Presentation is loading. Please wait.

Presentation is loading. Please wait.

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL Our mission is to help enterprises realize value from their unstructured data. Insider Threats Malice, Mistakes,

Similar presentations


Presentation on theme: "VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL Our mission is to help enterprises realize value from their unstructured data. Insider Threats Malice, Mistakes,"— Presentation transcript:

1 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL Our mission is to help enterprises realize value from their unstructured data. Insider Threats Malice, Mistakes, and Mountain Lions

2 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL2 Where to get the slides http://bit.ly/insiderTHREATS

3 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL3 About Varonis Started operations in 2005 Over 3000 Customers (as of September, 2014) Software Solutions for Human Generated Data

4 The Varonis Origin Story

5 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL5 Agenda The anatomy of insider breaches Real world breaches: stats and examples Our irrational biases about risk 6 tips for mitigating insider threats

6 The Varonis Origin Story

7 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL7 The Script Get inside (if not there already) Usually done by phishing or social engineering Snoop around Enumerate current access; attempt to elevate Visa cards anyone? PS C:\Users\eddard> findstr /r "^4[0-9]{12}(?:[0-9]{3})?$" Exfiltration Get the data out without sounding alarms

8 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL8 By the Numbers

9 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL9 Privilege Abuse

10 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL10 Our Own Worst Enemy

11 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL11 Snooping Behind the Firewall

12 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL12 Target as a Target 40,000,000 records lost Lots of fancy tools watching the perimeter (candy bar syndrome) “[…] spokeswoman, Molly Snyder, says the intruders had gained access to the system by using stolen credentials from a third- party vendor”

13 Risk and Irrational Biases

14 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL14 Fear and Frequency Large university 146,000 student records, including SSNs, exposed Cause? Copy/paste

15 A Story About Trees

16 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL16 Focus on Frequency

17 They’re in—now what?

18 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL18 6 Mitigation Tips 1. Eliminate Global Access 2. Eliminate Excessive Permissions 3. Alert on Privilege Escalations 4. Alert on Behavioral Deviations 5. Setup Honeypots 6. Closely Monitor High-Risk People and Data

19 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL19 Tip #1: Eliminate Global Access Locate groups like “Everyone” and “Authenticated Users” and replace them with tighter security groups How do I avoid cutting off legitimate access?

20 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL20 Tip #2: Eliminate Excessive Permissions People and software! Figure out what people have access to but shouldn’t Amazon-like recommendations Auto-expire temporary access Periodically review entitlements

21 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL21 Tip #3: Alert on Privilege Escalations Do you know when someone gets root access?

22 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL22 Tip #4: Alert on Behavioral Deviations Behavioral activity spikes (email, files, access denied) Monitor activity outside of normal business hours

23 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL23 Detecting CryptoLocker Alert on more than 100 file modify events from a single user in under a minute Alert triggers an action to: Notify IT admins Grab the username and machine Check the machine’s registry for key/value that CryptoLocker creates Get-Item HKCU:\Software\CryptoLocker\Files).GetValueNames() If value exists, disable user automatically: Disable-ADAccount -Identity $actingObject

24 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL24 Cryptowall’s Profile

25 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL25 Tip #5: Setup Honeypots Setup a shared folder that is open to everyone X:\Share\Payroll X:\Share\Confidential X:\Share\CEO See who abuses it

26 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL26 Tip #6: Monitor High Risk People and Data Alert or auto-quarantine sensitive data when it shows up in a public place Watch what root/domain admins are doing Watch what contractors are doing

27 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL27 Free Threat Assessment http://hub.varonis.com/evaluation

28 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL Thank you!


Download ppt "VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL Our mission is to help enterprises realize value from their unstructured data. Insider Threats Malice, Mistakes,"

Similar presentations


Ads by Google