Security Summit Verona ruolo degli utenti nella... · Il ruolo degli utenti nella security: ......
-
Upload
truongdiep -
Category
Documents
-
view
220 -
download
0
Transcript of Security Summit Verona ruolo degli utenti nella... · Il ruolo degli utenti nella security: ......
Security Summit Verona
Il ruolo degli utenti nella
security: superficiali, vittime
e insider
5 Ottobre 2016
Luca Mairani
© CLUSIT 2010 - Titolo - Autore© CLUSIT 2016 –– Luca Mairani
Il paradosso del gatto di Schrödinger
© CLUSIT 2010 - Titolo - Autore
L’utente si evolve
© CLUSIT 2016 –– Luca Mairani
© CLUSIT 2010 - Titolo - Autore© CLUSIT 2016 – Luca Mairani
OPERATORI CHE NON RISPETTANO
LE PROCEDURE DI SICUREZZA
LOW PROFILE
INSIDERS
HIGH PROFILE
INSIDERS
Organizzazione
Hacker
Hacktivist
Social
Engineer
Dati non StrutturatiDati Strutturati
ToolKit
Sql Injection
Malware
Bruteforce
Social Network
Telefono
Spazzatura
Phishing
Ricatto
CRIMINALITA’ ORGANIZZATA
Storage Online
Mail Personali
USB Stick
Smartphone
Tablet
Risentimento
verso l’azienda
Danni immagine
Tecnomediazione
Furto su
ordinazione
Ricatto
INCONSAPEVOLI
Infetti
Processi di
business errati
Grazie
Autore: Luca Mairani
Copyright © 2016 Forcepoint. All rights reserved.
Il ruolo degli utenti nella
security: superficiali, vittime e
insider
Verona – 5 Ottobre 2016
Luca Nilo Livrieri – Sales Engineer Manager Italy & Iberia
Copyright © 2016 Forcepoint. All rights reserved. | 7
Commercial Leaderwith
Content Security & DLP
Cloud / On-Premise / Hybrid
Pioneer on Cyber Frontlineswith
Financial Resources
Deep Understanding of Threat Detection
Networking Innovatorwith
Advanced Evasion Prevention
Security at Scale
NEW COMPANY, UNIQUELY FORMED TO
OFFER A NEW APPROACH TO SECURITY
Copyright © 2016 Forcepoint. All rights reserved. | 8
DATA
NETWORKS
Mobile
Office
OtherLocations
Partners &Supply Chain
Customers
Cloud Apps
Corp Servers
Websites
EndpointMedia
IN THE CLOUD, ON THE ROAD, IN THE OFFICE
MODERN BUSINESS IS ALL ABOUT SAFELY CONNECTING USERS TO DATA
USERS
WHAT IS THE INSIDER THREAT?
Copyright © 2016 Forcepoint. All rights reserved.
Vittime (infetti)
Malicious OutsiderPosing as an Insider
Insider
Disgruntled EmployeeIntentionally doing wrong
Superifciali
Accidental InsiderUnknowingly exposing
the organization to risk
Each of these scenarios demonstrates how people introduce risk to an organization
Copyright © 2016 Forcepoint. All rights reserved. Copyright © 2016 Forcepoint. All rights reserved. | 11
Insider Threat Customer Needs
1. As a security and risk executive I need to
know which individuals in my organization
are behaving in ways that pose the
greatest potential risk and why so that I
can understand the risk and manage it
appropriately.
2. As a security and risk executive who has
identified a specific user in my organization
as a source of potential risk, I need to
quickly and thoroughly understand that
user’s potentially risky behavior and the
context around it so that I can take quick
action to mitigate the potential risk with an
appropriate remediation.
Copyright © 2016 Forcepoint. All rights reserved. | 12
VISIBILITY IS AT THE CRUX OF THE ISSUE
The digital revolution has obfuscated visibility
Organizations cannot manage threats they cannot see
Industrial Age Digital Age
Restoring Visibility
TECHNOLOGY
VISIBILITY
Need technology that collects & analyzes, pinpoints
riskiest users restoring visibility into risky behaviors
Copyright © 2016 Forcepoint. All rights reserved. | 13
SO DO I NEED A DLP SOLUTION ?
Copyright © 2016 Forcepoint. All rights reserved. | 14
Worldwide Sales Conference 2016, Proprietary & Confidential | 14
INSIDER THREAT & DATA PROTECTION PRODUCTS NEED EACH OTHER
• DLP identifies risky data behaviors AND then users need to be investigated
• Behavioral Insider Threat identifies risky users AND then data protection controls
need to be put in place
TRITON AP-DATA (DLP)
Copyright © 2016 Forcepoint. All rights reserved. | 15
THE SOLUTION: FORCEPOINT INSIDER THREAT
RISK?
YES
NO
BEHAVIORS
Forcepoint Insider Threat applies user behavior analytics to mitigate the insider threat
Copyright © 2016 Forcepoint. All rights reserved.
Worldwide Sales Conference 2016, Proprietary & Confidential | 16
Ah-Mr. Snowden
CYBER THREATS INDICATORS
Abnormal after hours access by a
contractor in Hawaii
Huge transfers of data to USB Abnormal account usage across 20-
25 peer accounts all linked to
Snowden’s IP address
Abnormal Administrator account
activity
Unusual lateral movement on the
network
Copyright © 2016 Forcepoint. All rights reserved. | 17
User Risk Scoring• Create a composite risk score for
individual users based on their behavior over a specified period of time
• Consumer of the score is a non-technical analyst who needs to make a decisionabout risk
• Risk score and associated behavior can be explained through simple narratives
• Composite scores consider both:
• Machine-based analysis of behavioral patterns (behavioral audit)
• Alerts based on deterministic policies(indicators of risk)
• Extensible architecture will support future advancements and additional analytical models
Copyright © 2016 Forcepoint. All rights reserved. | 18
CONFIGURATION SVIT - PREDEFINED
Copyright © 2016 Forcepoint. All rights reserved. | 19
FORCEPOINT INSIDER THREAT COMMAND CENTER
Organization 30 Day Risks
Top Daily Risks
Top Riskiest People
Copyright © 2016 Forcepoint. All rights reserved. | 20
COMMAND CENTER
30 Day History
Risk Score Activities
Filters
Activities
Copyright © 2016 Forcepoint. All rights reserved. | 21
INCIDENT MANAGEMENT
Copyright © 2016 Forcepoint. All rights reserved. | 22
SUREVIEW INSIDER THREAT ARCHITECTURE
Application
General
Clipboard Email File Keyboard Logon Printer Process System Info Video Web Web URL Webmail
(Gmail, Yahoo,
Outlook)
Copyright © 2016 Forcepoint. All rights reserved. | 23
THREATSEEKER INTELLIGENCE CLOUD
CONTENT
SECURITY
SECURITY
FOR CLOUD
NETWORK
SECURITY
TRITON 4D PLATFORM
ACE SECURITY SERVICES
UNIFIED MANAGEMENT
APIs
INSIDER THREAT
DATA PROTECTION
Combined Product Platform Vision
USERS
DATA
NETWORKS