Detectar los hackers internos en la organización con Ziften.com - Seguridad Mania.com - España y América Latina

Industry statistics point to 1 in 5 enterprise breaches involve insider actions. Insider threats are often the costliest and most disruptive to an enterprise - even highly secure enterprises (think Edward Snowden). According to the FBI, “the thief who is harder to detect and who could cause the most damage is the insider—the employee with legitimate access.” With the insider there is no malware necessary, no access rule violations, no credentials theft, no command and control traffic, no firewall intrusions. Your enterprise is mounting a Maginot Line defense against the knowledgeable insider, gun emplacements facing away from the real threat, easily bypassed. Security is breached, critical data is exfiltrated, and any data privacy is vaporized as your most sensitive data assets appear for sale on the dark web, while embarrassing revelations are leaked online, making headline news, triggering investigations and resignations. In this episode in the Threat Hunting series, we will review: - The insider threat defense futility of traditional security placebos - Essential visibility for effective user and endpoint activity monitoring - Sensor and effector instrumentation to quickly observe and promptly thwart malicious insider activity - Instrumentation customization for enterprise-specific tailoring - The transition from routine operations team user support to security team insider threat awareness - Spatial and temporal anomaly types associated with insider threats - The FBI’s insider threat kill chain - The importance of forensic lookback - Exfiltration routes favored by insiders