Insiders are the New Malware

Size: px

Start display at page:

Download "Insiders are the New Malware"

Brian Harvey
5 years ago
Views:

1 We protect your most sensitive information from insider threats. Insiders are the New Malware Protecting Your Data From Insider Threats

2 $whoami Name blog.varonis.com

3 Where to get the slides

4 The Varonis Origin Story

5 The Impact of Online Attacks Source: informationisbeautiful.net

6 What do many breaches have in common? The threat was already inside An insider or an attacker that hijacked an insider s credentials. Examples: Snowden, WikiLeaks Unstructured data was leaked or stolen Documents, spreadsheets, s, images, videos. Examples: Sony, OPM Traditional security approaches didn t work Without user behavior analytics, attacks go undetected. Examples: Target, Anthem

7 The Impact of Insider Threats 3.8 insider attackers per organization per year (on average) 45% of organizations can t tell if they ve suffered an insider breach 34% estimate the cost of an insider breach to be > $1 million Reputational damage is immeasurable CEOs and CISO are losing their jobs due to breaches

8 What We ll Cover in This Session It s easy to get inside Once you re in, it s easy to steal information How to stop insider threats with Inside-Out Security Detect Prevent Sustain

9 It s easy to get inside

10 Credentials are easy to compromise

11 Employees make mistakes

12 Phishing Works Really Well 23% 11% of recipients open phishing messages. of recipients click on attachments Verizon Data Breach Investigations Report

14 Rogue employees abuse access

15 How do we stop insiders?

16 Inside-Out Approach: 3 Phases Detect Enable auditing, baseline user behavior, take inventory Prevent Lock down sensitive information, remove dangerous artifacts Sustain Automate cleanup tasks, authorization, entitlement reviews

17 Phase I: Detect

18 Sysadmin Problems? CEO Problems. What did Bob have access to before he resigned and what did he take? Do I have PII stored in widely accessible folders? Hilary got hit without CryptoLocker again! Which files are toast? Will anyone mind if I archive these 15-year-old files? How many vulnerable, unused service accounts do we have?

19 Map Your Environment (that s what hackers do!)

20 Classify Sensitive Information

21 Enable Auditing (files, s, AD, etc.)

22 Alert on Suspicious Activity Behavioral activity spikes ( , files, access denied) Access to data not typical for a user (or service account) Multiple open events on files likely to contain credentials Abnormal access to sensitive or stale data Critical GPO modified Privilege escalation (user added to Domain Admins)

23 Alert on Suspicious Activity (Threat Models)

24 Phase II: Prevent

25 Nuke Dangerous Artifacts Inactive users and groups Overly delegated groups Looped nested groups Broken ACLs Folders with unique permissions Stale data

26 Eliminate Global Access Warning! Erin Hannon will lose access to data she s been using!

27 Simplify Permissions & Group Structures Stop using share permissions & use NTFS instead Apply permissions near top of tree Reduce # of unique folders Use single-purpose groups

28 Assign Ownership

29 Eliminate Excessive Permissions

30 Phase III: Sustain

31 Automate Authorization

32 Automate Entitlement Reviews

33 Automate Disposition & Quarantining

34 Inside-Out Approach: 3 Phases Detect Enable auditing, baseline user behavior, take inventory Prevent Lock down sensitive information, remove dangerous artifacts Sustain Automate cleanup tasks, authorization, entitlement reviews

35 Free Threat Assessment

36 Where to get the slides

37 Thank You Rob blog.varonis.com

Mitigate Risk Around Unstructured Data Assess and remediate access to your company's sensitive data

Mitigate Risk Around Unstructured Data Assess and remediate access to your company's sensitive data Dan Krpata Information Security Specialist STEALTHbits Technologies, Inc. What is Unstructured Data Challenges