Upload
imperva
View
2.451
Download
4
Tags:
Embed Size (px)
DESCRIPTION
Pinpointing the source and scope of data theft is often hard to quantify, especially since your largest internal threat may actually be one of your most loyal employees. This presentation presents the findings of the first-ever global insider threat study that catalogs common practices used by leading organizations across numerous verticals. This presentation will define the insider threat, quantify the prevalence of the problem, and uncover controls that have proven most effective at minimizing the risk of insider threats.
Citation preview
Rob Rachwald Director of Security Strategy
The Insider's Guide To Insider Threats
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
Past Insider Threat Research Our Methodology Common Practices
Agenda
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
Research + Directs security strategy + Works with the Imperva Application Defense Center
Security experience + Fortify Software and Coverity + Helped secure Intel’s supply chain software + Extensive international experience in Japan, China, France, and
Australia
Thought leadership + Presented at RSA, InfoSec, OWASP, ISACA + Appearances on CNN, SkyNews, BBC, NY Times, and USA Today
Graduated from University of California, Berkeley
Today’s Presenter Rob Rachwald, Dir. of Security Strategy, Imperva
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
70% of employees plan to take something with them when they leave the job
+ Intellectual property: 27% + Customer data: 17%
Over 50% feel they own the data
United Kingdom: Taking it with them when they go
Source: November 2010 London Street Survey of 1026 people, Imperva
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
62% took data when they left a job
56% admit to internal hacking
70% of Chinese admit to accessing information they shouldn’t have
36% feel they own the data
Shanghai and Beijing: Human nature at work?
Source: February 2011 Shanghai and Beijing Street Survey of 1012 people, Imperva
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
Did not provide a holistic approach and often focused on piecemeal activities, such as:
+ Threat modeling + Technology
Vendor centric: Focused on the latest three-letter acronym (TLA) approach
Difficult to implement
6
Insider Threat Research in the Past
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
Jim’s Approach Start with 1,435 good companies.
Examine their performance over 40 years. Find the 11 companies that became great.
Our Variation Start with 1,000 good companies.
+ Collect good practices. + But harder to qualify statistically.
7
Our Methodology
© 2012 Imperva, Inc. All rights reserved.
Our Sample
Global Audience Enterprises across five
continents.
8
Many Shapes and Sizes Multiple verticals across a
broad revenue spectrum.
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
Someone who has trust and access, and acquires intellectual property and/or data in excess of acceptable business requirements.
They do so: + Maliciously + Accidentally + By being compromised
9
Insider Threat Defined
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
The Catalog
© 2012 Imperva, Inc. All rights reserved.
#1 Information security enables the business to
grow, but grow securely
11
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
What: + Understand appetite for
business risk and work with business to put a plan in place
How: + Work with line of business and
speak to the right people, and understand what they protect and how much they would be willing to protect — early in the process
+ Make it personal + Explain how to strengthen the
business + Use compliance to differentiate + Create informal teams
12
Practice #1: Building a Business Case
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
What: + Organizational model
How (two approaches): + Centralized model: one team
that oversees all security + Decentralized model: Embed
security with various business units
13
Practice #2: Build the A-Team
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
What: + InfoSec works with HR during
the onboarding and offboarding process as well as implementing security programs
How (checklist): + Training and communications
around security + Onboarding
– Background checks – Psych testing – Special screening for executives
+ Violations + Terminations
14
Practice #3: Work with HR
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
What: + Create a legal environment that
promotes security
How: + Create scary legal policies, for
example, implement compliance and legal policies around on and offboarding
+ Contract reviews with partners + Approve policies (email usage,
network usage, social network usage, care of laptops and other portable devices, monitoring of user behavior)
15
Practice #4: Work with Legal
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
What: + Education programs to raise
security awareness and efficacy
How: + Regular security training to cover
threats and LOB role – Ideally, twice per year – Constant training that uses real
world episodes (email, newsletters) that are not subject to timing
– Online security awareness training
+ Educate yourself!
16
Practice #5: Education
© 2012 Imperva, Inc. All rights reserved.
#2 Prioritizing
17
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
What: + Identify what makes your
company unique
How (checklist): + Build a full employee inventory:
total, transient, permanent, mobility, access restrictions
+ Partner profiling + Map threats
– Identify malicious scenarios – Identify accidental scenarios
+ Define audit requirements + Define visibility requirements
18
Practice #1: Size the Challenge
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
What: + Know who and what to secure
How: + Do not become inundated by
data + Build and parse an inventory of
what needs to be secured + Put in the basic controls, and
then build + Determine what needs to be
automated
19
Practice #2: Start small, think BIG
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
What: + Automate certain security
processes
How: + Find what systems you can
automate, such as: – Online training – System inventory by an automated
server discovery process – Fraud prevention – Provisioning and de-provisioning
privileges – Employee departure (HR systems can
notify IT immediately and remove permissions)
– Clean-up dormant accounts
20
Practice #3: Automation
© 2012 Imperva, Inc. All rights reserved.
#3 Access Controls
21
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
What: + Lockdown admins and superusers,
and develop a separate policy
How: + Use business owner to verify + Privileged user monitoring + Periodic review by business + Eliminate dormant accounts + Separate policies for
administrators
22
Practice #1: Quis custodiet ipsos custodes?
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
What: + Permissions structure that is
comprehensive and flexible
How: + Use business owner to verify + Start with permissions discovery + Recognize key events:
– Job changes – Terminations – Sensitive transactions should require
additional approvals to prevent fraud – Cloud
+ Automate
23
Practice #2: Develop a Permissions Strategy
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
What: + Weirdness probably means
trouble
How: + Profile normal, acceptable usage
and access to sensitive items by… – Volume – Access speed – Privilege level
+ Put in place monitoring or “cameras in the vault”
24
Practice #3: Look for Aberrant Behavior
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
What: + Manage company and personal
devices
How: + View data theft as a function of
aberrant behavior + Put controls and monitoring on
apps and databases + Remote wipe
25
Practice #4: Device Management
© 2012 Imperva, Inc. All rights reserved.
#4 Technology
26
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
What: + Pick the right technology with
constant readjustments
How: + Map back to threats + Key: Rebalance your portfolio
periodically and assess what you need and what you don’t!
27
Practice #1: Rebalancing the Portfolio
© 2012 Imperva, Inc. All rights reserved.
© 2012 Imperva, Inc. All rights reserved.
Webinar Materials
Post-Webinar Discussions
Answers to Attendee Questions
Webinar Recording Link Webinar Slides
Join LinkedIn Group Imperva Data Security Direct for…
© 2012 Imperva, Inc. All rights reserved.
www.imperva.com