Top Banner
PRESENTATION TITLE Subtitle [optional – to be used if needed] Fname Lname Title, Company INSIDER CLOUD THREATS John Menerick Syn
60
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
  1. 1. PRESENTATION TITLE Subtitle [optional to be used if needed] Fname Lname Title, Company INSIDER CLOUD THREATS John Menerick Syn
  2. 2. Thank you! 2
  3. 3. Legal Disclaimers slide 3 The views and opinions expressed here are my own only and in no way represent the views, positi
  4. 4. About Me 4
  5. 5. Defining the Problem 5
  6. 6. Supreme Chancellor 6
  7. 7. Palpatine 7
  8. 8. Seriously 8
  9. 9. NetSuite Inc. | # Unfortunately, perhaps we all havent put as much attention into the insider threat as the NSA or I can raise my hand and say we were burned by that as much as anyone in recent memory, Philip Quade, COO IAD National Security Agency 9
  10. 10. NetSuite Inc. | # Theres no badguy.com and theres no stupidguy.com, where theres this one corner of your network [you can] say, This is where Im going to optimize my hunting for the insider or remote threat. The good news, is thats where computing can come in, where analysis and big data analysis and behavior-based analysis can really, really directly address this problem Philip Quade, COO IAD National Security Agency 10
  11. 11. Insider Threats? 11
  12. 12. Insiders
  13. 13. Insiders 13
  14. 14. Verizon DBIR 14 - For the last several years in a row Bob received excellent remarks. - His code was clean, well written, and submitted in a timely fashion. - Quarter after quarter, his performance review noted him as the best developer
  15. 15. Verizon DBIR - contd 15 - the VPN logs showed him logged in from China, - yet Bob is sitting at his desk, staring into his monitor.
  16. 16. Verizon DBIR - contd 16 A typical work day for Bob looked like this: 9:00 a.m. Arrive and surf Reddit for a couple of hours. Watch cat videos 11:30 a.m. Take lunch 1:00 p.m. Ebay time. 2:00 ish p.m Facebook updates LinkedIn 4:30 p.m. End of day update e-mail to management. 5:00 p.m. Go home
  17. 17. Verizon DBIR - contd 17 - Bob outsourced his own job to a Chinese consulting firm. - Bob spent less that one fifth of his six-figure salary - Bob physically FedExed his RSA token to China - Bob was doing this to many other software firms in the area - $$$$$$
  18. 18. The magical unicorn 18
  19. 19. Why? Simon Says 19
  20. 20. Behavior Theories 20
  21. 21. 1995 - 2008 100+ prosecutions 21
  22. 22. Observations Planned actions - premeditation Ego or financial gain On the job Manual and outsider detection - only stupid people are caught 22
  23. 23. Taxonomies Misuse of access Bypassing defenses: Purely technical defenses are insufficient if they worked, the problem would not exist. Access-control failure 23
  24. 24. Traditional markers 24
  25. 25. Cloud
  26. 26. Simple Cloud 26
  27. 27. Simple Cloud 27
  28. 28. Cloud Security Model? 28
  29. 29. Over 9000 29 Over 9,000 cloud applications - immature auditing and governance controls More vectors to access data and easier to remove
  30. 30. Data Collection and Audit 30 The goal of CloudAudit is to provide a common interface and namespace that allows enterprises who are interested in streamlining their audit processes (cloud or otherwise) as well as cloud computing providers to automate the Audit, Assertion, Assessment, and Assurance of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise via an open, extensible and secure interface and methodology
  31. 31. Odins eye 31
  32. 32. Too much data! 32
  33. 33. Big Data
  34. 34. BIG Data 34
  35. 35. Analytics on LARGE datasets 35
  36. 36. Playing with Big DATA 36
  37. 37. Rigor to the process 37
  38. 38. Data massaging 38
  39. 39. The BIG picture 39
  40. 40. Data Paralysis 40
  41. 41. WARNING 41
  42. 42. 42
  43. 43. Bayesian 43
  44. 44. X vs. O 44
  45. 45. Overall 45
  46. 46. How do I trust? 46
  47. 47. Cloud and Beyond! 47 Massively scalable graph-processing algorithms Advanced statistical anomaly detection methods - Gaussian Knowledge-based relational machine learning Different rates of collection and data set behaviors - Keyboard clicks vs. large usb data transfers Rational vs. irrational behaviors
  48. 48. Conclusion
  49. 49. Magic Bullet 49
  50. 50. Case Study - hacktivism and PR 50
  51. 51. Fuck The Police! 51
  52. 52. Barrett Brown 52
  53. 53. Barrett Brown - contd 53
  54. 54. Barrett Brown - contd 54
  55. 55. Barrett Brown 55
  56. 56. I want more 56
  57. 57. I want more 57
  58. 58. Where can I find more information? 58 - https://data.rfc.ninja - US CERT - MITRE - DARPA - www.securesql.info - evolutionary algorithm competition series
  59. 59. Thank You
  60. 60. Q&A

Related Documents
Prevent Insider Threats with User Activity Monitoring

Prevent Insider Threats with User Activity Monitoring

Category: Technology
Protecting Information Insider Threats

Protecting Information Insider Threats

Category: Documents
TM- Insider Threats Brochure

TM- Insider Threats Brochure

Category: Documents
Insider Threats nov

Insider Threats nov

Category: Documents
Insider threats and countermeasures

Insider threats and countermeasures

Category: Technology
Tier 3 Huntsman - Insider Threats

Tier 3 Huntsman - Insider Threats

Category: Technology
Understanding Characteristics of Insider Threats by …support.sas.com/resources/papers/proceedings15/1640-2015.pdf · Understanding Characteristics of Insider Threats ... The results

Understanding Characteristics of Insider Threats by...

Category: Documents
Monitoring Technologies for Mitigating Insider Threats

Monitoring Technologies for Mitigating Insider Threats

Category: Documents
Insider Threats: Insider The Danger Within Threats...defines insider threats as any “current or former employee, contractor, or other business partner who has or had access to an

Insider Threats: Insider The Danger Within Threats...defines...

Category: Documents
Cyber response to insider threats 3.1

Cyber response to insider threats 3.1

Category: Technology
CORPORATE CYBER SECURITY INSIDER THREATS Dan Maloney.

CORPORATE CYBER SECURITY INSIDER THREATS Dan Maloney.

Category: Documents
CLOUD ADOPTION & RISK IN HEALTHCARE REPORT Adoption and Risk in Healthcare Report - Q2 2015 TABLE OF CONTENTS INTRODUCTION OVERVIEW OF CLOUD ADOPTION INSIDER THREATS IN THE CLOUD COMPROMISED

CLOUD ADOPTION & RISK IN HEALTHCARE REPORT Adoption and Risk...

Category: Documents