© 2014 paypal inc. all rights reserved. confidential and proprietary. leveraging information to...
TRANSCRIPT
![Page 1: © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior](https://reader036.vdocument.in/reader036/viewer/2022070412/56649e975503460f94b9adf5/html5/thumbnails/1.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
Leveraging Information to Detect and Prevent Insider Attacks
Phoram MehtaSenior Manager, Information Security Management, PayPal
![Page 2: © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior](https://reader036.vdocument.in/reader036/viewer/2022070412/56649e975503460f94b9adf5/html5/thumbnails/2.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
2
AGENDA
• Problem Definition• Solution Challenges• Current approaches• A (New*) Proposal• Q&A
![Page 3: © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior](https://reader036.vdocument.in/reader036/viewer/2022070412/56649e975503460f94b9adf5/html5/thumbnails/3.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
3
Threats posed by employees, third parties, or malicious software that use legitimate access rights to networks, applications, and sensitive data
DEFINITION
![Page 4: © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior](https://reader036.vdocument.in/reader036/viewer/2022070412/56649e975503460f94b9adf5/html5/thumbnails/4.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
4
Is this really a problem?Regular or Rare?
T Childs• San Francisco Network Administrator• Changed admin passwords• $900,000, and 60 percent of city
services were affected
Snowden• CIA/NSA/Dell/BAH• Leaked top-secret US gov surveillance details• National security, and Privacy
Phishing• RSA SecurID• Twitter• May 2014?
![Page 5: © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior](https://reader036.vdocument.in/reader036/viewer/2022070412/56649e975503460f94b9adf5/html5/thumbnails/5.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
5
Why should I care?
Impact• Minority but more Damage• 40% of data breaches and 1/3 of all
malicious attacks• 50% more vulnerable – ESG survey
![Page 6: © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior](https://reader036.vdocument.in/reader036/viewer/2022070412/56649e975503460f94b9adf5/html5/thumbnails/6.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
6
Challenges to Solution
• Scale• Cloud• Volume• APT/New attacks• Privacy/Trust
![Page 7: © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior](https://reader036.vdocument.in/reader036/viewer/2022070412/56649e975503460f94b9adf5/html5/thumbnails/7.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
7
A (New*) Approach
ALARM• AuthN and AuthZ• Leakage Detection/Prevention• Analytics• Risk Management
Pre-requisites:• Data classification• BIA• Segmentation like the 80’s
![Page 8: © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior](https://reader036.vdocument.in/reader036/viewer/2022070412/56649e975503460f94b9adf5/html5/thumbnails/8.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
8
Authentication and Authorization
• They are different• In the right places• Strong – 2FA, Biometric or SMS• Review• Don’t forget Physical
![Page 9: © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior](https://reader036.vdocument.in/reader036/viewer/2022070412/56649e975503460f94b9adf5/html5/thumbnails/9.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
9
Leakage Detection and Prevention
• Each workstation/BYOD• Outbound traffic• IM/Email/SM• Consequences• Prevention is very hard
![Page 10: © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior](https://reader036.vdocument.in/reader036/viewer/2022070412/56649e975503460f94b9adf5/html5/thumbnails/10.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
10
Analytics
• End-to-End event correlation• Priv User Pattern recognition• Data Visualization• Threat models/rules for known
incidents• Advanced heuristics and prediction
![Page 11: © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior](https://reader036.vdocument.in/reader036/viewer/2022070412/56649e975503460f94b9adf5/html5/thumbnails/11.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
11
Risk Management
• Current State• Business Drivers• IP vs Customer data• Critical systems• Physical Security• Vendor Management
• Cost of Mitigation• Company Culture• External Obligations• Roadmap for Growth
![Page 12: © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior](https://reader036.vdocument.in/reader036/viewer/2022070412/56649e975503460f94b9adf5/html5/thumbnails/12.jpg)
Some Sources for Additional Information
ESG Insider Threat research - http://www.vormetric.com/sites/default/files/ap_Vormetric-Insider_Threat_ESG_Research_Brief.pdf
SANS Reading Room - http://www.sans.org/reading-room/whitepapers/incident/protecting-insider-attacks-33168
CINDER (US Mil Insider Threat program) - http://www.darpa.mil/Our_Work/I2O/Programs/Cyber-Insider_Threat_(CINDER).aspx
![Page 13: © 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior](https://reader036.vdocument.in/reader036/viewer/2022070412/56649e975503460f94b9adf5/html5/thumbnails/13.jpg)
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
13
Q & A Thank You