Lunchtime Bite:

How to Prevent Your Digital Assets from Walking Out the Company Door

8th July 2015

2

What we will cover in today’s Bite

Challenges and cost of protecting intellectual property Helix Threat Detection overview Helix Threat Detection Demo Q&A

3

The challenges of silo’ed IP Friction between teams

and design errors

Poor component reuse results in higher production costs

More delays, less efficient product delivery

Increased risk of quality issues

DevOps

code

reqs

specs

design

4

Increased risk of IP theft

DevOps

code

reqs

specs

design

Chief Security Officer

[ Even more separated ]

5

IP theft is a growing issue

• Annual losses due to IP theft >$300B• “The greatest transfer of wealth

in history”• Subsidizes competitors and foreign

suppliers• Diminishes productivity growth,

innovation, product advancements

6

Contributors

Consumers

Perforce Helix Platform Flexible Workflows

Version control, code reviews, simple file sharing

Fast and Scalable10 to 10,000+ on each trunk

Every FileEfficiently handles large, often binary, data

EverywhereSupports geographically distributed teams

Secure Granular permissions & theft detection

CSO

7

Customer: $20B manufacturer

2 engineers stole data

1 YEAR

$1 million spentLarge security vendor failed to find anything

2 WEEKS

Easily identified the 2 engineers

Found 3 additional users stealing data in North America

Found 8 additional users stealing data outside North America

THREATDETECTION

X

8

Helix Threat Detection

Analytics Modeling• Baselines and creates clusters• Learns Patterns • Learns Anomalies (unusual hours,

data volumes, application types & more

Risk Scoring• Risk by User • Risk by Activity • Risk by File• Risk by Time • Risk by Volume• Risk by Method/Exit

Verification & Investigation• Highly Readable Event Alarms• Very Intuitive UI • Executive Reporting

All Users

Ris

k fro

m 0

- 10

0

BEHAVIOURAL ANALYTICS

2

0

5

23

Wintermute Wintermute 89Armitage 82

Hideo 26Maelcum 26

Molly 25Aerol 25

Strayllight 25Case 18

Chiba 8Proteus 7

9

Reduces noise and false positives

Each entity maintains a persistent risk score (user, machine, asset)

Risk scores change based on activities Real-time aggregation of multiple events

“connects the dots” of related activities

John Smith is accessing an unusual, important file 25… at a time of day he was almost never active 46… and took from a source code project that has been inactive for months 80… and is downloading more source code from more folders than his peers 96

Behavioural Risk Model

Behavioural Risk Score

Entity Risk Model

Entity Risk Score

10

Interactive risk reporting and drilldown

11

Data & analytic modelsWanderer (access folders/projects)

• Anomalous folder access• Inactive folder access

Sneaker (access times)• Anomalous working hours• Anomalous working days

Moocher (take more than post)• Anomalous total mooch• Sudden mooch• High mooch

Hoarder (anomalous take, volume, folders)• Unusual project take (2 models)• Inactive project take• Large sudden unusual take (4 models – self & group)• Large sudden unusual take - per project

(4 models – self & group)

General Models• Activity from rare user• Aggregate anomaly• Persistent anomaly

Data Types

Timestamp (Date/Time)

User

Resource (Folder Structure)

Action (Give/Take)

Item Number

Client

Size

12

Demo

13

Provide 30 Days Log Data Run Analytics Executive ReportTimestamp

User

IP Address

Action - Commit - Sync - Get

Resource folder - File- Path

No need to install & configure system for testing Simply provide logs to prove the product meets your use case

Anonymized Fields

EncryptedResults

Risk Analysis Report

14

What we have covered in today’s Bite

Challenges and cost of protecting intellectual property Helix Threat Detection overview Helix Threat Detection Demo Q&A

Questions?

John Palmerjpalmer@perforce.com@p4jap