Insider Threat Assessments: A methodology for improving insider threat deterrence and detection

Presented at Global AppSec - DC 2019, Sept. 12, 2019, 11:30 a.m. (45 minutes).

Giving organizations a proactive, situational procedure to validate their insider threat program reduces gaps in coverage, limits tool or service misconfigurations, helps prevent system and model oversights, and provides real world practice scenarios. Over the last decade, there has been an influx of tools, task forces, and end-to-end solutions created to supplement insider threat programs. "An effective insider threat program incorporates a number of technical controls to assist with preventing, detecting, and responding to concerning behaviors and activity" (Spooner et al, 2018). In that same white paper, the authors also indicate that organizations, at a minimum, should adopt tools from each of the following categories: user activity monitoring (UAM), data loss prevention (DLP), security information and event management (SIEM), analytics, and digital forensics. The breadth of functionality and wide array of available tools, pose a challenge to organizations looking to build or strengthen their insider threat program. Furthermore, the panacea for all insider threats does not exist and methods must be adopted that are specific to organizational assets. This presentation builds on a review of the existing insider threat tool landscape and introduces a methodology to validate configurations and coverage through a situational insider threat assessment. Insider threat kill chains, how to simulate relevant risks, and quantifying key asset identification will also be covered.

Presenters:

• Ben Stewart - Security Innovation
  Ben has grown his security skill-set through years of high profile, complex development projects, primarily in the Financial Services industry. Building and securing systems responsible for large, regulated money movements, enabling secure code review processes and pipelines, and communicating objectives to internal and external stakeholders has led to a comprehensive understanding of application, network, and system security. He takes great pride in dissecting business logic flaws and subtle attack vectors that could lead to unexpected outcomes. Once a problem is identified, he works to ensure remediation is clear and understood by all parties. A self-taught learner with sharp attention to detail, he gets as much joy from teaching a new topic as he does learning it. Ben received his bachelor's degree from the University of Connecticut where he was a member and champion of the NCAA Men's Final Four team in 2011. That drive and competitive spirit was carried over into a career in cyber security that spanned Investment Banking, Private Equity, and consumer facing investment platforms including architecting, developing, and securing systems worth hundreds of millions of dollars.

Links:

• https://globalappsecdc2019.sched.com/event/Ur5S/insider-threat-assessments-a-methodology-for-improving-insider-threat-deterrence-and-detection

Similar Presentations:

• Black Hat USA 2013 / Combating the Insider Threat at the FBI: Real-world Lessons Learned
• PancakesCon 2 (2021) Virtual / It’s not Magic! Insider Threat Detection and the Perfect Cup of Coffee
• VB2017 / From insider threat to insider asset: a practical guide