Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Dmitry Kagansky, CTO - Public Sector (Federal) March 14, 2011 Quest Software – APT and the Insider Threat.

Published byAmbrose Harvey Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Dmitry Kagansky, CTO - Public Sector (Federal) March 14, 2011 Quest Software – APT and the Insider Threat."— Presentation transcript:

1 © 2010 Quest Software, Inc. ALL RIGHTS RESERVED Dmitry Kagansky, CTO - Public Sector (Federal) March 14, 2011 Quest Software – APT and the Insider Threat

2 2 Agenda The Insider Threat Advanced Persistent Threat –What is it and what does it mean for Public Sector? The Federal Supply Chain –Where are the weaknesses, and how can they be shored up? The Commercial Perspective –Paul Harper to discussion the view from the Commercial side Privileged Identity Management (PIM) –The ‘firewall’ for the insider threat Demonstration Q & A #QSFTcybersecurity - follow this webcast/ask questions!

3 3 The Insider Threat We all know the stats and stories The Insider is more dangerous The Insider is more careless The Insider is more malicious However... Sometimes... The Insider doesn’t know he’s the source of the compromise! #QSFTcybersecurity - follow this webcast/ask questions!

4 4 What is APT (Advanced Persistent Threat)? New term for an old problem –Coined by Mandiant What is it? –Advanced No one attack is particularly sophisticated Combination of attacks from many different vectors –Email –Web –Social Engineering –Devices –Persistent No longer recreational or even opportunistic This is someone’s job –Threat Co-ordinated Skilled, motivated and well-funded What does it mean for Public Sector? #QSFTcybersecurity - follow this webcast/ask questions!

5 5 The Federal Supply Chain Any chain is only as strong as the weakest link –Where are the weaknesses, and how can they be shored up? –Documents Adobe Acrobat is a bigger vehicle for malware than MS Word –Email –Websites –Devices –that USB stick you found at Starbucks! An agency may be ‘clean’ but it is not safe if it interacts with anyone else on the outside This same supply chain analogy applies to all agencies and all their partners –First Responders #QSFTcybersecurity - follow this webcast/ask questions!

6 6 The Commercial Perspective APTs are just as prevalent –Not publicly discussed or acknowledged Part of the Federal Supply Chain Many ties to government Slower to acknowledge that it’s a problem #QSFTcybersecurity - follow this webcast/ask questions!

7 7 Now what? How do you guard against the APT? –Low & slow attacks Days and weeks to develop Multiple vectors –Data gathering and observation Train your users Constantly update anti-virus Avoid giving out privileged access –Segregation of duties –Segregation of accounts (dual accounts for admins) #QSFTcybersecurity - follow this webcast/ask questions!

8 8 Privileged Identity Management (PIM) aka PAM (Privileged Account Management) Elevated privileged are most dangerous when obtained by an APT –It’s not the secretary or the janitor that is a concern –It’s the people with the keys to the kingdom –They won’t know when they’ve given up the keys 2 Flavors: –Named Accounts –System accounts such as root, oracle, administrator, etc Password Vault Continuous logging and monitoring Session recording Command control #QSFTcybersecurity - follow this webcast/ask questions!

9 9 Demonstration #QSFTcybersecurity - follow this webcast/ask questions!

10 10 Summary Advanced Persistent Threat is a reality and only going to grow Harder to detect Harder to prevent Weakness through weak security not just from users but partners Elevated accounts are most dangerous #QSFTcybersecurity - follow this webcast/ask questions!

11 11 Resources Advanced Persistent Threat –http://en.wikipedia.org/wiki/Advanced_Persistent_Threat (Definition and overview page)http://en.wikipedia.org/wiki/Advanced_Persistent_Threat –http://www.usenix.org/event/lisa09/tech/slides/daly.pdf (Excellent presentation from Raytheon)http://www.usenix.org/event/lisa09/tech/slides/daly.pdf –http://www.mandiant.com (Great white papers and studies – check their M-Trends paper)http://www.mandiant.com The Federal Supply Chain –http://www.businessofgovernment.org/sites/default/files/The%20Rol e%20of%20the%20Federal%20Supply%20Chain%20in%20Prepari ng%20for%20National%20Emergencies.pdf (Planning for the Inevitable: The Role of the Federal Supply Chain in Preparing for National Emergencies)http://www.businessofgovernment.org/sites/default/files/The%20Rol e%20of%20the%20Federal%20Supply%20Chain%20in%20Prepari ng%20for%20National%20Emergencies.pdf Quest TPAM –http://www.edmz.comhttp://www.edmz.com #QSFTcybersecurity - follow this webcast/ask questions!

12 12 Want more info? DLT Contact Information: Phone: 877-783-7800 Email: quest-solutions@dlt.com Twitter: @DLTSolutions Quest’s identity management solutions –http://www.quest.com/identity-management –http://www.GetToOne.com #QSFTcybersecurity - follow this webcast/ask questions!

13 © 2010 Quest Software, Inc. ALL RIGHTS RESERVED Thank You

Download ppt "© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Dmitry Kagansky, CTO - Public Sector (Federal) March 14, 2011 Quest Software – APT and the Insider Threat."

Similar presentations

Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.

Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.
Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
©2011 Quest Software, Inc. All rights reserved. Dmitry Kagansky Chief Technology Officer, Federal May 30, 2012 Now what? You Directory Has Been Breached!

©2011 Quest Software, Inc. All rights reserved. Dmitry Kagansky Chief Technology Officer, Federal May 30, 2012 Now what? You Directory Has Been Breached!
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.

The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
RSA Attack Analysis Karl F. Lutzen, CISSP S&T Information Security Officer.

RSA Attack Analysis Karl F. Lutzen, CISSP S&T Information Security Officer.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Single Identity – Multiple services how do I stay compliant? Wade Tongen NA Commercial SE.

Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Single Identity – Multiple services how do I stay compliant? Wade Tongen NA Commercial SE.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Network security policy: best practices

Network security policy: best practices
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
11-01: Get Started with SCP Supply Chain Platform Training Presentation Updated April 2009.

11-01: Get Started with SCP Supply Chain Platform Training Presentation Updated April 2009.

Similar presentations

Ads by Google