TL2 “Threats: Malice, Mistakes, and Mountain Lions” presented at RochesterSecuritySummit 2015

by Steve Gold,

Summary : The recent spate of highly publicized breaches has drawn attention to one of the issues that keeps security professionals up at night – once an attacker is “inside” the network, their activities are often difficult to spot and recover from. This is true of outside attackers who compromise the credentials and systems of employees, as well as employees that are “breaking bad” or unwittingly exposing sensitive files.
While the capabilities of monitoring system configurations, network ingress and egress points, and endpoints have evolved steadily over the past 15-20 years; capabilities involving monitoring internal data-centric activities are relatively new, particularly with respect to unstructured data. As more organizations develop capabilities to track and record activity on unstructured data, they have the opportunity to use this information to identify and prevent insider breaches, lapses and the spread of malware.
This session will review the anatomy of typical outside-in attacks, including infiltration, data gathering, and exfiltration. It will then discuss methods and techniques for analyzing file analysis records to spot and stop potentially malicious activity from both insiders and external attackers. The session will include examples of access patterns that may be indicative of snooping, malware, and exfiltration, in order to augment your organization’s detective controls. It will also include best practices to prevent and reduce potential exposure to these threats.