Post on 13-Jan-2017
transcript
User Behavior Analytics
And the Organizational Benefits
2 2
SpectorSoft
• Insider threat, targeted attack, financial fraud detection• Focused on patterns of human behavior• Understanding normal & flagging anomalies that indicate threat
User Behavior Analytics
User Activity Monitoring• Collection and inspection of activity data (logs)• Hi-risk, response, investigations, post-mortems• Rich contextual data source
3 3
User Behavior Analytics• All about making you more secure• Threats are not only external• Average time to detect an insider threat?
• 32 days• Average time to respond?
• 17 days• Budgets are not aligned with reality
• 52% perceive negligent employees as cause of significant damage
• 44% spend are spending 10% or less on solutions that focus on insider threats
• Over 40% don’t even know what they spend
Statistics taken from Insider Threats and the Need for Fast and Directed Response - A SANS Survey.
4 4
Not in my backyard
3.8 50% $100k - $2M+
* Crowd-based research in cooperation with the 260,000+ member Information Security Community on LinkedIn
5 5
Cards on the table
6
Cards on the table
7 7
What risk do your insiders pose?10
5
1
8 8
Focus: Detection
9
Detect• You are most concerned
with data leak / breach / theft – data exfiltration
• Focus on detecting data exfiltration potential
• Direct that focus to where the insider interacts with the data
© SpectorSoft 2015
10
Detect10
5
1
User Behavior Analytics
• Detection of insider threats
• Patterns of human behavior
• Algorithms and statistical analysis to detect meaningful anomalies – indications of potential threat
User Activity Monitoring
• Collection of data focused on the interaction between user and resource
• Detailed and contextual user activity log
• Review: Alerts, reports, playback, and search
© SpectorSoft 2015
11
Spector 360 Recon
12
Spector 360 Recon
13
Spector 360 Recon
14
Detail10
5
1
User Behavior Analytics
• Detection of insider threats
• Patterns of human behavior
• Algorithms and statistical analysis to detect meaningful anomalies – indications of potential threat
User Activity Monitoring
• Collection of data focused on the interaction between user and resource
• Detailed and contextual user activity log
• Review: Alerts, reports, playback, and search
© SpectorSoft 2015
15
Spector 360
16
Closing Thoughts– Estimates suggest that 70% of the value of the average
business is held within information systems– Less than 3% of all info tech & security $ are spent
protecting or safeguarding electonic or hard copy proprietary information*
– The vast majority of these $ are spent in an effort to keep outsiders out*
– Little is done to protect proprietary information from the untrained or disgruntled employee.*
*Dan Smartwood, former Director of Information Safeguarding at Walt Disney Corp, testifying before Congress
17
What next?• Review your history of security problems
– What % were caused by external v insider?• Look at your budget
– What % are you spending on insider security• Review your incident response plan
– Does it have special provisions for an insider incident• http://webinar.spectorsoft.com/insider-threats-find-early-fix-fast
• Focus on detection
18
Benefit from UBA
Download:www.spector360recon.com/trial/
Increasing Security & Productivity through Insider Intelligence:http://bit.ly/1MPoIgF
“By 2018, organizations that monitor and analyze a broad spectrum or employee activities will experience 50% fewer insider data breaches than organizations that monitor internal communications only.”
Market Guide for Employee-Monitoring Products and Services Andrew Walls, Research Vice President, Gartner Research, 25 February 2015