Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
•Descargar como PPTX, PDF•
1 recomendación•234 vistas
This webinar is a continuation to Part 1: Identifying Insider Threats with Fidelis EDR Technology. Fidelis Engineers, Lucas Chumley and Louis Smith will provide a demonstration of how Fidelis Technology can help organizations respond to and prevent an insider threat from moving data externally. You’ll learn how our Elevate technology can be leveraged to successfully identify what data has left your network, and how to prevent data leaving in future by looking for similar information on all other assets.
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Similar a Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate (20)
Último
Último (20)
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
- 1. Insider Threat Part II Preventing Data Exfiltration
- 2. © Fidelis Cybersecurity Intro 2 Lucas Chumley Senior Sales Engineer Louis Smith Director, Sales Engineering
- 3. © Fidelis Cybersecurity Insider Threat Session I Round Up Defining an Insider Threat: • Categories of Insider Threat • Cross functional responsibilities • Indicators of Elevated Risk • The Struggle is Real • Assessing your Insider Threat Preparedness • Demo: Mitigate & Detect an Insider Threat 3
- 4. © Fidelis Cybersecurity Flavors of Data Exfiltration Digital IP, M&A Activity, Accounting Records, Customer Data 4 Physical Excessive printing, USB thumb drive control, physically moving media from one place to another, etc. Biggest Data Breaches of 21st Century Equifax: Over 145 million people were affected by the data breach which saw social security numbers, birth dates, home addresses and in some cases, drivers license numbers stolen www.csoonline.com
- 5. © Fidelis Cybersecurity Insider Threat – The Risk 5
- 6. © Fidelis Cybersecurity C2 Malware Anomaly 6 A malware anomaly may have been caused via a successful phishing attack that has resulted in an infected asset. Many hacking groups design malware with the sole purpose of exfiltrating data.
- 7. © Fidelis Cybersecurity Establishing a Baseline What’s normal? What’s not normal? 1) What is a baseline? 2) Examples of baselines vs. anomalous behavior 3) How Fidelis can help you establish a baseline 7
- 8. © Fidelis Cybersecurity The Fidelis Architecture 8
- 9. © Fidelis Cybersecurity Fidelis Secret Sauce 1. Metadata Helps the risk of : IoT devices, Cloud, Endpoint, File Servers, Network activity and Active Directory. Metadata also allows companies to Threat Hunt across their organization by way of reassembled Deep Session Inspection. 2. Minimize Dwell Time + Understanding Flavors of Data Exfil + Understanding the Types of Insider Threats + Establishing a Baseline = Reduced Dwell Time within your Organization 9
- 10. © Fidelis Cybersecurity Traditional Approach and Methodology 10 Monitor all behavior, all the time Detect and alert on baseline anomalies or divergence Investigate Alerts
- 11. © Fidelis Cybersecurity The Fidelis Difference 11 Monitor and apply automatic analysis to all behavior, all the time. Integrate prevention, detection, investigation and remediation tools to allow for simultaneous operations. Automated detection, identification and classification of key assets and their alerts to minimize both dwell time and investigation resources.
Notas del editor
- Fidelis Collector Presentation – Public Information.
- We covered the theory last time, this time we’re talking practical application
- Were any of these the result of insider threat? Yes – Equifax (Negligent) and Marriott (They acquired the breach - Negligent) Edward Snowden. Air gap – data was physically moved from one medium to another - mention the length of the breach Marriott – The attackers remained in the system after Marriott acquired Stargroup. Source: https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html
- https://attack.mitre.org/techniques/T1041/
- Baselining can be any number of things. Not just how much data, or where the data is coming from. Other things like 'people logging into their work stations at odd hours of the day'. If you log in between 9am and 5pm. Now, all of a sudden, that same user is logging in at 1am - there is a problem. In Network, we can apply an analytic rule - incoming connection on this port. The analytic rule can be applied to certain hours to catch anomalies. This will help you build a baseline between what's normal and what's note. Really it's about being able to identify the difference. What's normal & what's not. These are automated rules that can be set up, and there are also Data Science as a Service that we can apply to the baseline. Fidelis Offers Data Science as a Service - which helps customers create models to help establish baselines. Machine Learning plus targeted Human Learning & model creation is the utmost comprehensive way to establish baselines & anomalous behavior.
- The ways in which Fidelis could sold this issue…
- Generally, current solutions attempt to identify divergence from what is considered “normal” behavior for a given employee. When the software spots an anomaly, a small team investigates. While this method can be helpful, it usually falls short, for four reasons: By the time negative behaviors are detected, the breach has often already occurred. The organization is already at a disadvantage, and it cannot deploy an active defense. Monitoring for “divergence from normal behavior” creates a huge number of false positives, wasting much of the investigation team’s time. Serial bad actors may not be caught; malicious activity may be built into the baseline of “normal” activity. Collecting massive amounts of employee data creates privacy concerns and significant potential for abuse, and even gives off a high perception of privacy intrusion by end-users.
- We address these concerns in very innovative ways Monitor and apply automatic analysis to all behavior, all the time. Integrate prevention, detection, investigation and remediation tools to allow for simultaneous operations. Automated detection, identification and classification of key assets and their alerts to minimize both dwell time and investigation resources. A program to combat any form of insider threat has to focus on detection through the techniques we’ve discussed. Since those cannot be replaced, they had to be improved.