User Behavior Analytics And The Benefits To Companies

2. 2 SpectorSoft 2 • Insider threat, targeted attack, financial fraud detection • Focused on patterns of human behavior • Understanding normal & flagging anomalies that indicate threat User Behavior Analytics User Activity Monitoring • Collection and inspection of activity data (logs) • Hi-risk, response, investigations, post-mortems • Rich contextual data source

3. 3 User Behavior Analytics 3 • All about making you more secure • Threats are not only external • Average time to detect an insider threat? • 32 days • Average time to respond? • 17 days • Budgets are not aligned with reality • 52% perceive negligent employees as cause of significant damage • 44% spend are spending 10% or less on solutions that focus on insider threats • Over 40% don’t even know what they spend Statistics taken from Insider Threats and the Need for Fast and Directed Response - A SANS Survey.

4. 4 Not in my backyard 4 3.8 50% $100k - $2M+ * Crowd-based research in cooperation with the 260,000+ member Information Security Community on LinkedIn

5. 5 Cards on the table 5

6. 6 Cards on the table

7. 7 What risk do your insiders pose? 7 10 5 1

8. 8 Focus: Detection 8

9. 9 Detect • You are most concerned with data leak / breach / theft – data exfiltration • Focus on detecting data exfiltration potential • Direct that focus to where the insider interacts with the data © SpectorSoft 2015

10. 10 Detect 10 5 1 User Behavior Analytics • Detection of insider threats • Patterns of human behavior • Algorithms and statistical analysis to detect meaningful anomalies – indications of potential threat User Activity Monitoring • Collection of data focused on the interaction between user and resource • Detailed and contextual user activity log • Review: Alerts, reports, playback, and search © SpectorSoft 2015

11. 11 Spector 360 Recon

12. 12 Spector 360 Recon

13. 13 Spector 360 Recon

14. 14 Detail 10 5 1 User Behavior Analytics • Detection of insider threats • Patterns of human behavior • Algorithms and statistical analysis to detect meaningful anomalies – indications of potential threat User Activity Monitoring • Collection of data focused on the interaction between user and resource • Detailed and contextual user activity log • Review: Alerts, reports, playback, and search © SpectorSoft 2015

15. 15 Spector 360

16. 16 Closing Thoughts – Estimates suggest that 70% of the value of the average business is held within information systems – Less than 3% of all info tech & security $ are spent protecting or safeguarding electonic or hard copy proprietary information* – The vast majority of these $ are spent in an effort to keep outsiders out* – Little is done to protect proprietary information from the untrained or disgruntled employee.* *Dan Smartwood, former Director of Information Safeguarding at Walt Disney Corp, testifying before Congress

17. 17 What next? • Review your history of security problems – What % were caused by external v insider? • Look at your budget – What % are you spending on insider security • Review your incident response plan – Does it have special provisions for an insider incident • http://webinar.spectorsoft.com/insider-threats-find-early-fix- fast • Focus on detection

18. 18 Benefit from UBA Download: www.spector360recon.com/trial/ Increasing Security & Productivity through Insider Intelligence: http://bit.ly/1MPoIgF “By 2018, organizations that monitor and analyze a broad spectrum or employee activities will experience 50% fewer insider data breaches than organizations that monitor internal communications only.” Market Guide for Employee-Monitoring Products and Services Andrew Walls, Research Vice President, Gartner Research, 25 February 2015

Notas do Editor

Founded in 1998 User Activity Monitoring and User Behavior Analytics Thousands of corporate, government, and non-profit customers; millions of endpoints
If you are not looking, you simply do not know. Don’t be lulled into a false sense of security because you have not detected a insider threat UNLESS you have focused efforts on insider threat detection. Known knows, known unknowns, unkown unknows. Survey also showed that the
56% of respondents who answered “yes” we have had an attack or “no” we have not – said yes we have. Average of 3.8 attacks per org. 50% of those who could put a number on remediation estimated between $100k and over $2M.
Disgruntled: Ricky Joe Mitchell sentenced to 4 years in Fed prison. Admitted that he reset all network servers to factory settings intentionally when he heard he was to be fired. EverVest was unable to fully communicate or conduct business for 30 days, and spent hundreds of thousands of dollars trying to recover historical data. Also ordered to pay $428k in restitution. Entitled: So common amongst sales and “creators” (for example: marketing, coders, strategic direction setters). Surveys show that 1 out of 2 employees think it’s OK to take corporate data with them when they leave, and a full 40% of those that says it’s OK further think it’s OK to use it at their next position. Ours and Symantec. Ringleader: Lyft. Late last year. COO allegedly took strategic product plans, financials, forecasts – and went to Uber! No word @ last look how he physically got there … which service he used. No specific insight into this one but presents as classic case of insider who felt entitled to information that he had a hand in creating (signed off on) and would be of use to him down the road. Imposter: Anthem. Jan 2015. source of breach seemed to be a compromised login credential. Attacker(s) ran a database query using sys admin credentials. Then they uploaded data to a cloud storage service. How many document file-sharing services are used in your company? Official and shadow? Do you know how they are used? Mole: CME Group software engineer – last name Yang – worked at company 11 years. Sometime late in the 10th year / early in the 11th year – working in concert with 2 unnamed business partners (not employees) he planned to start a rival company. Downloaded more than 10,000 files containing source code to his work computer, transferred them to USB, and walked them out. Think he would have been flagged as behaving anomalously?
What risk do your insiders pose? (click) Think about the positions in your company – each one comes with some level of risk . Think of one or two now and assign them a risk value. TO help you assess your risk, remember: 1) Everyone has risk - Can be the low level clerk in acctg with access to credit card data, all the way up to the VP of sales with access to all your customer records – and everything in between. (next slide)
That your organization currently has an insider threat of some sort is a near certainty. Therefore, you have to approach security with the assumption that an insider threat has already compromised you and focus your energy on detection. Preventing insider attacks is important and a key part of security; however, organizations often fool themselves into believing that they can stop all such attacks. Repeat the following sentence three times: “Your organization is and will be compromised by insiders.” Insiders—whether malicious or merely negligent—are a continuous and constant problem for IT security; thinking otherwise is naïve. Dr. Eric Cole, SAMS Faculty Fellow. Recognized security expert. 20 patents. Former CTO McAfee and Chief Scientist for Lockheed Martin.
Lower risk – UBA Higher risk – UBA and UAM
Our approach to User Behavior Analytics, or UBA, focuses on detecting data exfiltration potential, so you can prevent it. We’ve worked hard to make UBA usable … no big professional services bills, no steep learning curves, and no difficulty tuning the solution to fit your needs. As you can see, getting started is as simple as selecting the users or groups you want to analyze behavior for, highlighting the specific behaviors you are most interested in,
And tuning the alert sensitivity to align to your requirements. Here the red dots represent the number of alerts you would receive based on each sensitivity setting. (next slide)

User Behavior Analytics And The Benefits To Companies

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (20)

Semelhante a User Behavior Analytics And The Benefits To Companies

Semelhante a User Behavior Analytics And The Benefits To Companies (20)

Último

Último (20)

User Behavior Analytics And The Benefits To Companies

Notas do Editor