1 / 13

Leveraging Information to Detect and Prevent Insider Attacks

Leveraging Information to Detect and Prevent Insider Attacks. Phoram Mehta. Senior Manager, Information Security Management, PayPal. Problem Definition Solution Challenges Current approaches A (New*) P roposal Q&A. AGENDA. DEFINITION.

hera
Download Presentation

Leveraging Information to Detect and Prevent Insider Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Leveraging Information to Detect and Prevent Insider Attacks • Phoram Mehta • Senior Manager, Information Security Management, PayPal

  2. Problem Definition Solution Challenges Current approaches A (New*) Proposal Q&A AGENDA

  3. DEFINITION Threats posed by employees, third parties, or malicious software that use legitimate access rights to networks, applications, and sensitive data

  4. Is this really a problem? Regular or Rare? T Childs San Francisco Network Administrator Changed admin passwords $900,000, and 60 percent of city services were affected Snowden CIA/NSA/Dell/BAH Leaked top-secret US gov surveillance details National security, and Privacy Phishing RSA SecurID Twitter May 2014?

  5. Why should I care? Impact Minority but more Damage 40% of data breaches and 1/3 of all malicious attacks 50% more vulnerable – ESG survey

  6. Scale Cloud Volume APT/New attacks Privacy/Trust Challenges to Solution

  7. A (New*) Approach ALARM AuthN and AuthZ Leakage Detection/Prevention Analytics Risk Management • Pre-requisites: • Data classification • BIA • Segmentation like the 80’s

  8. They are different In the right places Strong – 2FA, Biometric or SMS Review Don’t forget Physical Authentication and Authorization

  9. Each workstation/BYOD Outbound traffic IM/Email/SM Consequences Prevention is very hard Leakage Detection and Prevention

  10. End-to-End event correlation Priv User Pattern recognition Data Visualization Threat models/rules for known incidents Advanced heuristics and prediction Analytics

  11. Current State • Business Drivers • IP vs Customer data • Critical systems • Physical Security • Vendor Management Cost of Mitigation Company Culture External Obligations Roadmap for Growth Risk Management

  12. Some Sources for Additional Information ESG Insider Threat research - http://www.vormetric.com/sites/default/files/ap_Vormetric-Insider_Threat_ESG_Research_Brief.pdf SANS Reading Room - http://www.sans.org/reading-room/whitepapers/incident/protecting-insider-attacks-33168 CINDER (US Mil Insider Threat program) - http://www.darpa.mil/Our_Work/I2O/Programs/Cyber-Insider_Threat_(CINDER).aspx

  13. Q & A Thank You

More Related