falcongaze securetower: field experience
TRANSCRIPT
Falcongaze SecureTower: field experience
www.falcongaze.com
TALKING NUMBERS
2012 2013 2014 20150%
5%
10%
15%
20%
25%
30%
35%
By Verizon Data Breach Report, The Global State of Information Security (PWC) and Falcongaze analytics center
of them were caused by privilege abuse
55%of data breaches resulted from insider attacks
32%
RISE OF INSIDER THREATS BY LAST 4 YEARS
www.falcongaze.com
TALKING NUMBERS
$36,9bn
By Breach Level Index (Gemalto)
lost by companies around the world because of data leaks in the first half of 2015
www.falcongaze.com
STATISTICS
By Verizon Report
2012 2013 2014 20150
10000
20000
30000
40000
50000
60000
70000
80000
90000
Number of security incidents
www.falcongaze.com
Lack of control over information flows entails:
• Financial losses
• Loss of intellectual property
• Human resource outflow
• Loss of customer confidence
• Reputational harm
www.falcongaze.com
LACK OF ATTENTION TO INSIDER THREATS
ENDPOINT CONTROL AND STATISTICAL SECURITY RULE
An employee was about to leave a manufacturing company after several years of work. He decided to take sensitive corporate data he had access to with him to benefit from it at his new job. The man copied whole folders with classified company-owned data to a USB storage device. Information security officer, who operated SecureTower, received immediate notification of an incident, triggered by a statistical security rule, which analyzed the volume of data transfers within the predefined time period. Prompt response cut the insider activity down and prevented the highly valued information from flowing into competitor hands.
www.falcongaze.com
STATISTICAL SECURITY RULE TRIGGER
www.falcongaze.com
DIGITAL PRINTS
One of the largest retail networks was addressed by an international supplier with a claim. The issue was that the supplier had received a protest from another retailer about the significantly higher prices as compared to the above-mentioned company. As a response to the claim, the Supplier was forced to raise the prices for the retail network to equate with the competitor, which resulted in significant loss of revenue for the former trading company. The retail network had been running SecureTower trial for 2 weeks by that moment already. The analysis of digital prints of transferred databases uncovered a disloyal employee in procurement division, who had been transferring confidential spreadsheets with prices to the competitor company.
www.falcongaze.com
DIGITAL PRINTS
www.falcongaze.com
ROBUST REPORTING AND STATISTICS
A highly-paid employee in a web-developing company was noticed to spend 70% of his working time on youtube.com and other entertaining websites. This was disclosed when his manager was looking through personal reports on his team members, generated by SecureTower. He paid attention to the fact that there had not been a single work-related site within the TOP-10 the most visited by the employee web resources.
www.falcongaze.com
INFORMATION OF VISITED WEBSITES
www.falcongaze.com
ACTIVITY STATISTICS AND USER RELATIONS GRAPH ANALYZER
Information security team of one of the largest oil and gas companies detected a significant rise of the IM communications between two employees. Both of them had access to business-critical information but were not likely to chat much in the past. After both were taken under comprehensive control, SecureTower user relations graph analyzer disclosed the fact of regular communication of these employees with an external contact. Further investigation of their communication revealed their plan to perform a fraud operation aimed at theft and use of sensitive corporate information.
www.falcongaze.com
ACTIVITY STATISTICS AND USER RELATIONS GRAPH ANALYZER
www.falcongaze.com
CONTROL OF DATA SENT TO CLOUD STORAGES
A logistics company started suffering financial losses because of cancelled contracts. Several links in logistics chain suddenly refused to fulfill their obligations, deadlines were broken, fines were applied. The following disorder led to massive outflow of customers. The Board set up the task before Operations Security Team to deploy a functional information security product to obtain visibility on the processes inside the company and regain control on the situation. After integration of SecureTower into the corporate network the OpsSec team detected a malefactor who had been transferring all details of contracts with partners and customers to her real employer by uploading the data to a cloud storage.
www.falcongaze.com
CONTROL OF DATA SENT TO CLOUD STORAGES
www.falcongaze.com
One of national-level banks detected the fact of regular leaks, however control of all communications and analysis of the transferred data brought no results. After some brainstorming the Security Team came up to an idea that someone was probably using Tor application to anonymize his or her access to webmail and other internet resources to transfer data beyond the company perimeter. After setting up an event security rule to detect the launch of Tor.exe process, the team easily distinguished the computer which ran the application. Engaging desktop video monitoring brought rich evidence of intentional leakage of corporate data by the suspect user.
LAUNCH OF PROHIBITED APPLICATIONS CONTROL. DESKTOP VIDEO MONITORING
www.falcongaze.com
CONTROL OF LAUNCHED PROCESSES AND VIDEO MONITORING
www.falcongaze.com
Control of information flows and data leakage prevention
Monitoring of corporate loyalty
Workflows control and optimization
Operational Risk Management
Combating industrial espionage
Protection of business reputation
COMPREHENSIVE CONTROL OF COMMUNICATION CHANNELS AND PROTECTION AGAINST INSIDER THREATS
www.falcongaze.com
Protect your business withFalcongaze SecureTower
www.falcongaze.com