Media pro observeit-webinar-slides-behavioral-analytics-just-in-time-training
Amir Yampel - Necsia IT Consulting€¦ · 2 MEETING GDPR REQUIREMENTS WITH OBSERVEIT Prevent...
-
Upload
truongthuy -
Category
Documents
-
view
215 -
download
0
Transcript of Amir Yampel - Necsia IT Consulting€¦ · 2 MEETING GDPR REQUIREMENTS WITH OBSERVEIT Prevent...
2
MEETING GDPR REQUIREMENTS WITH OBSERVEIT
Prevent unauthorized processing of PII
Article 5
In case of a breach, notify the supervising authority within 72 hours
Article 33
Adopt technology and processes to regularly assess your GDPR compliance
Article 32
Adopt technology and processes to demonstrate GDPR compliance
Articles 24, 39
Implement technology to ensure that personal data is only processed for specified purposes. Processing
includes availability, accessibility to PII. [EG. prevent data exfiltration]
Article 4, 25
Increase awareness/ training for staff involved in processing operations/ related audits
Article 39 - DPO
4
CONTRACTORFEDERAL RECORDS
DEVELOPERDESIGN DOCUMENTS
PRIVILEGED USERCUSTOMER DATA
CONTRACTORPATIENT RECORDS
YOUR BIGGEST ASSET IS ALSO YOUR BIGGEST RISK
5
YOUR BIGGEST ASSET IS YOUR BIGGEST RISK (DATA BREACHES)
Data source:Breachlevelindex & Crowd Research Partners, 2017
74%OF ORGANIZATIONS
FEEL VULNERABLE TO
INSIDERS
GROWING NUMBER OF EMPLOYEES AND
CONTRACTORS WITH MORE ACCESS AND
FREEDOM
3MRECORDS ARE
STOLEN EVERY DAY
PII , CREDENTIALS, AND IP ARE TOP TARGETS (GDPR IS
ABOUT PII)
26%
26%
29%
30%
30%
31%
Website defacement
Payment/credit card data
Corporate financial data
Intellectual property
Authentication credentials (user IDs and passwords, otherforms of credentials)
Personally identifiable information (name, address,phone, Social Security number)
Q: “What types of data were potentially compromised or breached in the past 12 months?”
PII
PII
PII (partial)
TYPICAL MOTIVATIONS AND INTENTIONS
Malicious• Financial gain, financial distress
• Disgruntled employees, work conflict
• Revenge
• Rogue System Administrator
• Corporate Spy
• fear − layoffs
Unintentional Policy Breaches• Under-resourced, just trying to do their job
• Negligence
• Undertrained Staff
• Accidental
GDPR CHALLENGES: DO YOU HAVE VISIBILITY OVER PII?
Your Customers
Collect PII
Report
Audit
Your Organization
Data Protection Officer
Users accessing
your data
Sensitive
Customer
Data
Communicate
Introducing Insider Threat Monitoring & Prevention
Flexible
PREVENTIONEducate and enforce
polices to prevent Insider Threats
Rapid
TIME TO VALUE
Lightweight agent made for the
enterprise and is easy to deploy
Real Time
DETECTION
Hundreds of preconfigured indicators built by industry
experts and leverages rich analytics
Comprehensive
VISIBILITY
Full context around user activity across
endpoints, applications & files
Data
Activity
The Only Solution to Unify
Rich
AnalyticsUser
Monitoring + +
With A Single Lightweight Endpoint Agent
Introducing Insider Threat Monitoring & Prevention
Flexible
PREVENTIONEducate and enforce
polices to prevent Insider Threats
Rapid
TIME TO VALUE
Lightweight agent made for the
enterprise and is easy to deploy
Real Time
DETECTION
Hundreds of preconfigured indicators built by industry
experts and leverages rich analytics
Comprehensive
VISIBILITY
Full context around user activity across
endpoints, applications & files
Data
Activity
The Only Solution to Unify
Rich
AnalyticsUser
Monitoring + +
With A Single Lightweight Endpoint Agent
R I C H M E T A D A T A P R O V I D E S U S E R C O N T E X T
• Gain context for user actions and detect insider threat risk with easy-to-search and understand metadata
• ObserveIT tells you what the user is doing vs telling you what the computer is doing
Visibility
Introducing Insider Threat Monitoring & Prevention
Flexible
PREVENTIONEducate and enforce
polices to prevent Insider Threats
Rapid
TIME TO VALUE
Lightweight agent made for the
enterprise and is easy to deploy
Real Time
DETECTION
Hundreds of preconfigured indicators built by industry
experts and leverages rich analytics
Comprehensive
VISIBILITY
Full context around user activity across
endpoints, applications & files
Data
Activity
The Only Solution to Unify
Rich
AnalyticsUser
Monitoring + +
With A Single Lightweight Endpoint Agent
. . .WITH HUNDREDS OF PRE -CONFIGURED INSIDER THREAT USE CASES
UNAUTHORIZED ACCESS
Remote access, Sharing accounts & passwords, privileged escalation
ACCIDENTAL ACTIONSUnapproved application use,
Configuration mistakes, Unauthorized web browsing
UNAUTHORIZED ACTIVITYBypassing security controls, Backdoor creation, Running malicious software
DATA EXFILTRATION
Print, USB, Cloud Applications, Email
Introducing Insider Threat Monitoring & Prevention
Flexible
PREVENTIONEducate and enforce
polices to prevent Insider Threats
Rapid
TIME TO VALUE
Lightweight agent made for the
enterprise and is easy to deploy
Real Time
DETECTION
Hundreds of preconfigured indicators built by industry
experts and leverages rich analytics
Comprehensive
VISIBILITY
Full context around user activity across
endpoints, applications & files
Data
Activity
The Only Solution to Unify
Rich
AnalyticsUser
Monitoring + +
With A Single Lightweight Endpoint Agent
C H O O S E H O W Y O U W A N T T O R E S P O N D T O R I S K
Different levels of response, from notifications to session terminating according to
• Risk level
• User profile \ role \ permissions \ location , etc.
• Application
Introducing Insider Threat Monitoring & Prevention
Flexible
PREVENTIONEducate and enforce
polices to prevent Insider Threats
Rapid
TIME TO VALUE
Lightweight agent made for the
enterprise and is easy to deploy
Real Time
DETECTION
Hundreds of preconfigured indicators built by industry
experts and leverages rich analytics
Comprehensive
VISIBILITY
Full context around user activity across
endpoints, applications & files
Data
Activity
The Only Solution to Unify
Rich
AnalyticsUser
Monitoring + +
With A Single Lightweight Endpoint Agent
U S E C A S E : D A T A E X F I L T R A T I O N
Accessing cloud storage local folder (Dropbox) to transfer
sensitive information out
Email attachments to personal email accounts
Proprietary Data
Printing sensitive documents
Copying sensitive files & folders to a private
storage device
T ITL ES & URL S
P RINT
INS TA L L ING NEW S OF TW A RE
RUNNING MA L IC IOUS TOOL S
B ROW S ING I L L EGA L W EB S ITES
IRREGUL A R MA C H INE A C C ES S
TA MP ERING W ITH S YS TEM / S EC URITY TOOL S
C UT / C OP Y P A S TE
KEY L OGGING
D B A A C T IV ITY
P RINT S C REEN
C OP Y / MOV E
C OP Y TO C L OUD
EMA ILA TTA C H MENT
C OP Y TO US B
UP L OA D TO S OC IA L W EB S ITE
MS - OF F IC E C RM F IN A P P S D EV A P P S
D B A TOOL S
EX P L ORERC L I
OUTL OOK GMA IL F B S KYP EA PPLI C A T I O N S
US ER A C T I VI T Y
F I LE T R A C KI N G
EX F I LT R A T I O N PO I N T S
O T HER S US PI C I O US US ER B EHA VI O R
C REA TE RENA MED EL ETE
Z IP / ENC RYP T
D OW NL OA D F ROM W EB / A P P L IC A T ION
C OP Y F ROM NETW ORK S H A RES
DATA EXFILTRATION : COMPREHENSIVE VIS IB IL ITY
DANA RONP R O P R I E T A R Y T R A D E RN O R T H A M E R I C A
Exporting Vendor List Report
from the Financial Portal
1
Hiding tracks by renaming the
report to a naïve file name
2
EXAMPLE: MONITOR DATA EXFILTRATION OF SENSITIVE IP
F IN A P P S
DANA RONP R O P R I E T A R Y T R A D E RN O R T H A M E R I C A
D OW NL OA D F ROM W EB / A P P L IC A T ION
C REA TE RENA MED EL ETE
C OP Y TO C L OUD
INS TA L L ING NEW S OF TW A RE
3
Installing Dropbox
client on personal
laptop
4Upload the Vendor List report to Dropbox
by copying to local sync folder
R I S K S C O R E
75
2
4
MEETING GDPR REQUIREMENTS WITH OBSERVEIT
Prevent unauthorized processing of PII
Article 5
In case of a breach, notify the supervising authority within 72 hours
Article 33
Adopt technology and processes to regularly assess your GDPR compliance
Article 32
Adopt technology and processes to demonstrate GDPR compliance
Articles 24, 39
Implement technology to ensure that personal data is only processed for specified purposes.
Processing includes availability, accessibility to PII. [EG. prevent data exfiltration]
Article 4, 25
Increase awareness/ training for staff involved in processing operations/ related audits
Article 39 - DPO
2
5
EMPLOYEE PRIVACY
Obtain an “umbrella agreement” or ensure you use:
• Anonymization
• Metadata only (record upon breach)
• “4-eyes” concept
• Selective monitoring (who?/ what?)
• Audit the auditors
• Encrypted data
• Inform users
OBSERVEIT ARCHITECTURE
AGENTS
A P P - S E R V E R D A T A B A S E
METADATA
N O R E B O O T
1 % C P U
1 H O U R S T A N D U P
S I L E N T I N S T A L L
100 ’S OF OUT-OF-THE-BOX RULES ( GDPR )
• Data exfiltration
• Bypassing security controls
• Careless behavior
• Creating backdoor
• Application data theft
• Copyright infringement
• Data infiltration (bringing in troubles)
• Hiding information and covering tracks
• Install/uninstall questionable software
• Performing unauthorized admin tasks
• Running malicious software
• Using unauthorized communication tools
• Time fraud
• Unacceptable use
• Unauthorized activity on servers
• Unauthorized data access
• Unauthorized machine access
• Searching for information
• Identity theft
• IT sabotage
• Performing privilege elevation
• Preparation for attack
• Shell attack
• Unauthorized shell opening
• System tampering
7 AWARDS IN 2017 AND COUNTING...
28
Best Insider Threat Solution
Best Cybersecurity Company
Best Forensics Solution
Best Risk Management Solution
Category: Endpoint Security
Best Extrusion Prevention Solution
Most Innovative Insider Threat Solution
29
T h a n k Y o u
Boston
London
Tel Aviv
L O C A T I O N S
www.observeit.com
Amir Yampel
C O N T A C T
U S E C A S E : U N A U T H O R I Z E D A C C E S S & E X F I L T R A T I O N
Connecting to critical systemsCustomers DB
Connecting during irregular hoursCustomers DB
Connecting from unauthorized clientCustomers DB
Extracts sensitive information from DB (PII &Financials)
Connecting to system as an unauthorized userCustomers DB
R I C H M E T A D A T A P R O V I D E S U S E R C O N T E X T
• Gain context for user actions and detect insider threat risk with easy-to-search and understand metadata
• ObserveIT tells you what the user is doing vs telling you what the computer is doing
Visibility
Visibility
• Gain a unique “over-the-shoulder” view of all employee, vendor and consultant activity
• Reduce investigation times from days to minutes
V I D E O C A P T U R E F O R H I G H R I S K S I T U A T I O N S
Detection
D E C R E A S E R I S K I M M E D I A T E L Y W I T H 2 0 0 P R E C O N F I G U R E D U S E C A S E S W I T H A L E R T S
• Leverage over 200 out-of-the-box Insider Threat use cases (alerts)
• Benefit from CERT-generated indicators
• 25 Categories customizable by user group:
‒ Data Exfiltration‒ Bypassing Security
Controls‒ Creating Backdoors‒ Identity Theft‒ Privilege Elevation‒ Unauthorized Admin
Activity‒ Malicious Software‒ Shell Attacks‒ System Tampering
• Complete view of user logins, accounts, endpoints and applications
• Uncover and investigate risky user activity through identification of anomalous behavior
Q U I C K L Y I D E N T I F Y A N O M A L O U S B E H A V I O R
Dynamic filters
User activity and working hours over time
Most used applications and
Websites
Detection
R E D U C E R I S K W I T H R E A L - T I M E E M P L O Y E E N O T I F I C A T I O N S
• Warn users against proceeding with out-of-policy activities
• Reduce non-compliant actions by implementing real-time warnings
Prevention
PREVENT USERS FROM VIOLATING POLICIES
Prevention
• Direct enforcement of company policies
• Optimize Security and IT processes by collecting user feedback before the application is closed or user is logged-off
A proactive and holistic approach to GDPR-compliance
• Total visibility, detection, and prediction of user-based risks
• Reduce risk by up to 50% through real-time education that increases awareness about personal data protection
• Bi-directional feedback and communication to raise internal awareness and increase compliance adoption
• Deterrence and Prevention of malicious insider threats including risks from 3rd-party vendors
• Rapid investigation of breaches within minutes, via irrefutable video evidence
S A T I S F Y C O M P L I A N C E R E Q U I R E M E N T SCompliance
• PCI-DSS
• SOX Section 404
• HIPAA
• FFIEC
• GDPR
I N T E G R A T E W I T H E C O S Y S T E M F O R G R E A T E R I N S I G H T S ( S I E M ) & S E C U R I T Y A U T O M A T I O N Integrations
7 AWARDS IN 2017 AND COUNTING...
41
Best Insider Threat Solution
Best Cybersecurity Company
Best Forensics Solution
Best Risk Management Solution
Category: Endpoint Security
Best Extrusion Prevention Solution
Most Innovative Insider Threat Solution
42
T h a n k Y o u
Boston
200 Clarendon Street, 21st Floor
Boston, MA 02116
Tel Aviv
Kiryat Atidim, Building #7, 4th Floor
Tel Aviv 61580
L O C A T I O N S
www.observeit.com
Amir Yampel
C O N T A C T