are their services worth?

  6. – Kevin Beaumont, Malware Analyst I am seeing around 4,000 new infections per hour, or approximately 100,000 new infections per day.

  7. Google Trends: Ransomware (1 year ago)

  8. Google Trends: Ransomware

  9. Why is Ransomware so dangerous?

  10. Insiders have a lot of access 62% of end users say they have access to company data they probably shouldn’t see 29% of IT respondents say their companies fully enforce a strict least privilege model

  11. Very few watch what insiders are doing 35% of organizations have no searchable records of file system activity 38% do not monitor any file and email activity.

  12. But what changed?

  13. Bitcoin: Anonymously monetizing malware at scale

  14. The canary in the coal mine: Malware Molly

  15. Ransomware is the only threat that wants you to know it’s there

  16. Let’s Meet The OtherInsider Threats

  17. Disgruntled Dan

  18. Image credit: FBI

  19. Image credit: Praxis Films / Laura Poitras Image credit: FBI

  20. Abusive Admin Andy

  21. As he was getting near retirement, the system administrator received an offer to sell corporate data, which would have allowed him to purchase the house of his dreams and retire as he always wanted.

  22. They was firing me.I just beat them to it. Nothing personal, the upper management need to see what they guys on the floor is capable of doing when they keep getting mistreated. I took one for the team.

  23. Hijacked Hillary

  24. “The service I examined for this post currently is renting access to nearly 17,000 computers worldwide”

  25. What data is most vulnerable to insider threats?

  26. — Gartner, 2015 Data volume is set to grow 800% over the next 5 years and 80% of it will reside as unstructured data.

  27. – Jeff Wagner, OPM’s Director of Security Operations The attackers primarily focused on utilizing SMB commands to map network file shares of OPM users who had administrator access or were knowledgeable of OPM’s PIPS system. The attacker would create a shopping list of the available documents contained on the network file shares.

  28. Discovery Timeline Source: Verizon 2016 Data Breach Investigations Report

  29. What can you do?

  30. Detect Prevent sustain insider threats by analyzing data, account activity, and user behavior. a secure state by automating authorizations, migrations, & disposition. disaster by locking down sensitive and stale data, reducing broad access, and simplifying permissions.

  31. DETECT Map directory services, permissions, file systems Discover sensitive and stale data Automatically identify administrators, service accounts, and executives Audit all file system and email activity Baseline what normal behavior looks like Detect suspicious behavior • Crypto intrusion and other malware infections • Privilege escalations • Abnormal access to sensitive data Prioritize where sensitive data is overexposed and at-risk

  32. PREVENT Lock down sensitive and stale data Fix Active Directory and file system issues Eliminate global groups Simplify permissions structure Identify Data Owners outside of IT Prune unnecessary access Data Owners perform entitlement reviews

  33. SUSTAIN Automatically catch and correct deviations from policy and trusted state Automate quarantiningof sensitive data Continuously monitor all user & file system activity Automate archival or disposal of stale data Automate revocation of access Automate authorization workflows and entitlement reviews

  34. Summary • Ransomware is an epidemic • Its existence, persistence and “success” illustrate how soft our “insides” are • Other insider threats are more dangerous • Files and emails are frequent targets • The approach: Detect, Prevent, Sustain

  35. Free Data Risk Assessment – http://bit.ly/threatcheck

  36. Brian Vecci @brianthevecci www.varonis.com

More Related