Security Summit Verona

Il ruolo degli utenti nella

security: superficiali, vittime

e insider

5 Ottobre 2016

Luca Mairani

© CLUSIT 2010 - Titolo - Autore© CLUSIT 2016 –– Luca Mairani

Il paradosso del gatto di Schrödinger

© CLUSIT 2010 - Titolo - Autore

L’utente si evolve

© CLUSIT 2016 –– Luca Mairani

© CLUSIT 2010 - Titolo - Autore© CLUSIT 2016 – Luca Mairani

OPERATORI CHE NON RISPETTANO

LE PROCEDURE DI SICUREZZA

LOW PROFILE

INSIDERS

HIGH PROFILE

INSIDERS

Organizzazione

Hacker

Hacktivist

Social

Engineer

Dati non StrutturatiDati Strutturati

ToolKit

Sql Injection

Malware

Bruteforce

Social Network

Telefono

Spazzatura

Phishing

Ricatto

CRIMINALITA’ ORGANIZZATA

Storage Online

Mail Personali

USB Stick

Smartphone

Tablet

Risentimento

verso l’azienda

Danni immagine

Tecnomediazione

Furto su

ordinazione

Ricatto

INCONSAPEVOLI

Infetti

Processi di

business errati

Grazie

Autore: Luca Mairani

Copyright © 2016 Forcepoint. All rights reserved.

Il ruolo degli utenti nella

security: superficiali, vittime e

insider

Verona – 5 Ottobre 2016

Luca Nilo Livrieri – Sales Engineer Manager Italy & Iberia

Copyright © 2016 Forcepoint. All rights reserved. | 7

Commercial Leaderwith

Content Security & DLP

Cloud / On-Premise / Hybrid

Pioneer on Cyber Frontlineswith

Financial Resources

Deep Understanding of Threat Detection

Networking Innovatorwith

Advanced Evasion Prevention

Security at Scale

NEW COMPANY, UNIQUELY FORMED TO

OFFER A NEW APPROACH TO SECURITY

Copyright © 2016 Forcepoint. All rights reserved. | 8

DATA

NETWORKS

Mobile

Office

OtherLocations

Partners &Supply Chain

Customers

Cloud Apps

Corp Servers

Websites

Email

EndpointMedia

IN THE CLOUD, ON THE ROAD, IN THE OFFICE

MODERN BUSINESS IS ALL ABOUT SAFELY CONNECTING USERS TO DATA

USERS

WHAT IS THE INSIDER THREAT?

Copyright © 2016 Forcepoint. All rights reserved.

Vittime (infetti)

Malicious OutsiderPosing as an Insider

Insider

Disgruntled EmployeeIntentionally doing wrong

Superifciali

Accidental InsiderUnknowingly exposing

the organization to risk

Each of these scenarios demonstrates how people introduce risk to an organization

Copyright © 2016 Forcepoint. All rights reserved. Copyright © 2016 Forcepoint. All rights reserved. | 11

Insider Threat Customer Needs

1. As a security and risk executive I need to

know which individuals in my organization

are behaving in ways that pose the

greatest potential risk and why so that I

can understand the risk and manage it

appropriately.

2. As a security and risk executive who has

identified a specific user in my organization

as a source of potential risk, I need to

quickly and thoroughly understand that

user’s potentially risky behavior and the

context around it so that I can take quick

action to mitigate the potential risk with an

appropriate remediation.

Copyright © 2016 Forcepoint. All rights reserved. | 12

VISIBILITY IS AT THE CRUX OF THE ISSUE

The digital revolution has obfuscated visibility

Organizations cannot manage threats they cannot see

Industrial Age Digital Age

Restoring Visibility

TECHNOLOGY

VISIBILITY

Need technology that collects & analyzes, pinpoints

riskiest users restoring visibility into risky behaviors

Copyright © 2016 Forcepoint. All rights reserved. | 13

SO DO I NEED A DLP SOLUTION ?

Copyright © 2016 Forcepoint. All rights reserved. | 14

Worldwide Sales Conference 2016, Proprietary & Confidential | 14

INSIDER THREAT & DATA PROTECTION PRODUCTS NEED EACH OTHER

• DLP identifies risky data behaviors AND then users need to be investigated

• Behavioral Insider Threat identifies risky users AND then data protection controls

need to be put in place

TRITON AP-DATA (DLP)

Copyright © 2016 Forcepoint. All rights reserved. | 15

THE SOLUTION: FORCEPOINT INSIDER THREAT

RISK?

YES

NO

BEHAVIORS

Forcepoint Insider Threat applies user behavior analytics to mitigate the insider threat

Copyright © 2016 Forcepoint. All rights reserved.

Worldwide Sales Conference 2016, Proprietary & Confidential | 16

Ah-Mr. Snowden

CYBER THREATS INDICATORS

Abnormal after hours access by a

contractor in Hawaii

Huge transfers of data to USB Abnormal account usage across 20-

25 peer accounts all linked to

Snowden’s IP address

Abnormal Administrator account

activity

Unusual lateral movement on the

network

Copyright © 2016 Forcepoint. All rights reserved. | 17

User Risk Scoring• Create a composite risk score for

individual users based on their behavior over a specified period of time

• Consumer of the score is a non-technical analyst who needs to make a decisionabout risk

• Risk score and associated behavior can be explained through simple narratives

• Composite scores consider both:

• Machine-based analysis of behavioral patterns (behavioral audit)

• Alerts based on deterministic policies(indicators of risk)

• Extensible architecture will support future advancements and additional analytical models

Copyright © 2016 Forcepoint. All rights reserved. | 18

CONFIGURATION SVIT - PREDEFINED

Copyright © 2016 Forcepoint. All rights reserved. | 19

FORCEPOINT INSIDER THREAT COMMAND CENTER

Organization 30 Day Risks

Top Daily Risks

Top Riskiest People

Copyright © 2016 Forcepoint. All rights reserved. | 20

COMMAND CENTER

30 Day History

Risk Score Activities

Filters

Activities

Copyright © 2016 Forcepoint. All rights reserved. | 21

INCIDENT MANAGEMENT

Copyright © 2016 Forcepoint. All rights reserved. | 22

SUREVIEW INSIDER THREAT ARCHITECTURE

Application

General

Clipboard Email File Keyboard Logon Printer Process System Info Video Web Web URL Webmail

(Gmail, Yahoo,

Outlook)

Copyright © 2016 Forcepoint. All rights reserved. | 23

THREATSEEKER INTELLIGENCE CLOUD

CONTENT

SECURITY

SECURITY

FOR CLOUD

NETWORK

SECURITY

TRITON 4D PLATFORM

ACE SECURITY SERVICES

UNIFIED MANAGEMENT

APIs

INSIDER THREAT

DATA PROTECTION

Combined Product Platform Vision

USERS

DATA

NETWORKS

Copyright © 2016 Forcepoint. All rights reserved. | 24

Grazie!

llivrieri@forcepoint.com