PREVENTION OF INSIDER THREATS TO INFORMATION

About This Presentation

Title:

PREVENTION OF INSIDER THREATS TO INFORMATION

Description:

PREVENTION OF INSIDER THREATS TO INFORMATION. Uniquely focused on prevention of ... Forensic readiness continuous journaling of information use. Results ... – PowerPoint PPT presentation

Number of Views:83

Avg rating:3.0/5.0

Slides: 21

Provided by: Verd6

Category:

more less

Transcript and Presenter's Notes

Title: PREVENTION OF INSIDER THREATS TO INFORMATION

1
PREVENTION OF INSIDER THREATS TO INFORMATION
2
Company Overview

Uniquely focused on prevention of insider threats
to information
Innovative products builtout of personal need
Strong acceptance
Insurance
Pharmaceutical
Technology software
Entertainment
Founded November 2002
Headquartered in Waltham, MA

3
Insider Threat Illegitimate Use of Legitimate
Authority

70 of incidents with loss involve insiders
IP loss the costliest form of cybercrime
72 have no ethical problem seeking personal gain

Motive
Users have intimate knowledge of infos value
Some want to personally benefit others err

5
Point-of-UseVisibility Continuous monitoring of
all information use
RISK ASSESSMENT
How does information leave the companyand what
kind of information?
INCIDENT RESPONSE
POLICY ENFORCEMENT
What information has a departing employee removed?
How did sourcecode find its way onto the internet?
AUDIT
6

Storage Device Management
Control the use of storage devices
CD/DVD, USB flash drives, local network disc
drives
What can be written/read, whenand by whom?

Point-of-UsePolicy Enforcement Control with
Consequences

Application Management
White/blacklisting apps
Limit attachment, clipboard printing
Limit network access by app, port number, IP
address user

Data Containment Prevention of IP Loss Leakage
of Confidential Information
7

Risk Analysis,
Management Mitigation
Assess risk of insider abuse
Audit for compliance with security and IT
policies
Trace incidents to their source

Management Console
DigitalGuardian Server

Loss Prevention Through Data Containment
Control the flow of information to apps, network
storage devices
Real-time prevention of actions that violate
policies
Increase policy awareness

Digital Guardian Agent
Disconnected User
Desktop User
Remote User
Protected Clients
8
Policy Examples
Webmail File Attachment
FTP Transfer Outside Company
IM Clipboard Paste
Clipboard Copy
CD/DVD Burn
Enterprise Application
USB File Copy
Printing
Port 80 for Unapproved Apps
9
Policy in Action
Optional Administrator Alert
Document needed for offsite meeting with patent
counsel.
10
Interactive 3D Visualization of Activity Alerts

Provides high-level view of information use and
compliance with acceptable use policies
Intuitive exploration, questioning and probing of
data
Trends, anomalies and incidents can be quickly
identified

11
Violations by Location over Time
12
Closer Inspection Violations by Policy in Boston
13
Closer Still Policy Timeframe of Interest
14
Visual Interaction Reveals Outliers
15
Analysis Taken to the Individual User Rule Level
16
Violation Summary by User
17
Forensic Quality Detail Documents Violation
18
CurrentApplications
Offshore Outsourcing Risk Insurance
IP Data Containment Multimedia Entertainment
Regulatory Compliance Aerospace
Targeted Investigations Telecom Equipment
Training Awareness All
19
Case Study Multimedia Entertainment Company

Business problem
Prior incident, suspect more
77 of unauthorized copies attributable to
insiders
Business objective
Prevent all unauthorized transfer of media files
outside of company
Implemented solution
Control storage devices block USB/CD/DVD file
writes
Restrict file transfer block FTP communication
outside of company
Forensic readiness continuous journaling of
information use
Results
Protection with no disruptions
Ability to correlate file, app network activity
identified loss via port 80 tunneling application
to which traditional tools offered no clues
Additional network policies being evaluated