SlideShare a Scribd company logo

Les Assises 2015 - Why people are the most important aspect of IT security?

BalaBit
BalaBit

Balázs Scheidler, co-founder and CTO of BalaBit holds a presentation about the importance of privileged users in IT security. He introduces BalaBit's approach to people-centric security - people centric security is a strategic approach to information security that emphasizes individual accountability and trust. It de-emphasizes restrictive, preventive security controls, while the monitoring of user activities is a fundamental element of people centric security. Mr. Scheidler showcases how cooperates Blindspotter, BalaBit's UBA solution with its Privileged Activity Monitoring tool, Shell Control Box, and how does they provide an effective defense against Advanced Persistent Threats. A live demo of how an APT attack would be prevented will be also part of the presentation.

Education
1 of 33
Download to read offline
Balázs Scheidler, Founder & CTO
Agenda Concept of CSI Platform A case study of CSI Platform About BalaBit Product demo
Agenda Concept of CSI Platform A case study of CSI Platform About BalaBit Product demo
 15 years in network security  Global leader in  privileged user monitoring and  log management  +30% annual growth in the last 5 years  1 million installations worldwide  23 of the „Fortune100 List” members among clients  Headcount: 200+  60% developers and system engineers  Global partner network  100+ partners in 40+ countries About BalaBit
TELCO / IT FINANCE OTHER INDUSTRIES References
Agenda Concept of CSI Platform A case study of CSI Platform About BalaBit Product demo
Security Lifecycle • Based on static, known threats • Build layers of access controls, policies and walls • Use predefined patterns and rules to prevent access • Respond to breaches with bigger walls and more controls Define Prevent Detect Respond Access Controls & policies
Breaches continue… Retail giant Target confirmed that credit and debit card information for 40 million of its customers had been compromised. ” – New York Times The CEO and CIO left the company Sony Pictures Entertainment has been targeted by computer hackers in an attack which reports say forced it shut down its systems… – BBC Costs estimated at $15-35m and growing Office on Personnel Management government data breach impacted 21.5 million people – CNN Director resigned Advanced Persistent Threats and malware depend on privileged account hijacking
Cost and time to detect, resolve 90% Of breaches went undetected for over 3 months 80% Of breaches were Unresolved after 3 months 2,5 3,14 3,02 9,43 Costs (> $18 mm) Technical support Lost productivity Revenue and disruption Brand and reputation Source: IBM/Ponemon Institute ‟The cost of data breaches has increased by 96 percent; the number of successful attacks has increased by 144 percent in the last four years.” Source: HP State of security operations, 2015 report of capabilities and maturity of cyber defense organizations
Add security in Context • Baseline business as usual • Gather intelligence on unusual user activities in real-time • Prioritize investigations based on deviation from the norm, and risk • Get forensic-level visibility into activities • Respond immediately Monitor Users Understand the norm Identify risks Investigate and prevent
Agenda Concept of CSI Platform A case study of CSI Platform About BalaBit Product demo
Background • Large European Enterprise • Global operations • Strict compliance regulations – Under financial regulations – US, Germany & Hong Kong • No technology they didn’t have – Mainframes, AS400, UNIX, Windows, Linux, …
IT operations • External suppliers help in IT operations – Chunks of the infrastructure is outsourced completely – Other service providers have more specific scope • Control: – Traditional security gear (firewall, IPS, DLP, VPN, SIEM) – SLA – ITIL style change management
Remote access • Suppliers access the infrastructure remotely – Jumphost • Basically unrestricted access to data centers – VPN & VDI • Desktops are constrained by default • Broad access privileges also exist
Credentials • Remote access credentials are assigned to suppliers, not individuals • Credentials to internal systems are the responsibility of the suppliers • No insight into supplier credential management • No vetting of supplier personnel
Internal separation • Internal separation of systems is weak • Workstations are restricted, but there are no firewalls between servers/applications • Unrestricted IP-level access is just a hop away
The project Goals • Establish direct controls over suppliers • Visibility into daily operations • Restrict access privileges, „need-to- know” • Enforce change management
Project scope • ~30-35k remote sessions per day – 85% SSH – 9% RDP – 6% telnet (tn3270, tn5250)
The zero line • Traditional security gear does not give enough context – Firewall, IPS, VPN, DLP, SIEM • Reasons 1. They already have the privilege to pass 2. Logs are not providing the necessary level of detail 3. Complex sequence of actions cannot be reconstructed
First step • Session recording was introduced
SCB: Immediate Benefits • Transparent setup: – All supplier sessions forced through – Without changing workflows, clients/servers (no agent) • Forensic investigations • Centralizing vendor authentication, credential management
4-eyes control 15 Authorizer Auditor Real-Time follow
Enterprise integration
>1234 5678 9123 4567 >scp financial.db Command detection Screen-content detection >cat cred Window-title detection 17 Never reaches other side Real-time prevention
Review of the audit trails • Due to the internal and external regulations, audit trails need to be reviewed – Some in real-time using 4eyes – Others later
How to review? • Which part of the audit trails are the most interesting? • How to choose which vendors should be reviewed? • Which solution is significantly better than random sampling?
Second step: adding Behavior Analytics
”Behavior is the internally coordinated responses of whole living organisms to internal and/or external stimuli” Daniel A. Levitis, PhD in Integrative Biology What is behavior?
What could be the elements of digital behavior? • Typical time of logging in • Typing speed • Screen resolution • Range of accessed servers and applications • Activities performed: commands, screen content User Behavior in practice
The solution: Blindspotter User Behavior Analytics shows: • Who are the most risky users? • What are the biggest anomalies? • Which activities are the most critical?
Agenda Concept of the CSI Platform CSI Platform in real life About BalaBit Product demo
System Logs Application Logs Activity Monitoring Threat Management Cockpit API User Directory Video Replay Risk Land- scape Search Report User Behavior Analytics
Thank you!

Recommended

DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & LoggingDSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & LoggingAndris Soroka
 
PowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersPowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersHelpSystems
 
Best practises for log management
Best practises for log managementBest practises for log management
Best practises for log managementBrian Honan
 
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinEnterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinAnton Chuvakin
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
 
Balabit - Shell Control Box
Balabit - Shell Control BoxBalabit - Shell Control Box
Balabit - Shell Control BoxSophos Benelux
 
Choosing Your Log Management Approach: Buy, Build or Outsource
Choosing Your Log Management Approach: Buy, Build or OutsourceChoosing Your Log Management Approach: Buy, Build or Outsource
Choosing Your Log Management Approach: Buy, Build or OutsourceAnton Chuvakin
 
BAM CEP / Business Activity Monitoring , Complex Event Processingomplex
BAM CEP / Business Activity Monitoring , Complex Event Processingomplex BAM CEP / Business Activity Monitoring , Complex Event Processingomplex
BAM CEP / Business Activity Monitoring , Complex Event Processingomplex Liviu Claudiu Cismaru
 

Recommended

DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & LoggingDSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & LoggingAndris Soroka
 
PowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersPowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersHelpSystems
 
Best practises for log management
Best practises for log managementBest practises for log management
Best practises for log managementBrian Honan
 
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinEnterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinAnton Chuvakin
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
 
Balabit - Shell Control Box
Balabit - Shell Control BoxBalabit - Shell Control Box
Balabit - Shell Control BoxSophos Benelux
 
Choosing Your Log Management Approach: Buy, Build or Outsource
Choosing Your Log Management Approach: Buy, Build or OutsourceChoosing Your Log Management Approach: Buy, Build or Outsource
Choosing Your Log Management Approach: Buy, Build or OutsourceAnton Chuvakin
 
BAM CEP / Business Activity Monitoring , Complex Event Processingomplex
BAM CEP / Business Activity Monitoring , Complex Event Processingomplex BAM CEP / Business Activity Monitoring , Complex Event Processingomplex
BAM CEP / Business Activity Monitoring , Complex Event Processingomplex Liviu Claudiu Cismaru
 
EXTENT-2016: Technology Trends in Capital Markets
EXTENT-2016: Technology Trends in Capital MarketsEXTENT-2016: Technology Trends in Capital Markets
EXTENT-2016: Technology Trends in Capital MarketsIosif Itkin
 
Nagios Conference 2011 - Anders Haal - Business Activity Monitoring With The ...
Nagios Conference 2011 - Anders Haal - Business Activity Monitoring With The ...Nagios Conference 2011 - Anders Haal - Business Activity Monitoring With The ...
Nagios Conference 2011 - Anders Haal - Business Activity Monitoring With The ...Nagios
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewisc2-hellenic
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation hkodali
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2Kimberly Simon MBA
 
PCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWidePCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWideInternet Security Auditors
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSSKimberly Simon MBA
 
Intacct Security and Operations
Intacct Security and OperationsIntacct Security and Operations
Intacct Security and OperationsDean Dorton Software Team
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECKimberly Simon MBA
 
Essential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityEssential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityPrecisely
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationCSNP
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSSKimberly Simon MBA
 
Introduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationIntroduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationControlCase
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualKimberly Simon MBA
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Unanet
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM IntegrationPrecisely
 
Essential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingEssential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingPrecisely
 
Experience for implement PCI DSS
Experience for implement PCI DSS Experience for implement PCI DSS
Experience for implement PCI DSS Nhat Phan Canh
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Digital Bond
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessJoAnna Cheshire
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 

More Related Content

What's hot

EXTENT-2016: Technology Trends in Capital Markets
EXTENT-2016: Technology Trends in Capital MarketsEXTENT-2016: Technology Trends in Capital Markets
EXTENT-2016: Technology Trends in Capital MarketsIosif Itkin
 
Nagios Conference 2011 - Anders Haal - Business Activity Monitoring With The ...
Nagios Conference 2011 - Anders Haal - Business Activity Monitoring With The ...Nagios Conference 2011 - Anders Haal - Business Activity Monitoring With The ...
Nagios Conference 2011 - Anders Haal - Business Activity Monitoring With The ...Nagios
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewisc2-hellenic
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation hkodali
 
PCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWidePCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWideInternet Security Auditors
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECKimberly Simon MBA
 
Essential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityEssential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityPrecisely
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationCSNP
 
Introduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationIntroduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationControlCase
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualKimberly Simon MBA
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Unanet
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM IntegrationPrecisely
 
Essential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingEssential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingPrecisely
 
Experience for implement PCI DSS
Experience for implement PCI DSS Experience for implement PCI DSS
Experience for implement PCI DSS Nhat Phan Canh
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Digital Bond
 

What's hot (20)

EXTENT-2016: Technology Trends in Capital Markets
EXTENT-2016: Technology Trends in Capital MarketsEXTENT-2016: Technology Trends in Capital Markets
EXTENT-2016: Technology Trends in Capital Markets
 
Nagios Conference 2011 - Anders Haal - Business Activity Monitoring With The ...
Nagios Conference 2011 - Anders Haal - Business Activity Monitoring With The ...Nagios Conference 2011 - Anders Haal - Business Activity Monitoring With The ...
Nagios Conference 2011 - Anders Haal - Business Activity Monitoring With The ...
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and review
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation
 
PCI DSS 3.2
PCI DSS 3.2PCI DSS 3.2
PCI DSS 3.2
 
PCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWidePCI DSS: Update on the evolution of the standard. MasterCard WorldWide
PCI DSS: Update on the evolution of the standard. MasterCard WorldWide
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSS
 
Intacct Security and Operations
Intacct Security and OperationsIntacct Security and Operations
Intacct Security and Operations
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
Essential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityEssential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field Security
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
 
Introduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationIntroduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) Certification
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS Communications
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM Integration
 
Essential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingEssential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and Auditing
 
Experience for implement PCI DSS
Experience for implement PCI DSS Experience for implement PCI DSS
Experience for implement PCI DSS
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
 

Similar to Les Assises 2015 - Why people are the most important aspect of IT security?

Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessJoAnna Cheshire
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
Cybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best PracticesCybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best PracticesJohn Gilligan
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessPrecisely
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the CloudCloudPassage
 
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...Jon Papp
 
7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations7 Habits of Highly Secure Organizations
7 Habits of Highly Secure OrganizationsHelpSystems
 
Intelligent Maintenance: Mapping the #IIoT Process
Intelligent Maintenance: Mapping the #IIoT ProcessIntelligent Maintenance: Mapping the #IIoT Process
Intelligent Maintenance: Mapping the #IIoT ProcessDan Yarmoluk
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems Jeffrey Paulette
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
Brainwave GRC - Continuous Audit and Controls at ISACA event
Brainwave GRC - Continuous Audit and Controls at ISACA eventBrainwave GRC - Continuous Audit and Controls at ISACA event
Brainwave GRC - Continuous Audit and Controls at ISACA eventBrainwave GRC
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Myths of validation
Myths of validationMyths of validation
Myths of validationJeff Thomas
 
Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?ITU
 
Leveraging Federal Procurement to Improve Cyber Security
Leveraging Federal Procurement to Improve Cyber SecurityLeveraging Federal Procurement to Improve Cyber Security
Leveraging Federal Procurement to Improve Cyber SecurityJohn Gilligan
 
5 Clear Signs You Need Security Policy Automation
5 Clear Signs You Need Security Policy Automation5 Clear Signs You Need Security Policy Automation
5 Clear Signs You Need Security Policy AutomationTufin
 

Similar to Les Assises 2015 - Why people are the most important aspect of IT security? (20)

Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
Cybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best PracticesCybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best Practices
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i Access
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
 
7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations
 
Intelligent Maintenance: Mapping the #IIoT Process
Intelligent Maintenance: Mapping the #IIoT ProcessIntelligent Maintenance: Mapping the #IIoT Process
Intelligent Maintenance: Mapping the #IIoT Process
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case Study
 
Brainwave GRC - Continuous Audit and Controls at ISACA event
Brainwave GRC - Continuous Audit and Controls at ISACA eventBrainwave GRC - Continuous Audit and Controls at ISACA event
Brainwave GRC - Continuous Audit and Controls at ISACA event
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
Myths of validation
Myths of validationMyths of validation
Myths of validation
 
Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?
 
Leveraging Federal Procurement to Improve Cyber Security
Leveraging Federal Procurement to Improve Cyber SecurityLeveraging Federal Procurement to Improve Cyber Security
Leveraging Federal Procurement to Improve Cyber Security
 
5 Clear Signs You Need Security Policy Automation
5 Clear Signs You Need Security Policy Automation5 Clear Signs You Need Security Policy Automation
5 Clear Signs You Need Security Policy Automation
 
Tyler Technology Expo
Tyler Technology ExpoTyler Technology Expo
Tyler Technology Expo
 
B3948
B3948B3948
B3948
 

More from BalaBit

SCaLE 2016 - syslog-ng: From Raw Data to Big Data
SCaLE 2016 - syslog-ng: From Raw Data to Big DataSCaLE 2016 - syslog-ng: From Raw Data to Big Data
SCaLE 2016 - syslog-ng: From Raw Data to Big DataBalaBit
 
NIAS 2015 - The value add of open source for innovation
NIAS 2015 - The value add of open source for innovationNIAS 2015 - The value add of open source for innovation
NIAS 2015 - The value add of open source for innovationBalaBit
 
2015. Libre Software Meeting - syslog-ng: from log collection to processing a...
2015. Libre Software Meeting - syslog-ng: from log collection to processing a...2015. Libre Software Meeting - syslog-ng: from log collection to processing a...
2015. Libre Software Meeting - syslog-ng: from log collection to processing a...BalaBit
 
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...LOADays 2015 - syslog-ng - from log collection to processing and infomation e...
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...BalaBit
 
Big Data Science - hype?
Big Data Science - hype?Big Data Science - hype?
Big Data Science - hype?BalaBit
 
DevAssistant, Docker and You
DevAssistant, Docker and YouDevAssistant, Docker and You
DevAssistant, Docker and YouBalaBit
 
Linux Kernel – Hogyan csapjunk bele?
Linux Kernel – Hogyan csapjunk bele?Linux Kernel – Hogyan csapjunk bele?
Linux Kernel – Hogyan csapjunk bele?BalaBit
 
Swift -Helyzetjelentés az iOS programozás új nyelvéről
Swift -Helyzetjelentés az iOS programozás új nyelvérőlSwift -Helyzetjelentés az iOS programozás új nyelvéről
Swift -Helyzetjelentés az iOS programozás új nyelvérőlBalaBit
 
DATA DRIVEN DESIGN - avagy hogy fér össze a kreativitás a tényekkel
DATA DRIVEN DESIGN - avagy hogy fér össze a kreativitás a tényekkelDATA DRIVEN DESIGN - avagy hogy fér össze a kreativitás a tényekkel
DATA DRIVEN DESIGN - avagy hogy fér össze a kreativitás a tényekkelBalaBit
 
syslog-ng: from log collection to processing and information extraction
syslog-ng: from log collection to processing and information extractionsyslog-ng: from log collection to processing and information extraction
syslog-ng: from log collection to processing and information extractionBalaBit
 
eCSI - The Agile IT security
eCSI - The Agile IT securityeCSI - The Agile IT security
eCSI - The Agile IT securityBalaBit
 
Top 10 reasons to monitor privileged users
Top 10 reasons to monitor privileged usersTop 10 reasons to monitor privileged users
Top 10 reasons to monitor privileged usersBalaBit
 
Hogyan maradj egészséges irodai munka mellett?
Hogyan maradj egészséges irodai munka mellett?Hogyan maradj egészséges irodai munka mellett?
Hogyan maradj egészséges irodai munka mellett?BalaBit
 
Regulatory compliance and system logging
Regulatory compliance and system loggingRegulatory compliance and system logging
Regulatory compliance and system loggingBalaBit
 
Kontrolle und revisionssichere Auditierung privilegierter IT-Zugriffe
Kontrolle und revisionssichere Auditierung privilegierter IT-ZugriffeKontrolle und revisionssichere Auditierung privilegierter IT-Zugriffe
Kontrolle und revisionssichere Auditierung privilegierter IT-ZugriffeBalaBit
 
Techreggeli - Logmenedzsment
Techreggeli - LogmenedzsmentTechreggeli - Logmenedzsment
Techreggeli - LogmenedzsmentBalaBit
 
State of the art logging
State of the art loggingState of the art logging
State of the art loggingBalaBit
 
Why proper logging is important
Why proper logging is importantWhy proper logging is important
Why proper logging is importantBalaBit
 
Balabit Company Overview
Balabit Company OverviewBalabit Company Overview
Balabit Company OverviewBalaBit
 
BalaBit IT Security cégismertető prezentációja
BalaBit IT Security cégismertető prezentációjaBalaBit IT Security cégismertető prezentációja
BalaBit IT Security cégismertető prezentációjaBalaBit
 

More from BalaBit (20)

SCaLE 2016 - syslog-ng: From Raw Data to Big Data
SCaLE 2016 - syslog-ng: From Raw Data to Big DataSCaLE 2016 - syslog-ng: From Raw Data to Big Data
SCaLE 2016 - syslog-ng: From Raw Data to Big Data
 
NIAS 2015 - The value add of open source for innovation
NIAS 2015 - The value add of open source for innovationNIAS 2015 - The value add of open source for innovation
NIAS 2015 - The value add of open source for innovation
 
2015. Libre Software Meeting - syslog-ng: from log collection to processing a...
2015. Libre Software Meeting - syslog-ng: from log collection to processing a...2015. Libre Software Meeting - syslog-ng: from log collection to processing a...
2015. Libre Software Meeting - syslog-ng: from log collection to processing a...
 
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...LOADays 2015 - syslog-ng - from log collection to processing and infomation e...
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...
 
Big Data Science - hype?
Big Data Science - hype?Big Data Science - hype?
Big Data Science - hype?
 
DevAssistant, Docker and You
DevAssistant, Docker and YouDevAssistant, Docker and You
DevAssistant, Docker and You
 
Linux Kernel – Hogyan csapjunk bele?
Linux Kernel – Hogyan csapjunk bele?Linux Kernel – Hogyan csapjunk bele?
Linux Kernel – Hogyan csapjunk bele?
 
Swift -Helyzetjelentés az iOS programozás új nyelvéről
Swift -Helyzetjelentés az iOS programozás új nyelvérőlSwift -Helyzetjelentés az iOS programozás új nyelvéről
Swift -Helyzetjelentés az iOS programozás új nyelvéről
 
DATA DRIVEN DESIGN - avagy hogy fér össze a kreativitás a tényekkel
DATA DRIVEN DESIGN - avagy hogy fér össze a kreativitás a tényekkelDATA DRIVEN DESIGN - avagy hogy fér össze a kreativitás a tényekkel
DATA DRIVEN DESIGN - avagy hogy fér össze a kreativitás a tényekkel
 
syslog-ng: from log collection to processing and information extraction
syslog-ng: from log collection to processing and information extractionsyslog-ng: from log collection to processing and information extraction
syslog-ng: from log collection to processing and information extraction
 
eCSI - The Agile IT security
eCSI - The Agile IT securityeCSI - The Agile IT security
eCSI - The Agile IT security
 
Top 10 reasons to monitor privileged users
Top 10 reasons to monitor privileged usersTop 10 reasons to monitor privileged users
Top 10 reasons to monitor privileged users
 
Hogyan maradj egészséges irodai munka mellett?
Hogyan maradj egészséges irodai munka mellett?Hogyan maradj egészséges irodai munka mellett?
Hogyan maradj egészséges irodai munka mellett?
 
Regulatory compliance and system logging
Regulatory compliance and system loggingRegulatory compliance and system logging
Regulatory compliance and system logging
 
Kontrolle und revisionssichere Auditierung privilegierter IT-Zugriffe
Kontrolle und revisionssichere Auditierung privilegierter IT-ZugriffeKontrolle und revisionssichere Auditierung privilegierter IT-Zugriffe
Kontrolle und revisionssichere Auditierung privilegierter IT-Zugriffe
 
Techreggeli - Logmenedzsment
Techreggeli - LogmenedzsmentTechreggeli - Logmenedzsment
Techreggeli - Logmenedzsment
 
State of the art logging
State of the art loggingState of the art logging
State of the art logging
 
Why proper logging is important
Why proper logging is importantWhy proper logging is important
Why proper logging is important
 
Balabit Company Overview
Balabit Company OverviewBalabit Company Overview
Balabit Company Overview
 
BalaBit IT Security cégismertető prezentációja
BalaBit IT Security cégismertető prezentációjaBalaBit IT Security cégismertető prezentációja
BalaBit IT Security cégismertető prezentációja
 

Recently uploaded

Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 

Recently uploaded (20)

Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 

Les Assises 2015 - Why people are the most important aspect of IT security?

  • 2. Agenda Concept of CSI Platform A case study of CSI Platform About BalaBit Product demo
  • 3. Agenda Concept of CSI Platform A case study of CSI Platform About BalaBit Product demo
  • 4.  15 years in network security  Global leader in  privileged user monitoring and  log management  +30% annual growth in the last 5 years  1 million installations worldwide  23 of the „Fortune100 List” members among clients  Headcount: 200+  60% developers and system engineers  Global partner network  100+ partners in 40+ countries About BalaBit
  • 5. TELCO / IT FINANCE OTHER INDUSTRIES References
  • 6. Agenda Concept of CSI Platform A case study of CSI Platform About BalaBit Product demo
  • 7. Security Lifecycle • Based on static, known threats • Build layers of access controls, policies and walls • Use predefined patterns and rules to prevent access • Respond to breaches with bigger walls and more controls Define Prevent Detect Respond Access Controls & policies
  • 8. Breaches continue… Retail giant Target confirmed that credit and debit card information for 40 million of its customers had been compromised. ” – New York Times The CEO and CIO left the company Sony Pictures Entertainment has been targeted by computer hackers in an attack which reports say forced it shut down its systems… – BBC Costs estimated at $15-35m and growing Office on Personnel Management government data breach impacted 21.5 million people – CNN Director resigned Advanced Persistent Threats and malware depend on privileged account hijacking
  • 9. Cost and time to detect, resolve 90% Of breaches went undetected for over 3 months 80% Of breaches were Unresolved after 3 months 2,5 3,14 3,02 9,43 Costs (> $18 mm) Technical support Lost productivity Revenue and disruption Brand and reputation Source: IBM/Ponemon Institute ‟The cost of data breaches has increased by 96 percent; the number of successful attacks has increased by 144 percent in the last four years.” Source: HP State of security operations, 2015 report of capabilities and maturity of cyber defense organizations
  • 10. Add security in Context • Baseline business as usual • Gather intelligence on unusual user activities in real-time • Prioritize investigations based on deviation from the norm, and risk • Get forensic-level visibility into activities • Respond immediately Monitor Users Understand the norm Identify risks Investigate and prevent
  • 11. Agenda Concept of CSI Platform A case study of CSI Platform About BalaBit Product demo
  • 12. Background • Large European Enterprise • Global operations • Strict compliance regulations – Under financial regulations – US, Germany & Hong Kong • No technology they didn’t have – Mainframes, AS400, UNIX, Windows, Linux, …
  • 13. IT operations • External suppliers help in IT operations – Chunks of the infrastructure is outsourced completely – Other service providers have more specific scope • Control: – Traditional security gear (firewall, IPS, DLP, VPN, SIEM) – SLA – ITIL style change management
  • 14. Remote access • Suppliers access the infrastructure remotely – Jumphost • Basically unrestricted access to data centers – VPN & VDI • Desktops are constrained by default • Broad access privileges also exist
  • 15. Credentials • Remote access credentials are assigned to suppliers, not individuals • Credentials to internal systems are the responsibility of the suppliers • No insight into supplier credential management • No vetting of supplier personnel
  • 16. Internal separation • Internal separation of systems is weak • Workstations are restricted, but there are no firewalls between servers/applications • Unrestricted IP-level access is just a hop away
  • 17. The project Goals • Establish direct controls over suppliers • Visibility into daily operations • Restrict access privileges, „need-to- know” • Enforce change management
  • 18. Project scope • ~30-35k remote sessions per day – 85% SSH – 9% RDP – 6% telnet (tn3270, tn5250)
  • 19. The zero line • Traditional security gear does not give enough context – Firewall, IPS, VPN, DLP, SIEM • Reasons 1. They already have the privilege to pass 2. Logs are not providing the necessary level of detail 3. Complex sequence of actions cannot be reconstructed
  • 20. First step • Session recording was introduced
  • 21. SCB: Immediate Benefits • Transparent setup: – All supplier sessions forced through – Without changing workflows, clients/servers (no agent) • Forensic investigations • Centralizing vendor authentication, credential management
  • 24. >1234 5678 9123 4567 >scp financial.db Command detection Screen-content detection >cat cred Window-title detection 17 Never reaches other side Real-time prevention
  • 25. Review of the audit trails • Due to the internal and external regulations, audit trails need to be reviewed – Some in real-time using 4eyes – Others later
  • 26. How to review? • Which part of the audit trails are the most interesting? • How to choose which vendors should be reviewed? • Which solution is significantly better than random sampling?
  • 27. Second step: adding Behavior Analytics
  • 28. ”Behavior is the internally coordinated responses of whole living organisms to internal and/or external stimuli” Daniel A. Levitis, PhD in Integrative Biology What is behavior?
  • 29. What could be the elements of digital behavior? • Typical time of logging in • Typing speed • Screen resolution • Range of accessed servers and applications • Activities performed: commands, screen content User Behavior in practice
  • 30. The solution: Blindspotter User Behavior Analytics shows: • Who are the most risky users? • What are the biggest anomalies? • Which activities are the most critical?
  • 31. Agenda Concept of the CSI Platform CSI Platform in real life About BalaBit Product demo