InfoSecChat

Fox In The Hen House? (3 of 3)
Could you spot the fox in your hen house? Protect your sensitive data from insider threats.
   8 years ago
#InfoSecChatFox In The Hen House? (2 of 3)Could you spot the fox in your hen house? Protect your sensitive data from insider threats.
IBM Security
Q2: In your work with clients, what are the top three biggest technology challenges when it comes to spotting insider issues?
Cindy Compert,CIPT/M
So many products, so many choices
Cindy Compert,CIPT/M
a1 how do you correlate all those sources?
AdrianLane
A2: Don't know the market or the tools
AdrianLane
A2: Choosing the right tech - market is strewn with stuff that does not do what it's supposed to
Leslie Wiggins
A2: Also, finding technologies that integrate, so you can manage entitlements and identities, as well as appropriately control access to sensitive data.
Patricia Diaz
Accountability, sometimes privileged users share the same credentials
Cindy Compert,CIPT/M
@AdrianLane a2 or claims it can and does not scale. Unmanageable mess
Luis Casco-Arias
working with large heterogeneours environments, with people and data changing all the time
AdrianLane
A2: Even then, using right data source or write policies
Cindy Compert,CIPT/M
a2 and know your 'good
Luis Casco-Arias
Understanding where sensitive data is, and how to protect it.
Cindy Compert,CIPT/M
a2 and know your good from bad activity. Don't block good stuff!
Luis Casco-Arias
Being able to react to a possible threat in real time.
Luis Casco-Arias
scoping the problem to only mitigating the essential risks
Cindy Compert,CIPT/M
a2 @cascoarias if you're not realtime, it's like driving using the rear view mirror. You're gonna crash!
Deepak Seth
Finding technology solutions that can span the entire landscape of applications which a company may have
Cindy Compert,CIPT/M
@SetDeep right you are- the most difficult especially new technology like HADOOP and Spark
Leslie Wiggins
... and that are able to protect sensitive data and integrate with entitlement management solutions
Deepak Seth
most organizations have a smorgasbord of applications spanning from mainframe based to on the cloud linked together by a veritable spaghetti bowl of interfaces
Deepak Seth
any security application needs to seamlessly span the entire gamut as the "insider" criss-crosses across these
IBM Security
Q4: How can Guardium help stop insider threats?
Deepak Seth
Ha Ha U tell us!
AdrianLane
A4: It's possible to monitor SAP and Oracle application events in real time
AdrianLane
A4: It's possible to monitor user activity in a SharePoint environment
AdrianLane
A4: It's possible to monitor file access - It's possible to see Hive queries in NoSQL
AdrianLane
A4: DAM let's you monitor and tie all that together
Deepak Seth
does it have alerts and notifications
Leslie Wiggins
A4: Guardium helps with the automated discovery and classification of sensitive data -- so you know what you need to protect.
Leslie Wiggins
@SetDeep Guardium has the ability to spot abnormal behavior and to block access and/or send alerts
Deepak Seth
does it have some predictive analytics capabilities helping in identifying potential threats based on patterns of events
AdrianLane
@SetDeep All DAM platforms do - it's basic - email, SMS and console alters. And filter repeats.
Luis Casco-Arias
it also helps you understand the entitlement privileged users have to that data
AdrianLane
Sorry - Database Activity Monitoring == DAM
Leslie Wiggins
@SetDeep Guardium has analytics and machine learning built in
Luis Casco-Arias
also helps look at forensics on the access to all sensitive data, and assess the amount of risk you may have.
Luis Casco-Arias
It enables organization to craft a risk mitigation strategy for the static data
Deepak Seth
whats its track record been at places where it is at work
Luis Casco-Arias
Then it can monitor in real time tor instant mitigation of dynamic risk (how people access the data)
Deepak Seth
false-positives etc
AdrianLane
@SetDeep A4: Not predictive per se, bu behavioral, metadata analysis, semantic and a couple others
Luis Casco-Arias
It can even identify anomalous behavior through machine learning algorithms and outlier detectino
Luis Casco-Arias
And finally, you can protect the sensitive data access with alerting, logging, blocking, quarantining, or masking data dynamically
AdrianLane
@SetDeep A4: Depends - very in cases of data misuse. SQL injection depends
Deepak Seth
"Blame it on Watson" ;-)
IBM Security
Q3: Do you have any surprising customer scenarios to share about insider threats? and/or What are the most surprising questions you've had to deal with on this topic?
Cindy Compert,CIPT/M
A DBA who was caught colluding with a mortgage broker and we found the activity during a proof of concept
Luis Casco-Arias
one was sure they understood exactly where their sensitive data was, until we did the POC and discovered 113 servers with sensitive data
Leslie Wiggins
@cascoarias that would be eye opening!
AdrianLane
Hospital employees selling info on celebrity patients
Luis Casco-Arias
another customer stopped the POC because we found too many privileged user vulnerabilities, and politely asked us to leave until they fixed the issue.
AdrianLane
Remember - Worldcom CEO/CFO fraud was exposed though database activity
Cindy Compert,CIPT/M
a3 a Data Warehouse project , another pilot, where we found contractors sharing the Netezza Admin credential. Baaaaaad.
Luis Casco-Arias
On a briefing a CIO looked intensively at their IT manager when we pointed out that 65% of enterprises do not know what their DBA are doing.
AdrianLane
Yes - CrowdChat is turing funny colors
Leslie Wiggins
@CCBigData Which just underscores the need to know what people are doing with their credentials!
Patricia Diaz
@CCBigData Yikes. Making real time monitoring that much more important!! #InfoSecChat
Luis Casco-Arias
Target discovered that an extra 70M customers records were stolen many months ago, only after taking the time to look at audit records. They could have found it with real time monitoring.