Protecting Your Data From The Inside Out UBA, Insider Threats and Least Privilege in only 10 minutes!

Similar documents
HP ArcSight User Behavior Analytics

Cyber Security Metrics Dashboards & Analytics

Software that provides secure access to technology, everywhere.

Teradata and Protegrity High-Value Protection for High-Value Data

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Securing Remote Vendor Access with Privileged Account Security

RSA Security Anatomy of an Attack Lessons learned

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Incident Response. Proactive Incident Management. Sean Curran Director

ICTN Enterprise Database Security Issues and Solutions

TOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT

User Behavior Analytics: A New Approach to Detection and Response

Windows Operating Systems. Basic Security

End-user Security Analytics Strengthens Protection with ArcSight

Stay ahead of insiderthreats with predictive,intelligent security

Security and Privacy

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

SECURING YOUR REMOTE DESKTOP CONNECTION

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at

SIEM is only as good as the data it consumes

About SecuPi. Your business runs on applications We secure them. Tel Aviv, Founded

IT Security Strategy and Priorities. Stefan Lager CTO Services

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

What Do You Mean My Cloud Data Isn t Secure?

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

A Case for Managed Security

Securing SharePoint 101. Rob Rachwald Imperva

CyberArk Privileged Threat Analytics. Solution Brief

Reporting and Incident Management for Firewalls

CKAHU Symposium Cyber-Security

KEY STEPS FOLLOWING A DATA BREACH

Incident Response. Six Best Practices for Managing Cyber Breaches.

Making the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Evolution Of Cyber Threats & Defense Approaches

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

With Great Power comes Great Responsibility: Managing Privileged Users

RSA Security Analytics

Protecting Sensitive Data Reducing Risk with Oracle Database Security

Reducing the Cyber Risk in 10 Critical Areas

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Breach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security

SPEAR PHISHING UNDERSTANDING THE THREAT

Database Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations

Advanced Threats: The New World Order

INCIDENT RESPONSE CHECKLIST

Security Analytics The Beginning of the End(Point)

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

Seven Strategies to Defend ICSs

DATA SHEET. What Darktrace Finds

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

The Next Generation Security Operations Center

integrating cutting-edge security technologies the case for SIEM & PAM

Data Security Incident Response Plan. [Insert Organization Name]

Department of Homeland Security

SANS Top 20 Critical Controls for Effective Cyber Defense

UNCLASSIFIED. General Enquiries. Incidents Incidents

74% 96 Action Items. Compliance

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario

The Cloud App Visibility Blindspot

Information Security for the Rest of Us

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

Top tips for improved network security

Security strategies to stay off the Børsen front page

HP Atalla. Data-Centric Security & Encryption Solutions. Jean-Charles Barbou Strategic Sales Manager HP Atalla EMEA MAY 2015

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

DYNAMIC DNS: DATA EXFILTRATION

Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements

Agenda , Palo Alto Networks. Confidential and Proprietary.

GFI White Paper PCI-DSS compliance and GFI Software products

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Rashmi Knowles Chief Security Architect EMEA

Passing PCI Compliance How to Address the Application Security Mandates

Information Security Services

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN Siskiyou Boulevard Ashland OR 97520

National Cyber Security Month 2015: Daily Security Awareness Tips

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Speaker Info Tal Be ery

Metric Matters. Dain Perkins, CISSP

Transcription:

We protect your most sensitive information from insider threats. Protecting Your Data From The Inside Out UBA, Insider Threats and Least Privilege in only 10 minutes! VARONIS SYSTEMS

About Me Dietrich Benjes VP UK, Ireland & Middle East Dietrich@varonis.com +44 781 8041186 http://blog.varonis.com @dietrichbenjes 2

About Varonis Started operations in 2005 IPO in Feb 2014 Over 4,000 Customers (as of Sept 2015) We secure your sensitive data from the inside out 3

The Varonis Origin Story 4

Agenda all in 10 minutes! The anatomy of insider breaches Real world breaches What, why and how of UBA (User Behaviour Analytics) Case studies Data & Risk Assessments 5

The Varonis Origin Story 6

The script - Anatomy of a Breach, or Kill Chain Reconnaissance Intrusion Exploitation Misconduct Exfiltration Privilege Escalation Lateral Movement Obfuscation (anti-forensics) Denial Of Service 7

Target as a Target 40,000,000 records lost Lots of fancy tools watching the perimeter (candy bar syndrome) [ ] spokeswoman, Molly Snyder, says the intruders had gained access to the system by using stolen credentials from a thirdparty vendor 8

The New Normal (Goodbye, Secure Perimeter) Someone gets inside, or is already there Rogue insider, credential hijack, phishing, malware They have access to lots of sensitive, unstructured data Files and emails are over-exposed gold mines They can search for and download sensitive data without being noticed Users behavior on unstructured data is rarely monitored or analyzed Organizations breaches detected long after they happen (if ever) Even then, they rarely have accurate knowledge of the extent of the breach 9

Example: Sony Breach At a Glance What data was exposed? 47,000 social security numbers Financial records and payroll information Personal data and addresses, visa and passport numbers, tax records Over 30,000 confidential business documents Embarrassing and incriminating C-level email correspondence Private keys to Sony s servers How much did it cost? $15,000,000 in cleanup $35,000,000 for the fiscal year 10

Example: the Sony Breach Kill Chain Reconnaissance Attackers gained access with stolen credentials obtained with phishing emails, then downloaded tools to map the environment. Intrusion Wiper malware dropped on servers (with embedded employee credentials for execution) Lateral movement Attackers located passwords so they could continue to expand or elevate rights. They later released usernames and passwords for everything from internal systems to corporate Twitter accounts. Privilege escalation The attackers discovered treasure troves of plain-text passwords which gave them even more access to everything they needed to own the organization, including certificates and RSA token information. Data exfiltration Hundreds of GB of sensitive data was released, containing everything from PII information to confidential business documents including budgets and upcoming projects, to embarrassing emails between executives. 11

Example: How Sony would have looked

How Varonis Works INPUTS: METADATA FILE SYSTEM & PERMISSIONS DIRECTORY SERVICE OBJECTS BUSINESS & IT INSIGHTS ACTIVITY CONTENT VISUALIZE DATA AND ACCESS RESIGNATION, HACKER, VIRUS ACTIVITY TRENDS & DATA GROWTH IDENTIFY STALE DATA UNNEEDED ACCESS DATA OWNER IDENTIFICATION EXPOSED, SENSITIVE DATA 010011 CONSUMERS BUSINESS EXECUTIVES BUSINESS DATA OWNERS IT SECURITY COMPLIANCE IT STORAGE IT OPERATIONS 13

What is UBA? Science of user activity and data flow analysis UBA systems: Monitor user activity feeds Profile user behavior and relationships with data and other users Create a baseline of what constitutes normal activity Alert on abnormal activity based on AI, machine learning, thresholds, etc. UBA provides meaningful insights into user and data patterns, security risks, social connections and a wealth of other information 14

Why UBA? Why your customers need UBA Historic security investment and focus has been at the perimeter 87% of security investment is done at the FW / perimeter (*HP) 86% of data breaches are internal (*NSA) Rogue employees, accidental exposures and compromised accounts Cost of a breach $3.8m, time to realise 270 days!!! Industry experts agree that most of the high profile data breaches could ve been prevented with UBA 15

How do we do it? In a nutshell Collect, create, and analyze metadata Automatically discover critical assets, noteworthy people, and normal behavior, establishing a baseline of behavior Identify unusual behavior with machine learning algorithms and behavioral rule sets Alert on behavioral anomalies and suspicious activity 16

Value Quickly monitor critical assets for very scary things: Insider threats Privilege escalation and abuse Someone reading your executives emails Build context around the content of data and activity with collected metadata Reduce the amount of time it takes to find and assess a real issue, with forensics on compromised assets Recover from potential security breaches more quickly Integrate with SIEM and other UBA systems 17

Varonis Customer: Large Military Organization GOVERNMENT BUSINESS PROBLEM: Stolen Data Hundreds of files were stolen from a large military organization No record of access or automated analysis to flag insider abuse No way of knowing what files were taken or by whom BUSINESS SOLUTION Automatically monitor every touch on every file Complete audit trail on access activity Make sure only the right users can access the right data Alert on abnormal behavior Reduce risk and keep data secure IMMEDIATE RESULTS Caught over 30 attempts to steal data in 6 months!!! Reduced unnecessary user access by over 50% Started tracking all data usage A trusted insider took hundreds of thousands of files without anyone noticing and sold them. The organization had tens of millions of dollars invested in every security technology you can think of firewalls, IAM, IPS, DLP, and SIEM but none of these systems made a sound. 18

Example: Insider Attack 19

Customer Testimonial I wanted to let you know that we had an outbreak on our windows file server of the crypto virus. Using Varonis I was able to: Identify the infected user that was encrypting the shares and lock down access in 5 minutes. Then I was able to pull the logs so I could view the folders that were affected. This allowed me to bring the rest of the file server online and only have to restore the files that were affected by the user. Previously an outbreak of this nature would require us to take the share down for 24 hours until the infected user could be identified and restore all the shares from backup. Varonis saved the day. 20

Example: Crypto Attack 21

Varonis Data & Risk Assessments - Report Examples Overly accessible folders containing important or regulated content Overly accessible hierarchies and data structures Folders with stale information Usage statistics Permissions overview Stale permissions and identity configurations 22

Varonis Security Assessment: Initial Results 469,322 globally accessible folders 69% of all folders are open to EVERYONE in the company 356 folders contained sensitive data 98.5% folders containing sensitive data were globally accessible 96% of sensitive files were stale 20% of AD users had expired passwords 12.4% of AD users had no password expiration 23

Free Threat Assessment http://bit.ly/threatcheck 24

Thank you! Dietrich Benjes / Dietrich@varonis.com http://blog.varonis.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information