Upload
kamran-khalid
View
162
Download
2
Embed Size (px)
Citation preview
Insider Threats and Countermeasures
Insider Threats and CountermeasuresBy: Kamran khalid
OverviewWhat is Insider Threats?Mistakes of Employee which creates threatThree Kinds of Insider ThreatsSource of VisibilityInternal VisibilityIT SabotageCombating Insider Threat is a multidisciplinary challengeConclusion
What is Insider Threats?
Aninsider threatis a maliciousthreatto an organization that comes from following people within the organizationEmployeesFormer employeesContractorsBusiness associatesThe person who have inside information concerning the organization's security practices, data and computer systems.
Mistakes of Employee which creates threat
Three Kinds of Insider Threats
Three Kinds of Insider Threats
CERT: Common Sense Guide to Prevention and Detection of Insider Threats
Source of Visibility
Internal Visibility without Net flow
DMZVPNInternal Network
Internet
3GInternet
3G Internet
Internal Visibility with Net flow
Internet
DMZVPNInternal Network
InternetNetFlow Packetsstart timeend timemac addressbyte count- more -
NetFlow
3GInternet
3G Internet
NetFlow
NetFlow
NetFlow
NetFlowNetFlow Collector
IT Sabotage Targeted monitoring of employees who are on the HR radar
Access after termination (!) (accounts or open sessions)
Unusual Access TimesDevicesSource AddressesDestination AddressesMismatches
Combating Insider Threat is a multidisciplinary challengeIT cannot address insider threat by itselfPeople have a tendency to think that IT is solely responsible for all computer security issues.Legal: Are policies in place? Are they realistic? Does legal support IT practices? HR: Who is coming and going? Who has workplace issues? Are there soft solutions?IT: Is the privacy of end users adequately protected? What impact on workplace harmony are policies, monitoring, and enforcement having?Are you applying policies consistently?
ITHRLegal
ConclusionThere are three kinds of insider threatNegligent InsidersMalicious InsidersCompromised Insiders
Managing the problem involvesLogs, Logs, LogsVisibility into the internal networkA multidisciplinary team
Referenceshttp://searchsecurity.techtarget.com/tip/Five-common-insider-threats-and-how-to-mitigate-themhttp://www.tripwire.com/state-of-security/incident-detection/identifying-and-preventing-insider-threats/http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7118395
Thankyou