Insider Cloud Threats
60
PRESENTATION TITLE Subtitle [optional – to be used if needed] Fname Lname Title, Company INSIDER CLOUD THREATS John Menerick Syn
-
Upload
john-menerick -
Category
Technology
-
view
37 -
download
1
Transcript of Insider Cloud Threats
- 1. PRESENTATION TITLE Subtitle [optional to be used if needed] Fname Lname Title, Company INSIDER CLOUD THREATS John Menerick Syn
- 2. Thank you! 2
- 3. Legal Disclaimers slide 3 The views and opinions expressed here are my own only and in no way represent the views, positi
- 4. About Me 4
- 5. Defining the Problem 5
- 6. Supreme Chancellor 6
- 7. Palpatine 7
- 8. Seriously 8
- 9. NetSuite Inc. | # Unfortunately, perhaps we all havent put as much attention into the insider threat as the NSA or I can raise my hand and say we were burned by that as much as anyone in recent memory, Philip Quade, COO IAD National Security Agency 9
- 10. NetSuite Inc. | # Theres no badguy.com and theres no stupidguy.com, where theres this one corner of your network [you can] say, This is where Im going to optimize my hunting for the insider or remote threat. The good news, is thats where computing can come in, where analysis and big data analysis and behavior-based analysis can really, really directly address this problem Philip Quade, COO IAD National Security Agency 10
- 11. Insider Threats? 11
- 12. Insiders
- 13. Insiders 13
- 14. Verizon DBIR 14 - For the last several years in a row Bob received excellent remarks. - His code was clean, well written, and submitted in a timely fashion. - Quarter after quarter, his performance review noted him as the best developer
- 15. Verizon DBIR - contd 15 - the VPN logs showed him logged in from China, - yet Bob is sitting at his desk, staring into his monitor.
- 16. Verizon DBIR - contd 16 A typical work day for Bob looked like this: 9:00 a.m. Arrive and surf Reddit for a couple of hours. Watch cat videos 11:30 a.m. Take lunch 1:00 p.m. Ebay time. 2:00 ish p.m Facebook updates LinkedIn 4:30 p.m. End of day update e-mail to management. 5:00 p.m. Go home
- 17. Verizon DBIR - contd 17 - Bob outsourced his own job to a Chinese consulting firm. - Bob spent less that one fifth of his six-figure salary - Bob physically FedExed his RSA token to China - Bob was doing this to many other software firms in the area - $$$$$$
- 18. The magical unicorn 18
- 19. Why? Simon Says 19
- 20. Behavior Theories 20
- 21. 1995 - 2008 100+ prosecutions 21
- 22. Observations Planned actions - premeditation Ego or financial gain On the job Manual and outsider detection - only stupid people are caught 22
- 23. Taxonomies Misuse of access Bypassing defenses: Purely technical defenses are insufficient if they worked, the problem would not exist. Access-control failure 23
- 24. Traditional markers 24
- 25. Cloud
- 26. Simple Cloud 26
- 27. Simple Cloud 27
- 28. Cloud Security Model? 28
- 29. Over 9000 29 Over 9,000 cloud applications - immature auditing and governance controls More vectors to access data and easier to remove
- 30. Data Collection and Audit 30 The goal of CloudAudit is to provide a common interface and namespace that allows enterprises who are interested in streamlining their audit processes (cloud or otherwise) as well as cloud computing providers to automate the Audit, Assertion, Assessment, and Assurance of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise via an open, extensible and secure interface and methodology
- 31. Odins eye 31
- 32. Too much data! 32
- 33. Big Data
- 34. BIG Data 34
- 35. Analytics on LARGE datasets 35
- 36. Playing with Big DATA 36
- 37. Rigor to the process 37
- 38. Data massaging 38
- 39. The BIG picture 39
- 40. Data Paralysis 40
- 41. WARNING 41
- 42. 42
- 43. Bayesian 43
- 44. X vs. O 44
- 45. Overall 45
- 46. How do I trust? 46
- 47. Cloud and Beyond! 47 Massively scalable graph-processing algorithms Advanced statistical anomaly detection methods - Gaussian Knowledge-based relational machine learning Different rates of collection and data set behaviors - Keyboard clicks vs. large usb data transfers Rational vs. irrational behaviors
- 48. Conclusion
- 49. Magic Bullet 49
- 50. Case Study - hacktivism and PR 50
- 51. Fuck The Police! 51
- 52. Barrett Brown 52
- 53. Barrett Brown - contd 53
- 54. Barrett Brown - contd 54
- 55. Barrett Brown 55
- 56. I want more 56
- 57. I want more 57
- 58. Where can I find more information? 58 - https://data.rfc.ninja - US CERT - MITRE - DARPA - www.securesql.info - evolutionary algorithm competition series
- 59. Thank You
- 60. Q&A