mayank choudhary (mc), vp, products march, 2018 · felt observeit is the enterprise wide product...
TRANSCRIPT
Mayank Choudhary (MC), VP, ProductsMarch, 2018
ENTERPRISES TODAY
LAYERED DEFENCE
IAM
EPP
EDR
DLP
IPS/IDS
NEXT GEN
4
CONTRACTORFEDERAL RECORDS
DEVELOPERDESIGN DOCUMENTS
PRIVILEGED USERCUSTOMER DATA
CONTRACTORPATIENT RECORDS
YOUR BIGGEST ASSET IS ALSO YOUR BIGGEST RISK
INSIDER THREATS ARE GROWING
5
Data source:Breachlevelindex & Crowd Research Partners, 2017
3M
3 MILLION RECORDS ARE
STOLEN EVERYDAY
GROWING NUMBER OF EMPLOYEES AND
CONTRACTORS WITH MORE ACCESS AND FREEDOM
REGULATORY
COMPLIANCE FOCUS ON
CYBER SECURITY WILL
CONTINUE TO GROW
EXISTING CONTROLS HAVE GAPS
DLP
SIEM
UEBA
UAM
DLP is dead― Brian Reed, June 2017
INSIDER THREAT MANAGEMENT
The eventual disappearance of a standalone UEBA market has been apparent all along
― Avivah Litan, April 2016
FlexiblePREVENTION
Real Time
DETECTIONComprehensive
VISIBILITYI don’t have to say, “I don’t know” anymore.-CISO, Leading Multi-Asset Investment Firm
IT’S ALL ABOUT THE MEAN TIME TO DETECT AND REMEDIATE
WHAT WE DO: WORLD’S LEADING INSIDER THREAT MANAGEMENT CYBERSECURITY SOLUTION
FIRST AND ONLY SOLUTION TO UNIFY
USER DATA ANALYTICS
SENSORS
THAT PROVIDES: A NEW APPROACH TO MITIGATE INSIDER THREATS
VISIBILITY
ANALYTICS
ENFORCEMENT
COMPREHENSIVEVISBILITY
EDUCATE NOTIFICATION LOG OFFBLOCKING CLOSE APPLICATION
PRINT SCREEN
CUT / COPY PASTE
KEY LOGGING DBA ACTIVITYTITLES & URLS
COPY / MOVE
PRINTCOPY TO CLOUD
UPLOAD TO SOCIAL WEBSITE
COPY TO USB
MS-OFFICE CRM EXPLORER CLIDBA TOOLSDEV APPS FBGMAILOUTLOOK SKYPEFIN APPS
APPLICATIONS
USER ACTIVITY
FILE TRACKING
EXFILTRATION POINTS
PREVENTION
COPY FROM NETWORK SHARES
CREATE RENAME DELETE
DOWNLOAD FROM WEB / APPLICATION
ZIP / ENCRYPT
EXAMPLE: DATA EXFILTRATION
D A N A R O NP R O P R I E T A R Y T R A D E RN O R T H A M E R I C A
E-MAIL ATTACHMENT
REAL TIMEINTELLIGENCE
EXAMPLE: MONITOR DATA EXFILTRATION OF SENSITIVE IP
PRINT SCREEN
CUT / COPY PASTE
KEY LOGGING DBA ACTIVITYTITLES & URLS
COPY / MOVE
PRINTCOPY TO CLOUD
UPLOAD TO SOCIAL WEBSITE
COPY TO USB
MS-OFFICE CRM EXPLORER CLIDBA TOOLSDEV APPS FBGMAILOUTLOOK SKYPEFIN APPS
APPLICATIONS
USER ACTIVITY
FILE TRACKING
EXFILTRATION POINTS
PREVENTION
COPY FROM NETWORK SHARES
CREATE RENAME DELETE
DOWNLOAD FROM WEB / APPLICATION
ZIP / ENCRYPT
D A N A R O NP R O P R I E T A R Y T R A D E RN O R T H A M E R I C A
E-MAIL ATTACHMENT
INSTALLING NEW SOFTWARE
RUNNING MALICIOUS TOOLS
BROWSING ILLEGAL WEBSITES
IRREGULAR MACHINE ACCESS
TAMPERING WITH SYSTEM / SECURITY TOOLS
Exporting Vendor List Report from the Financial Portal1
Hiding tracks by renaming the report to a naïve file name
2
3
Installing Dropbox client on personal laptop
4Upload the Vendor List report to
Dropbox by copying to local sync folder
R I S K S C O R E
75
PROACTIVEENFORCEMENT
CASE STUDY: $1 TRILLION ASSET MANAGEMENT FIRM
Business objective 1:
Proactively detect data
exfiltration (no more
reactive security)
Business objective 2:
Enterprise wide visibility
across all users (no golden
key holders & flat networks)
Business objective 3:
Integrate 1 and 2 with the
Security Ecosystem (Ticketing,
SIEM, Analytics)
Chief Information Security Officer
Senior DirectorSecurity Technologies
DirectorCyber Investigations
“We want to move from reactive security to proactive security. Felt ObserveIT is the
enterprise wide product that provides them granular visibility into all systems & all
employees. No concept of golden key holders and believes networks are flat”.
CASE STUDY: LARGE COFFEE CHAIN
Business Objective 1:
Monitor access to servers
hosting POS systems
“Was the simplest POC we ever did. We monitor 70K users world wide with 15K concurrent sessions at any given point in time. We have alerts built off window titles, user IP’s, date / time stamps, then searches off that
metadata in Splunk to see exactly what happened. ”
Business Objective 2:
Reduce mean time to detect
and investigate security
incidents
Challenge 1:
Good quality user context to
feed to their central SOC
(Splunk)
Dir, Cyber Security & Ctirix