How to Defend against Internal Threats Ken Tulegenov, Group Founder “Information Security Community. Kazakhstan” on LinkedIn [email protected] Almaty November 16 2016
Internal Threats in Kazakhstan. Cyber crime. How to defend. Cyber Security
Apr 13, 2017
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
How to Defend
against
Internal ThreatsKen Tulegenov, Group Founder
“Information Security Community. Kazakhstan” on LinkedIn
AlmatyNovember 16
2016
Price of Economic Crime
Types of Economic Crime
Who is a Perpetrator?
Risk Map & Methods of Combating
Expected future
NOWADAY Situation FUTURE Situation (2 years)
Cybercrime Globally
Cybercrime in the USA & UK
Cybercrime in the USA & UK
Cyber Threat Vectors
External Attacks aka “Unauthorized Access”
Victims
Who will be
the next victim?
APT Attack Anatomy (Kill-chain)
Internal Attacks aka “Insider Threats”
Types of Insiders
Malicious Insiders
Malicious Insider Motivations
Insiders by Percentage
Cost of Incident (Average USA Stats)
Annual cost
Incident Timing & Cost
What Data is the most convertible to money?
Sensitive Data
Employee Behaviors
Risky Users
How to combat effectively?
Recommendations
Data Source For Monitoring
Clear Vision:
Attack Anatomy (Kill-chain)
Measures for Internal Threats (IMHO) :
Data Encryption (FDE, USB, Backup)
Application Control
Device Control
HIPS + AV
NGFW
Prevent (Basic)
DLP
Privilege Rights Management
Internal NGFW
802.1x
SIEM
Prevent (Gen)
Database Activity Monitoring
Users Activity Monitoring
Database Encryption
IRM (Information Rights Management)
User Behavior Analysis
Prevent
(Adv)
How to manage this ZOO?
One Security Platform for 1 Security Layer or Products Family
Easy Administration via Console (User Interface / Configuration / Support)
Unified Real-time Monitoring for all products
What can Intel Security (McAfee) offer?
SIEM (Security Information Event Management)
EPP (Endpoint Protection)
DLP (Data Loss Prevention)
MDP (Mobile Data Protection / Encryption)
Measures for Internal Threats (IMHO) :
Data Encryption (FDE, USB, Backup)
Application Control
Device Control
HIPS + AV
NGFW
Prevent (Basic)
DLP
Privilege Rights Management
Internal NGFW
802.1x
SIEM + Threat Exchange
Prevent (Gen)
Database Activity Monitoring
Users Activity Monitoring
Database Encryption
IRM (Information Rights Management)
User Behavior Analysis
Prevent (Adv)
Who uses McAfee (My experience):
Reasons for Using:
Market Presence (Gartner’s “Magic Quadrants”)
Unified Management (for Different Products)
Scalability (Branches around the country)
Integration (with Current / Future Solutions)
Transparency (for Users)
Easy to use (for Security Administrators)
Thank you for your attention
Any
Questions?
Related Documents
