Insider threats come in a variety of forms and may be malicious or simply the result of negligence. Insider attacks can cause more damage than outsider threats, so it is important that organizations understand how to protect against and remedy insider threats. Learn more about insider threats and GTRI's Insider Threat Security Solution in this presentation. (Source: GTRI)
This presentation includes information about Cisco Stealthwatch, which goes beyond conventional threat detection and harnesses the power of NetFlow. With it, you get advanced network visibility, analytics, and protection. You see everything happening across your network and data center. And you can uncover attacks that bypass the perimeter and infiltrate your internal environment. (Source: Cisco)
18. Cisco Security – Simple will get you
breached but complex will get you beat!
AnyConnect
Threatgrid
ISE
AMP
Talos TrustSec
Firepower ASA
ESA
WSACisco StealthWatch
OpenDNS
37. StealthWatch Enables Network Visibility
EVERYTHING must
touch the network
KNOW
every host
Know what is
NORMAL
What else can the
network tell me?
RECORD
every conversation
Gain Context-Aware Security
Company
Network
Assess
Audit
Posture
Response
Context
Detect
Alert to
CHANGE
Store for
MONTHS
Insider threats come in a variety of types but can best be defined at the highest level as:
A current or former employee or contractor who exploits or exceeds his or her authorized level of network, system or data access in a manner that affects the security of the organizations data, systems or daily operations
Not all of these threats are due to a maliciously intended insider, in fact the majority start as simple negligence whereby an otherwise non-threatening individual behaves in a manner not reflective of best practice and as a result opens the door for a malicious third party.
The result is a damaging attack facilitated by the often simple act of negligence.
Critical capabilities in combating network level threats
Determine whether a device or set of devices is being accessed or utilized in a manner indicating that the host is communicating in non-standard ways across different end points both within and outside of the network
Detect slow and stealthy threats that may leverage user devices
Identify network activity suggestive of data exfiltration
Can your organization make use of your infrastructure as a sensor for threats and then guard against them?
MonitorLancope's StealthWatch System leverages existing resources to deliver pervasive network visibility and continuously monitor for advanced threats. In-depth security context creates a complete picture of network activity.
DetectThe StealthWatch System transforms network data into actionable security intelligence for faster threat detection. Identify suspicious behaviors that could signify APTs, insider threats, DDoS attempts or malware.
Analyze
The StealthWatch System provides advanced forensic tools to help you understand the who, what, when, where, why and how of security breaches for improved incident response.
Respond
Continuously collect, analyze and store large amounts of valuable network data to effectively respond to threats before, during and after a security incident.
While it is easy to rationalize that insider threats won’t happen to your organization it has become clear that this breed of threat is pervasive. Not limited to the obvious targets of government, financial and healthcare every organization type and size has a need to address this.
As an example, real estate has a reported rate of 37% of attacks being insider in type.
Losses of $2.9 trillion annually in employee fraud are reported globally and the US alone suffered $40 billion in losses during the most recently reported year.
Dedicating resources to addressing this potential exposure should be a concern at the highest level in your organization.
Screening employees and contractors and maintaining strong perimeter security is not enough to guard against insider threats.
Partnering with a trusted service provider that can work with you to identify your needs and work through the implementation of the best suited solutions for your organization is the most effective approach to avoiding the pitfalls of this class of threat.