Guide to Protecting Against Insider Threats Problem: Protecting against insider threats Information Security Blind Spots Single view that matters Quantify risks ? Business Applications Preventive application monitoring Eliminate false-positives ERPs Procurement Human Resources Customer Relationship … Infrastructure Storage Servers Databases Network Devices Identity Mgmt Email / Gateway Physical Information Security (SOC) © Greenlight Technologies. All rights reserved. 2 Protecting against insider threats – how we think it should be done Visibility from the inside out Single view that matters Business Applications ¥ Quantify risks TRANSACTIONS Preventive application monitoring Eliminate false-positives $ € ACTIVITIES ERPs Procurement APPLICATION CHANGES AUTHORIZATIONS Human Resources Customer Relationship … SOC INTEGRATION Infrastructure Storage Servers Databases Network Devices Identity Mgmt Email / Gateway Physical Information Security (SOC) SIEM © Greenlight Technologies. All rights reserved. FINANCIAL IMPACT $ 3 How this methodology works Data Leakage Use Case Supply Chain Use Case Cross-Application Use Case 1. ≥10,000 alerts and millions of transactions / day 1. Employee unknowingly downloads Trojan 1. Employee has access to the vendor management and AP applications 2. Endpoint & App-based solutions monitor privileged user accounts 2. USB drive used on non-critical system in product assembly network 2. Employee creates a fictitious vendor in the vendor mgmt. application 3. Account access to customer records increases from 100 per day to 1000+ 3. Malware installed on multiple systems 3. Multiple invoices created and paid in amounts under approval limit 4. App-based solution alerts security team 4. Bad actor gains remote access 4. Company implements app-based monitoring solution 5. $1M at risk because records include high value customers 5. Privileged user account tampers with inventory data 5. SoD violation detected 6. User’s access to customer records is blocked 6. Anomaly-based detection controls alert security team about changes 6. Security team alerted to the $3M loss / risk 7. Threat undetected by endpoint monitoring solution 7. $30M at risk due to potential revenue loss 7. Employee terminated, prosecuted and lost funds recovered 8. Malware quarantined and inventory corrected © Greenlight Technologies. All rights reserved. 4 Architecture to automate insider threat management… …and move from TRUST to FACTS. £ €$ ALL APPLICATIONS ALL USERS ¥ ¢ ALL TRANSACTIONS ALL RISKS Act on Business Activity Manage by Exception Monitor Applications Govern Access ERP Access Analysis Financial Reporting Controls SOD / SOX / ICFR Cloud User Access Review IT General Controls IT Security / Data Privacy Legacy Z Compliant Provisioning Continuous Monitoring Industry Regulations Enterprise Systems Manage Privileged Users Anomalous Behavior Financial Performance …and more Real-time Connection “Can Do” Analysis “Did Do” Analysis …and more Risk Awareness …ALL THE TIME © Greenlight Technologies. All rights reserved. 5 How insider threat management solutions integrate applications is critical Translate business activities - Identify / normalize business functions - Map users, roles, transactions and activities Connect directly to all applications - Native API - Read / Write - Real-time © Greenlight Technologies. All rights reserved. 6 Value realized by this approach $ Reduce Time & Cost 80 +% Reduction in personnel time Monitor Everything 100 % All transactions / risks monitored Protect the Business 60-80 % “…of data breaches are due to insiders.” 2018 Cost of Insider Threats: Global, Ponemon Institute 95 % Less data to review than looking at what risky users “could do” 100 + Native, direct, real-time, off-the-shelf integrations 5of % Revenue “…Is lost due to fraud.” Association of Certified Fraud Examiners A unified view of security, risk and compliance in terms the business can understand and act on. © Greenlight Technologies. All rights reserved. 7 Here are some success stories we’re proud of ENERGY TECHNOLOGGY OIL & GAS LIFE SCIENCES MANUFACTURING RETAIL FINANCIAL CHEMICAL © Greenlight Technologies. All rights reserved. 8 Monitor Everything. Act On What Matters.
