19
The Insider Threat Seen from NetIQ Perspective Ken Willén, Senior System Engineer, NetIQ
| Date post: | 14-Jul-2015 |
| Category: |
Technology |
| Upload: | infinit-innovationsnetvaerket-for-it |
| View: | 68 times |
| Download: | 1 times |
The Insider ThreatSeen from NetIQ Perspective
Ken Willén, Senior System Engineer, NetIQ
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.2
The Insider Threat
• The conscious:
– The disgruntled employee
– The opportunist
– The idealist
– The fundamentalist
• The mindless:
– Want to do their job
– Want to be helpful
– Pure negligence
• The compromised:
– Malware, APT, Virus, exploits etc.
– Social Engineering
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.3
Protection
User & Access
Mgt.
Infrastructure
Content
INFO
Protection
Kilde: Ken Willén
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.4
Management
Execution
CompetenciesProcedures & Processes
Insight
User & Access
Mgt.
Infrastructure
Content
INFO
Protection
Management
Kilde: Ken Willén
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.5
Compliance
Business
Execution
CompetenciesProcedures & Processes
Insight
User & Access
Mgt.
Infrastructure
Content
INFO
Protection
Management
Business
Kilde: Ken Willén
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.6
Protection and Insider Threats
User & Access
Mgt.
Infrastructure
Content
INFO
Protection
Maturity and requirements
Kilde: Ken Willén
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.7
Compliance
What to do?
Execution
CompetenciesProcedures & Processes
Insight
User & Access
Mgt.
Infrastructure
Content
INFO
Protection
Management
Business
Kilde: Ken Willén
8
The NetIQ Story
9
Hacking is Big Business
10
Landscape is becoming more complex
Cloud Mobile BYOD Social
11
Current fencing approaches
are not enough
12
All types of attacks misuse Identities!
• Insider attacks
• Accidental disclosures
• Hackers
• Targeted Attacks
Identity is the key
14
Too many users with
too much access
15
Focus on the basicsIdentity, Access & Security together
Enforce access controls
Monitor user
activity
Minimizerights
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.16
Balanced Risk Appetite
Identity ManagementLeast Privileged
Access ManagementPolicy Enforcement
Security MonitoringUser Control
Minimal Risk Appetite
AcceptedRisk Appetite
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.17
This document could include technical inaccuracies or typographical errors. Changes are
periodically made to the information herein. These changes may be incorporated in new
editions of this document. NetIQ Corporation may make improvements in or changes to the
software described in this document at any time.
Copyright © 2014 NetIQ Corporation and its affiliates. All Rights Reserved.
ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the
cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration
Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy
Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit,
PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite,
Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ
Corporation or its subsidiaries in the United States and other countries.
