1 / 13

Quest Software – APT and the Insider Threat

Quest Software – APT and the Insider Threat. Dmitry Kagansky, CTO - Public Sector (Federal) March 14, 2011. Agenda. The Insider Threat Advanced Persistent Threat What is it and what does it mean for Public Sector? The Federal Supply Chain

ulema
Download Presentation

Quest Software – APT and the Insider Threat

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Quest Software – APT and the Insider Threat Dmitry Kagansky, CTO - Public Sector (Federal) March 14, 2011

  2. Agenda • The Insider Threat • Advanced Persistent Threat • What is it and what does it mean for Public Sector? • The Federal Supply Chain • Where are the weaknesses, and how can they be shored up? • The Commercial Perspective • Paul Harper to discussion the view from the Commercial side • Privileged Identity Management (PIM) • The ‘firewall’ for the insider threat • Demonstration • Q & A #QSFTcybersecurity- follow this webcast/ask questions!

  3. The Insider Threat • We all know the stats and stories • The Insider is more dangerous • The Insider is more careless • The Insider is more malicious • However . . . • Sometimes . . . • The Insider doesn’t know he’s the source of the compromise! #QSFTcybersecurity- follow this webcast/ask questions!

  4. What is APT (Advanced Persistent Threat)? • New term for an old problem • Coined by Mandiant • What is it? • Advanced • No one attack is particularly sophisticated • Combination of attacks from many different vectors • Email • Web • Social Engineering • Devices • Persistent • No longer recreational or even opportunistic • This is someone’s job • Threat • Co-ordinated • Skilled, motivated and well-funded • What does it mean for Public Sector? #QSFTcybersecurity- follow this webcast/ask questions!

  5. The Federal Supply Chain • Any chain is only as strong as the weakest link • Where are the weaknesses, and how can they be shored up? • Documents • Adobe Acrobat is a bigger vehicle for malware than MS Word • Email • Websites • Devices • that USB stick you found at Starbucks! • An agency may be ‘clean’ but it is not safe if it interacts with anyone else on the outside • This same supply chain analogy applies to all agencies and all their partners • First Responders #QSFTcybersecurity- follow this webcast/ask questions!

  6. The Commercial Perspective • APTs are just as prevalent • Not publicly discussed or acknowledged • Part of the Federal Supply Chain • Many ties to government • Slower to acknowledge that it’s a problem #QSFTcybersecurity- follow this webcast/ask questions!

  7. Now what? • How do you guard against the APT? • Low & slow attacks • Days and weeks to develop • Multiple vectors • Data gathering and observation • Train your users • Constantly update anti-virus • Avoid giving out privileged access • Segregation of duties • Segregation of accounts (dual accounts for admins) #QSFTcybersecurity- follow this webcast/ask questions!

  8. Privileged Identity Management (PIM) • aka PAM (Privileged Account Management) • Elevated privileged are most dangerous when obtained by an APT • It’s not the secretary or the janitor that is a concern • It’s the people with the keys to the kingdom • They won’t know when they’ve given up the keys • 2 Flavors: • Named Accounts • System accounts such as root, oracle, administrator, etc • Password Vault • Continuous logging and monitoring • Session recording • Command control #QSFTcybersecurity- follow this webcast/ask questions!

  9. Demonstration #QSFTcybersecurity- follow this webcast/ask questions!

  10. Summary • Advanced Persistent Threat is a reality and only going to grow • Harder to detect • Harder to prevent • Weakness through weak security not just from users but partners • Elevated accounts are most dangerous #QSFTcybersecurity- follow this webcast/ask questions!

  11. Resources • Advanced Persistent Threat • http://en.wikipedia.org/wiki/Advanced_Persistent_Threat(Definition and overview page) • http://www.usenix.org/event/lisa09/tech/slides/daly.pdf(Excellent presentation from Raytheon) • http://www.mandiant.com(Great white papers and studies – check their M-Trends paper) • The Federal Supply Chain • http://www.businessofgovernment.org/sites/default/files/The%20Role%20of%20the%20Federal%20Supply%20Chain%20in%20Preparing%20for%20National%20Emergencies.pdf(Planning for the Inevitable: The Role of the Federal Supply Chain in Preparing for National Emergencies) • Quest TPAM • http://www.edmz.com #QSFTcybersecurity- follow this webcast/ask questions!

  12. Want more info? • DLT Contact Information:Phone: 877-783-7800 Email: quest-solutions@dlt.com Twitter: @DLTSolutions • Quest’s identity management solutions • http://www.quest.com/identity-management • http://www.GetToOne.com #QSFTcybersecurity- follow this webcast/ask questions!

  13. Thank You

More Related