This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1. PRESENTATION TITLE Subtitle [optional to be used if needed]
Fname Lname Title, Company INSIDER CLOUD THREATS John Menerick
Syn
2. Thank you! 2
3. Legal Disclaimers slide 3 The views and opinions expressed
here are my own only and in no way represent the views, positi
4. About Me 4
5. Defining the Problem 5
6. Supreme Chancellor 6
7. Palpatine 7
8. Seriously 8
9. NetSuite Inc. | # Unfortunately, perhaps we all havent put
as much attention into the insider threat as the NSA or I can raise
my hand and say we were burned by that as much as anyone in recent
memory, Philip Quade, COO IAD National Security Agency 9
10. NetSuite Inc. | # Theres no badguy.com and theres no
stupidguy.com, where theres this one corner of your network [you
can] say, This is where Im going to optimize my hunting for the
insider or remote threat. The good news, is thats where computing
can come in, where analysis and big data analysis and
behavior-based analysis can really, really directly address this
problem Philip Quade, COO IAD National Security Agency 10
11. Insider Threats? 11
12. Insiders
13. Insiders 13
14. Verizon DBIR 14 - For the last several years in a row Bob
received excellent remarks. - His code was clean, well written, and
submitted in a timely fashion. - Quarter after quarter, his
performance review noted him as the best developer
15. Verizon DBIR - contd 15 - the VPN logs showed him logged in
from China, - yet Bob is sitting at his desk, staring into his
monitor.
16. Verizon DBIR - contd 16 A typical work day for Bob looked
like this: 9:00 a.m. Arrive and surf Reddit for a couple of hours.
Watch cat videos 11:30 a.m. Take lunch 1:00 p.m. Ebay time. 2:00
ish p.m Facebook updates LinkedIn 4:30 p.m. End of day update
e-mail to management. 5:00 p.m. Go home
17. Verizon DBIR - contd 17 - Bob outsourced his own job to a
Chinese consulting firm. - Bob spent less that one fifth of his
six-figure salary - Bob physically FedExed his RSA token to China -
Bob was doing this to many other software firms in the area -
$$$$$$
18. The magical unicorn 18
19. Why? Simon Says 19
20. Behavior Theories 20
21. 1995 - 2008 100+ prosecutions 21
22. Observations Planned actions - premeditation Ego or
financial gain On the job Manual and outsider detection - only
stupid people are caught 22
23. Taxonomies Misuse of access Bypassing defenses: Purely
technical defenses are insufficient if they worked, the problem
would not exist. Access-control failure 23
24. Traditional markers 24
25. Cloud
26. Simple Cloud 26
27. Simple Cloud 27
28. Cloud Security Model? 28
29. Over 9000 29 Over 9,000 cloud applications - immature
auditing and governance controls More vectors to access data and
easier to remove
30. Data Collection and Audit 30 The goal of CloudAudit is to
provide a common interface and namespace that allows enterprises
who are interested in streamlining their audit processes (cloud or
otherwise) as well as cloud computing providers to automate the
Audit, Assertion, Assessment, and Assurance of their infrastructure
(IaaS), platform (PaaS), and application (SaaS) environments and
allow authorized consumers of their services to do likewise via an
open, extensible and secure interface and methodology
31. Odins eye 31
32. Too much data! 32
33. Big Data
34. BIG Data 34
35. Analytics on LARGE datasets 35
36. Playing with Big DATA 36
37. Rigor to the process 37
38. Data massaging 38
39. The BIG picture 39
40. Data Paralysis 40
41. WARNING 41
42. 42
43. Bayesian 43
44. X vs. O 44
45. Overall 45
46. How do I trust? 46
47. Cloud and Beyond! 47 Massively scalable graph-processing
algorithms Advanced statistical anomaly detection methods -
Gaussian Knowledge-based relational machine learning Different
rates of collection and data set behaviors - Keyboard clicks vs.
large usb data transfers Rational vs. irrational behaviors
48. Conclusion
49. Magic Bullet 49
50. Case Study - hacktivism and PR 50
51. Fuck The Police! 51
52. Barrett Brown 52
53. Barrett Brown - contd 53
54. Barrett Brown - contd 54
55. Barrett Brown 55
56. I want more 56
57. I want more 57
58. Where can I find more information? 58 -
https://data.rfc.ninja - US CERT - MITRE - DARPA -
www.securesql.info - evolutionary algorithm competition series