SlideShare a Scribd company logo

Anatomy of the Compromised Insider

Imperva
Imperva

This document discusses the threat of compromised insiders in organizations. It defines a compromised insider as a person who unintentionally helps third parties gain access to their device or credentials. The document notes that while less than 1% of employees may be malicious, 100% have the potential to become compromised through malware or other means. It examines how easily malware can be distributed and how difficult it is for antivirus software to detect new threats. The document recommends organizations focus on data security rather than just endpoint protection to prevent data loss from compromised insiders.

Technology
1 of 25
Download to read offline
© 2014 Imperva, Inc. All rights reserved. Anatomy of the Compromised Insider Confidential 1 Terry Ray, Chief Product Strategist, Imperva
© 2014 Imperva, Inc. All rights reserved. Agenda Confidential 2 Insider Threat vs. Compromised Insider Threat Compromised Insiders in the News How Compromised Insider Attacks Happen How to Protect Your Organization Conclusion Q&A
© 2014 Imperva, Inc. All rights reserved. Insider Threat Insider Threat Defined Confidential 3 Risk that the access rights of a trusted person will be used to view, take, or modify data or intellectual property. Possible causes: Accident Malicious intent Compromised device
© 2014 Imperva, Inc. All rights reserved. A person with no malicious motivation who becomes an unknowing accomplice of third parties who gain access to their device and/or user credentials. 4 Compromised Insider Defined Compromised Insider Confidential
© 2014 Imperva, Inc. All rights reserved. Putting Things in Perspective Confidential 5 “Less than 1% of your employees may be malicious insiders, but 100% of your employees have the potential to be compromised insiders.” Source: http://edocumentsciences.com/defend-against-compromised-insiders
© 2014 Imperva, Inc. All rights reserved. Malware: Compromised Insiders on the Rise 2012 Verizon Data Breach Report Malware is on the rise: •“69% of all data breaches incorporated Malware” -- a 20% increase over 2011 6 2014 simply shows continued growth for Malware/compromised insiders
© 2014 Imperva, Inc. All rights reserved. Recent Major Enterprise Events 7 Confidential * Sources: ZDNET 2014, InfoSecurity-Magazine 2014, CNN 2014, Security Legder.com
© 2014 Imperva, Inc. All rights reserved. Where Do They Attack? 8 Multimillion dollar datacenter End-user devices and the user Sometimes well protected Not well protected Both access the same data Confidential
© 2014 Imperva, Inc. All rights reserved. Shame Game 9 Mandiant releases research paper on APT1 Chinese Hacking Group. Hackers create an Infected APT1 report. Hackers send Spear Phishing emails to lure security officers into opening the file February 2013 – Research firm APT Report used as APT Infector Confidential
© 2014 Imperva, Inc. All rights reserved. Ease of Infection Example: Click Bait/Malvertizement – Malware Distribution 10 * Source: News-Sentinel, Venturebeat, thehackernews, addthis
© 2014 Imperva, Inc. All rights reserved. More Methods of Distribution 11 Phishing / Spear Phishing Drive-by-download Malvertizement BlackHat SEO Confidential
© 2014 Imperva, Inc. All rights reserved. Distribution – The Unbearable Ease of Targeting 12 Confidential
© 2014 Imperva, Inc. All rights reserved. Distribution – The Unbearable Ease of Targeting 13 Confidential
© 2014 Imperva, Inc. All rights reserved. 14 Industrialized Approach Specialized Frameworks and Hacking tools such as BlackHole 2.0 and others, allow easy setup for Host Hijacking and Phishing How easy is it ? For $700: 3 month license for BlackHole available online. Includes support! Confidential
© 2014 Imperva, Inc. All rights reserved. Persistent and Undetected 15 SAN FRANCISCO — For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees. Source: The New York Times http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate- new-york-times-computers.html?pagewanted=1&_r=1, Symantec Corp Out of the 45 different pieces of malware planted on the Times’ systems over the course of three months, just one of those programs was spotted by the Symantec antivirus software the Times used… Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough… We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough… Symantec Response: January 31, 2013 Remember this date Confidential
© 2014 Imperva, Inc. All rights reserved. Some APT Stats 16 Malware Type Total Number of Infections Operating Since (Estimated) Discovered Undetected Duration (Years) Stuxnet 2009 Sabotage ? June 2009 ~June 2010 1 Stuxnet 2010 Sabotage >300K March-April 2010 June 2010 0.16 Duqu Espionage ~50-60 April 2011 Oct 2011 0.5 Wiper Sabotage Tens April 2012 Flame Espionage ~5000-6000 Aug 2008 May 2012 ~4 Gauss Espionage ~2500 Aug – Sep 2011 June 2012 ~1 Narilam Sabotage ? 2010 Nov 2012 3 GrooveMonitor Sabotage ~10 Dec 2012 Red October Espionage ~200 May 2007 Jan 2013 5.5 Confidential
© 2014 Imperva, Inc. All rights reserved. Assessing Antivirus Solutions 17 Imperva found that less than 5% of anti-virus solutions in the study were able to initially detect previously non-cataloged viruses For certain vendors, it may take up to four weeks to detect a new virus from the time of the initial scan Note the Date Confidential
© 2014 Imperva, Inc. All rights reserved. Number of Weeks Required to Identify Infected File Not identified in First Run 0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 Kaspersky Trend-Micro Symantec Avast McAfee 18 Confidential
© 2014 Imperva, Inc. All rights reserved. Bottom Line: Security Threats Have Evolved Confidential 19 Sources: Gartner, Imperva analysis  Script Kiddies  “Digital Graffiti” artists  Backdoors in open source Code Red Nimda Klez Anna Kournikova  Cyber-espionage  Organized criminals  Industrialized hackers APT Mobile phone attacks Targeted malware attacks 200+ million identities stolen Security Spend Anti-virus Firewall/VPN Content Filtering IDS/IPS Security Spend Anti-virus Firewall/VPN Secure Email/Web IPS 2001 2014 …Security spending hasn’t
© 2014 Imperva, Inc. All rights reserved. What the Experts are Saying “Flame was a failure for the antivirus industry. We really should have been able to do better. But we didn’t. We were out of our league, in our own game.” Source: http://www.wired.com/threatlevel/2012/06/internet-security-fail/ 20 Confidential
© 2014 Imperva, Inc. All rights reserved. Protect and Monitor the Cheese 21 Problem: Most organizations chase the mice and don’t focus enough on protecting the cheese Much of security budgets spent on: • NG-FW, IPS/IDS • Virus prevention Front-line/end-user defenses must be 100% accurate, since if only 1 mouse gets past them the cheese is gone Confidential
© 2014 Imperva, Inc. All rights reserved. Common Abnormal Activity to Review 22 Check the entry method Legitimate individuals should, typically, access data through a main door (web app, known client, etc) Monitor the activity of the individuals Malware typically causes unusual behavior and access patterns. Monitor the activity of privileged users Data controls should track the activity of the privileged users and monitor what are these privileged users accessing and how they access it.
© 2014 Imperva, Inc. All rights reserved. Joint Imperva-FireEye Solution Confidential 23 FireEye Malware Protection System identifies compromised assets Imperva SecureSphere dynamically responds to FireEye’s threat intelligence to prevent critical data compromise and loss SecureSphere for SharePoint File Activity Monitoring Management Server (MX) Database Activity Monitoring INTERNET Imperva Agent Imperva Agent Network Monitoring Network Monitoring Native Audit Internal Users Web Application Firewall
© 2014 Imperva, Inc. All rights reserved. Understand Data & What Users Do With It Confidential 24 Discover and Classify Sensitive Information Build Security Policies Review and rationalize access rights Audit, Analyze, and Alert on Access Activity Look for unusual behavior Identify and Remediate Compromised Devices
© 2014 Imperva, Inc. All rights reserved. Thank You 25

Recommended

The Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatImperva
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringImperva
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsImperva
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
A Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalA Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalImperva
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusImperva
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksImperva
 

Recommended

The Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatImperva
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringImperva
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsImperva
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
A Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalA Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalImperva
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusImperva
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksImperva
 
Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud AttacksImperva
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva
 
Web Application Attack Report (Edition #1 - July 2011)
Web Application Attack Report (Edition #1 - July 2011)Web Application Attack Report (Edition #1 - July 2011)
Web Application Attack Report (Edition #1 - July 2011)Imperva
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Informationjenkoon
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricRahul Neel Mani
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudImperva
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and OrchestrationGreg Foss
 
Extend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentExtend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentImperva
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Kyle Lai
 
Activated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataActivated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataGreg Foss
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesImperva
 

More Related Content

What's hot

Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud AttacksImperva
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva
 
Web Application Attack Report (Edition #1 - July 2011)
Web Application Attack Report (Edition #1 - July 2011)Web Application Attack Report (Edition #1 - July 2011)
Web Application Attack Report (Edition #1 - July 2011)Imperva
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Informationjenkoon
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricRahul Neel Mani
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudImperva
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and OrchestrationGreg Foss
 
Extend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentExtend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentImperva
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Kyle Lai
 
Activated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataActivated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataGreg Foss
 

What's hot (20)

Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud Attacks
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and Espionage
 
Web Application Attack Report (Edition #1 - July 2011)
Web Application Attack Report (Edition #1 - July 2011)Web Application Attack Report (Edition #1 - July 2011)
Web Application Attack Report (Edition #1 - July 2011)
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Information
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security Fabric
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public Cloud
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and Orchestration
 
Extend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentExtend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS Environment
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016
 
Activated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint DataActivated Charcoal - Making Sense of Endpoint Data
Activated Charcoal - Making Sense of Endpoint Data
 

Viewers also liked

Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesImperva
 
The Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceThe Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceImperva
 
Is Your Business Safe From Malware And Targeted Attacks
Is Your Business Safe From Malware And Targeted AttacksIs Your Business Safe From Malware And Targeted Attacks
Is Your Business Safe From Malware And Targeted AttacksImperva
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Imperva
 
Web Application Attack Report, Edition #4
Web Application Attack Report, Edition #4Web Application Attack Report, Edition #4
Web Application Attack Report, Edition #4Imperva
 
Top Security Trends for 2014
Top Security Trends for 2014Top Security Trends for 2014
Top Security Trends for 2014Imperva
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.Imperva
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security RisksImperva
 
Automation of Web Application Attacks
Automation of Web Application AttacksAutomation of Web Application Attacks
Automation of Web Application AttacksImperva
 
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackImperva
 
Preparing for the Imminent Terabit DDoS Attack
Preparing for the Imminent Terabit DDoS AttackPreparing for the Imminent Terabit DDoS Attack
Preparing for the Imminent Terabit DDoS AttackImperva
 
Web Applications Under Attack: Why Network Security Solutions Leave You Exposed
Web Applications Under Attack: Why Network Security Solutions Leave You ExposedWeb Applications Under Attack: Why Network Security Solutions Leave You Exposed
Web Applications Under Attack: Why Network Security Solutions Leave You ExposedImperva
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarImperva
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 

Viewers also liked (16)

Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! Hack
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
 
The Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceThe Value of Shared Threat Intelligence
The Value of Shared Threat Intelligence
 
Is Your Business Safe From Malware And Targeted Attacks
Is Your Business Safe From Malware And Targeted AttacksIs Your Business Safe From Malware And Targeted Attacks
Is Your Business Safe From Malware And Targeted Attacks
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365
 
Web Application Attack Report, Edition #4
Web Application Attack Report, Edition #4Web Application Attack Report, Edition #4
Web Application Attack Report, Edition #4
 
Top Security Trends for 2014
Top Security Trends for 2014Top Security Trends for 2014
Top Security Trends for 2014
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks
 
Automation of Web Application Attacks
Automation of Web Application AttacksAutomation of Web Application Attacks
Automation of Web Application Attacks
 
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
 
Preparing for the Imminent Terabit DDoS Attack
Preparing for the Imminent Terabit DDoS AttackPreparing for the Imminent Terabit DDoS Attack
Preparing for the Imminent Terabit DDoS Attack
 
Web Applications Under Attack: Why Network Security Solutions Leave You Exposed
Web Applications Under Attack: Why Network Security Solutions Leave You ExposedWeb Applications Under Attack: Why Network Security Solutions Leave You Exposed
Web Applications Under Attack: Why Network Security Solutions Leave You Exposed
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall Webinar
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 

Similar to Anatomy of the Compromised Insider

REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSREAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSForgeRock
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Imperva - Hacking encounters of the 3rd kind
Imperva - Hacking encounters of the 3rd kindImperva - Hacking encounters of the 3rd kind
Imperva - Hacking encounters of the 3rd kindBarry Shteiman
 
Av is dead long live managed endpoint security
Av is dead long live managed endpoint securityAv is dead long live managed endpoint security
Av is dead long live managed endpoint securitySolarwinds N-able
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015Andreanne Clarke
 
Hacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd KindHacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd KindImperva
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]AngelGomezRomero
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataAccellis Technology Group
 
Ola Wittenby - Hotlandskapet på Internet
Ola Wittenby - Hotlandskapet på Internet Ola Wittenby - Hotlandskapet på Internet
Ola Wittenby - Hotlandskapet på Internet IBM Sverige
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not MarketingArrowECS_CZ
 
Everything to Understand About Cyberattacks Around Supply Chain Industry in 2023
Everything to Understand About Cyberattacks Around Supply Chain Industry in 2023Everything to Understand About Cyberattacks Around Supply Chain Industry in 2023
Everything to Understand About Cyberattacks Around Supply Chain Industry in 2023MobibizIndia1
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14IBM Sverige
 

Similar to Anatomy of the Compromised Insider (20)

REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSREAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Imperva - Hacking encounters of the 3rd kind
Imperva - Hacking encounters of the 3rd kindImperva - Hacking encounters of the 3rd kind
Imperva - Hacking encounters of the 3rd kind
 
Av is dead long live managed endpoint security
Av is dead long live managed endpoint securityAv is dead long live managed endpoint security
Av is dead long live managed endpoint security
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015
 
Hacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd KindHacking Encounters of the 3rd Kind
Hacking Encounters of the 3rd Kind
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
Application security
Application securityApplication security
Application security
 
Targeted attacks
Targeted attacksTargeted attacks
Targeted attacks
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
Ola Wittenby - Hotlandskapet på Internet
Ola Wittenby - Hotlandskapet på Internet Ola Wittenby - Hotlandskapet på Internet
Ola Wittenby - Hotlandskapet på Internet
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
 
Everything to Understand About Cyberattacks Around Supply Chain Industry in 2023
Everything to Understand About Cyberattacks Around Supply Chain Industry in 2023Everything to Understand About Cyberattacks Around Supply Chain Industry in 2023
Everything to Understand About Cyberattacks Around Supply Chain Industry in 2023
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security Seminar
 
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14
 

More from Imperva

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRImperva
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged VendorsImperva
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet SophisticationImperva
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made EasyImperva
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceImperva
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyImperva
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR PlanImperva
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataImperva
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityImperva
 

More from Imperva (18)

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
 

Recently uploaded

unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 

Anatomy of the Compromised Insider

  • 1. © 2014 Imperva, Inc. All rights reserved. Anatomy of the Compromised Insider Confidential 1 Terry Ray, Chief Product Strategist, Imperva
  • 2. © 2014 Imperva, Inc. All rights reserved. Agenda Confidential 2 Insider Threat vs. Compromised Insider Threat Compromised Insiders in the News How Compromised Insider Attacks Happen How to Protect Your Organization Conclusion Q&A
  • 3. © 2014 Imperva, Inc. All rights reserved. Insider Threat Insider Threat Defined Confidential 3 Risk that the access rights of a trusted person will be used to view, take, or modify data or intellectual property. Possible causes: Accident Malicious intent Compromised device
  • 4. © 2014 Imperva, Inc. All rights reserved. A person with no malicious motivation who becomes an unknowing accomplice of third parties who gain access to their device and/or user credentials. 4 Compromised Insider Defined Compromised Insider Confidential
  • 5. © 2014 Imperva, Inc. All rights reserved. Putting Things in Perspective Confidential 5 “Less than 1% of your employees may be malicious insiders, but 100% of your employees have the potential to be compromised insiders.” Source: http://edocumentsciences.com/defend-against-compromised-insiders
  • 6. © 2014 Imperva, Inc. All rights reserved. Malware: Compromised Insiders on the Rise 2012 Verizon Data Breach Report Malware is on the rise: •“69% of all data breaches incorporated Malware” -- a 20% increase over 2011 6 2014 simply shows continued growth for Malware/compromised insiders
  • 7. © 2014 Imperva, Inc. All rights reserved. Recent Major Enterprise Events 7 Confidential * Sources: ZDNET 2014, InfoSecurity-Magazine 2014, CNN 2014, Security Legder.com
  • 8. © 2014 Imperva, Inc. All rights reserved. Where Do They Attack? 8 Multimillion dollar datacenter End-user devices and the user Sometimes well protected Not well protected Both access the same data Confidential
  • 9. © 2014 Imperva, Inc. All rights reserved. Shame Game 9 Mandiant releases research paper on APT1 Chinese Hacking Group. Hackers create an Infected APT1 report. Hackers send Spear Phishing emails to lure security officers into opening the file February 2013 – Research firm APT Report used as APT Infector Confidential
  • 10. © 2014 Imperva, Inc. All rights reserved. Ease of Infection Example: Click Bait/Malvertizement – Malware Distribution 10 * Source: News-Sentinel, Venturebeat, thehackernews, addthis
  • 11. © 2014 Imperva, Inc. All rights reserved. More Methods of Distribution 11 Phishing / Spear Phishing Drive-by-download Malvertizement BlackHat SEO Confidential
  • 12. © 2014 Imperva, Inc. All rights reserved. Distribution – The Unbearable Ease of Targeting 12 Confidential
  • 13. © 2014 Imperva, Inc. All rights reserved. Distribution – The Unbearable Ease of Targeting 13 Confidential
  • 14. © 2014 Imperva, Inc. All rights reserved. 14 Industrialized Approach Specialized Frameworks and Hacking tools such as BlackHole 2.0 and others, allow easy setup for Host Hijacking and Phishing How easy is it ? For $700: 3 month license for BlackHole available online. Includes support! Confidential
  • 15. © 2014 Imperva, Inc. All rights reserved. Persistent and Undetected 15 SAN FRANCISCO — For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees. Source: The New York Times http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate- new-york-times-computers.html?pagewanted=1&_r=1, Symantec Corp Out of the 45 different pieces of malware planted on the Times’ systems over the course of three months, just one of those programs was spotted by the Symantec antivirus software the Times used… Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough… We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough… Symantec Response: January 31, 2013 Remember this date Confidential
  • 16. © 2014 Imperva, Inc. All rights reserved. Some APT Stats 16 Malware Type Total Number of Infections Operating Since (Estimated) Discovered Undetected Duration (Years) Stuxnet 2009 Sabotage ? June 2009 ~June 2010 1 Stuxnet 2010 Sabotage >300K March-April 2010 June 2010 0.16 Duqu Espionage ~50-60 April 2011 Oct 2011 0.5 Wiper Sabotage Tens April 2012 Flame Espionage ~5000-6000 Aug 2008 May 2012 ~4 Gauss Espionage ~2500 Aug – Sep 2011 June 2012 ~1 Narilam Sabotage ? 2010 Nov 2012 3 GrooveMonitor Sabotage ~10 Dec 2012 Red October Espionage ~200 May 2007 Jan 2013 5.5 Confidential
  • 17. © 2014 Imperva, Inc. All rights reserved. Assessing Antivirus Solutions 17 Imperva found that less than 5% of anti-virus solutions in the study were able to initially detect previously non-cataloged viruses For certain vendors, it may take up to four weeks to detect a new virus from the time of the initial scan Note the Date Confidential
  • 18. © 2014 Imperva, Inc. All rights reserved. Number of Weeks Required to Identify Infected File Not identified in First Run 0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 Kaspersky Trend-Micro Symantec Avast McAfee 18 Confidential
  • 19. © 2014 Imperva, Inc. All rights reserved. Bottom Line: Security Threats Have Evolved Confidential 19 Sources: Gartner, Imperva analysis  Script Kiddies  “Digital Graffiti” artists  Backdoors in open source Code Red Nimda Klez Anna Kournikova  Cyber-espionage  Organized criminals  Industrialized hackers APT Mobile phone attacks Targeted malware attacks 200+ million identities stolen Security Spend Anti-virus Firewall/VPN Content Filtering IDS/IPS Security Spend Anti-virus Firewall/VPN Secure Email/Web IPS 2001 2014 …Security spending hasn’t
  • 20. © 2014 Imperva, Inc. All rights reserved. What the Experts are Saying “Flame was a failure for the antivirus industry. We really should have been able to do better. But we didn’t. We were out of our league, in our own game.” Source: http://www.wired.com/threatlevel/2012/06/internet-security-fail/ 20 Confidential
  • 21. © 2014 Imperva, Inc. All rights reserved. Protect and Monitor the Cheese 21 Problem: Most organizations chase the mice and don’t focus enough on protecting the cheese Much of security budgets spent on: • NG-FW, IPS/IDS • Virus prevention Front-line/end-user defenses must be 100% accurate, since if only 1 mouse gets past them the cheese is gone Confidential
  • 22. © 2014 Imperva, Inc. All rights reserved. Common Abnormal Activity to Review 22 Check the entry method Legitimate individuals should, typically, access data through a main door (web app, known client, etc) Monitor the activity of the individuals Malware typically causes unusual behavior and access patterns. Monitor the activity of privileged users Data controls should track the activity of the privileged users and monitor what are these privileged users accessing and how they access it.
  • 23. © 2014 Imperva, Inc. All rights reserved. Joint Imperva-FireEye Solution Confidential 23 FireEye Malware Protection System identifies compromised assets Imperva SecureSphere dynamically responds to FireEye’s threat intelligence to prevent critical data compromise and loss SecureSphere for SharePoint File Activity Monitoring Management Server (MX) Database Activity Monitoring INTERNET Imperva Agent Imperva Agent Network Monitoring Network Monitoring Native Audit Internal Users Web Application Firewall
  • 24. © 2014 Imperva, Inc. All rights reserved. Understand Data & What Users Do With It Confidential 24 Discover and Classify Sensitive Information Build Security Policies Review and rationalize access rights Audit, Analyze, and Alert on Access Activity Look for unusual behavior Identify and Remediate Compromised Devices
  • 25. © 2014 Imperva, Inc. All rights reserved. Thank You 25