© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

Slides:



Advertisements
Similar presentations
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Advertisements

IAPP CONFIDENTIAL Insider Leakage Threatens Privacy.
BalaBit Shell Control Box
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Controls for Information Security
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.
BUSINESS B1 Information Security.
Lecture 6: Cloud Computing By D. Najla Al-Nabhan 1.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Where in the world is your data? Data Breach Analysis Angelbeat Seminar Billy Austin, President iScan Online, Inc.
Top Threats WG Co-Chair Jon-Michael Brook. Agenda About our Top Threats Polling the industry Call for participation Categorizing our Top Threats.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Identity Assurance Emory University Security Conference March 26, 2008.
BEN ROBINSON, ACCOUNT EXECUTIVE, PALO ALTO NETWORKS SAFELY ENABLE YOUR SAAS APPLICATIONS.
Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,
Prevent Data Breaches and PII from Walking Out the Door Jim Farrell, Senior Vice President Products Archive Systems 9/18/2015.
Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.
IS3220 Information Technology Infrastructure Security
Computers Are Your Future Eleventh Edition Chapter 9: Privacy, Crime, and Security Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.
Cyber Security for the real world Tim Brown Dell Fellow and CTO Dell Security Solutions.
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
NPM and Security Forensics Mark Cromley Solutions Engineer Viavi Solutions, Inc.
Six Steps to Secure Access for Privileged Insiders and Vendors
Team 1 – Incident Response
2016 Data Breach Investigations Report
The next frontier in Endpoint security
Six Steps to Secure Access for Privileged Insiders and Vendors
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
Forensics Week 11.
Information Security: Risk Management or Business Enablement?
Threat Landscape for Data Security
Understanding IDENTITY Assurance
Cyber Defense Matrix Cyber Defense Matrix
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
12 STEPS TO A GDPR AWARE NETWORK
Cybersecurity Am I concerned?
Detecting Insider Threats: Actions Speak Louder than Words
Lorenzo Biasiolo 3°AI INFORMATION SECURITY.
Protect Your Ecommerce Site From Hacking and Fraud
Information Security Breach definitions
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Protecting Knowledge Assets – Case & Method for New CISO Portfolio
Presentation transcript:

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior Manager, Information Security Management, PayPal

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 2 AGENDA Problem Definition Solution Challenges Current approaches A (New*) Proposal Q&A

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 3 Threatsposed by employees, third parties, or malicious software that use legitimate access rights to networks, applications, and sensitive data DEFINITION

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Is this really a problem? Regular or Rare? T Childs San Francisco Network Administrator Changed admin passwords $900,000, and 60 percent of city services were affected Snowden CIA/NSA/Dell/BAH Leaked top-secret US gov surveillance details National security, and Privacy Phishing RSA SecurID Twitter May 2014? 4

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Why should I care? 5 Impact Minority but more Damage 40% of data breaches and 1/3 of all malicious attacks 50% more vulnerable – ESG survey

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 6 Challenges to Solution Scale Cloud Volume APT/New attacks Privacy/Trust

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. A (New*) Approach ALARM AuthN and AuthZ Leakage Detection/Prevention Analytics Risk Management 7 Pre-requisites: Data classification BIA Segmentation like the 80’s

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 8 Authentication and Authorization They are different In the right places Strong – 2FA, Biometric or SMS Review Don’t forget Physical

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 9 Leakage Detection and Prevention Each workstation/BYOD Outbound traffic IM/ /SM Consequences Prevention is very hard

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 10 Analytics End-to-End event correlation Priv User Pattern recognition Data Visualization Threat models/rules for known incidents Advanced heuristics and prediction

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. 11 Risk Management Current State Business Drivers IP vs Customer data Critical systems Physical Security Vendor Management Cost of Mitigation Company Culture External Obligations Roadmap for Growth

Some Sources for Additional Information ESG Insider Threat research - metric-Insider_Threat_ESG_Research_Brief.pdf metric-Insider_Threat_ESG_Research_Brief.pdf SANS Reading Room - room/whitepapers/incident/protecting-insider- attacks room/whitepapers/incident/protecting-insider- attacks CINDER (US Mil Insider Threat program) - er-Insider_Threat_(CINDER).aspx er-Insider_Threat_(CINDER).aspx

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Q & A Thank You 13

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.