Post on 16-Jan-2016
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
Leveraging Information to Detect and Prevent Insider Attacks
Phoram MehtaSenior Manager, Information Security Management, PayPal
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
2
AGENDA
• Problem Definition• Solution Challenges• Current approaches• A (New*) Proposal• Q&A
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
3
Threats posed by employees, third parties, or malicious software that use legitimate access rights to networks, applications, and sensitive data
DEFINITION
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
4
Is this really a problem?Regular or Rare?
T Childs• San Francisco Network Administrator• Changed admin passwords• $900,000, and 60 percent of city
services were affected
Snowden• CIA/NSA/Dell/BAH• Leaked top-secret US gov surveillance details• National security, and Privacy
Phishing• RSA SecurID• Twitter• May 2014?
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
5
Why should I care?
Impact• Minority but more Damage• 40% of data breaches and 1/3 of all
malicious attacks• 50% more vulnerable – ESG survey
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
6
Challenges to Solution
• Scale• Cloud• Volume• APT/New attacks• Privacy/Trust
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
7
A (New*) Approach
ALARM• AuthN and AuthZ• Leakage Detection/Prevention• Analytics• Risk Management
Pre-requisites:• Data classification• BIA• Segmentation like the 80’s
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
8
Authentication and Authorization
• They are different• In the right places• Strong – 2FA, Biometric or SMS• Review• Don’t forget Physical
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
9
Leakage Detection and Prevention
• Each workstation/BYOD• Outbound traffic• IM/Email/SM• Consequences• Prevention is very hard
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
10
Analytics
• End-to-End event correlation• Priv User Pattern recognition• Data Visualization• Threat models/rules for known
incidents• Advanced heuristics and prediction
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
11
Risk Management
• Current State• Business Drivers• IP vs Customer data• Critical systems• Physical Security• Vendor Management
• Cost of Mitigation• Company Culture• External Obligations• Roadmap for Growth
Some Sources for Additional Information
ESG Insider Threat research - http://www.vormetric.com/sites/default/files/ap_Vormetric-Insider_Threat_ESG_Research_Brief.pdf
SANS Reading Room - http://www.sans.org/reading-room/whitepapers/incident/protecting-insider-attacks-33168
CINDER (US Mil Insider Threat program) - http://www.darpa.mil/Our_Work/I2O/Programs/Cyber-Insider_Threat_(CINDER).aspx
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.
13
Q & A Thank You