silentrunner _08-34_ by MarijanStefanovic

VIEWS: 14 PAGES: 8

									            Protecting Your Information:
                 The Insider Threat




      What is                        
                         SilentRunner
  •   SilentRunner is an internal network security tool designed to
      detect and report the high percentage of network threats from
      inside the system by users who already have access to the
      information (authorized or unauthorized).
                          The Insider Security Threat




                                              TOP
                                            SECRET




INFORMATION THEFT              ⇒
   DETECTION




                                                                       1
                           Background
•A team of engineers believed that the internal portion of the network would need
the same levels of protection as the external (stop the bad guys from getting in)
and that this area was not being looked at. Yet 50%, 70%, or 80% of the actual
breaches were internally based depending on whether you quote IDC, Price
Waterhouse, or Anderson studies.


             
•SilentRunner was built by Raytheon and was in development by a team of high
level developers for over 5 years creating 25 different algorithms for
sophisticated analysis.


                
•SilentRunner was NOT built for a specific customer or for a specific market. It
is totally horizontal and focused to solve the Internal Protection issue for all
Commercial customers as well as all segments of Government (Local, State, &
Federal). Can address health cares HIPAA compliance and finances GLB compliance issues


              
•SilentRunner was released in June ‘00. Most customers do not go public but
some that have are Deloitte and Touche, TruSecure, and Price Waterhouse. Many
of our current customers are household names in banking, finance,
pharmaceutical, health care, and in all areas of government including the DoD
and Intelligence.




                        The Threat
              Source of Security Threats
              Authorized employees                         58%
              Unauthorized employees                       24%
              Former employees                             13%
              Hackers or terrorists                        13%
              Competitors                                   3%

                            1500 Corporations Surveyed by
                           PricewaterhouseCoopers in 1999
 27%

          73%                        Experienced a security
                                     breach in the past year

  In 2000, Fortune 1000 companies sustained $66.7 billion in
                 losses of intellectual property




                                                                                         2
 What is               The Insider Threat?
                                                             Intrusion Detection = Notification of
                                                             users/hackers attempting to gain
                                           Server            access to devices

                                                                   Firewall = Control user in/outbound
                                                                   network access




                                                                                     Internet
                                                            Firewall
                                          IDS




                                                                                The Threat




            
SilentRunner = detects user access to and movement of vital company information




   Network Security Breaches
    Financial Theft
    Financial Data, Financial Portfolios, Investment Portfolios, Merger and
    Acquisition Data, Identity Theft

    Intellectual property nsurance Industry:
    Patient records, Medical Records, HIPAA Compliance

    High Tech/Biotech
    Intellectual Property, Customer Lists

    Utilities
    Confidential Information, Spot Market Prices, Terrorist Threat

    E-Commerce
    Financial Transanctions, B2B Information protection, Log Analysis



 INFORMATION THEFT                                                ⇒
   DETECTION




                                                                                                         3
                                 The Solution
  • The Discovery, Analysis, and
  Visualization capabilities of
  SilentRunner™ will allow users to:

  x Protect intellectual property and
        confidential information
  y     Detect misuse/abuse of network assets
  z     Gather meaningful information for risk
        assessments and audits
  {     Conduct network forensics & other
        investigations
  |     Exploit current security technology, i.e.
        firewall & IDS logs




          x Protect Intellectual Property &
                       Confidential Information
  Intellectual property IS your business
               •Trade secrets and patents
               •Financial data
               •Confidential records (client lists, patient records, investment portfolios,
                merger/acquisition info, etc.)
               •Technical data


             
SilentRunner protects and detects the                                   Blind and Concept
flow of your information and thus                                       based context analysis
allows you to be assured that your
private data stays where it should or if
it goes out you know exactly where,
when, by whom, and what content went.
To protect this mission critical data:
•Analyze context to identify usage and movement of intellectual
 property.
•Track connection paths throughout the network and identify the users
•Identify source/destination of data movement on the transmission
 paths
•Identify the type of applications and data, along with the content
•Provide visual depiction of the events to enable rapid response




                                                                                                 4
                 y Detect misuse/abuse of
                                 Network Assets
SilentRunner    allows   you    to
determine if network abuse or misuse
is taking place and affecting your
resources, etc.

• Visually identify activity on the network, normal or
 abnormal

• Analyze utilization and thresholds to identify areas of
 potential misuse

• Content/context analysis to identify inappropriate
 transmission of information




            z Risk Assessments & Audits

                   
     SilentRunner allows you to risk assess
     your network and to do so on a constant
     real-time basis.

       • Dynamic validation of policies and procedures
       • Establish baselines for system assessments and audits
       • Analyze trends over time to detect subtle abnormalities
       • Profile behavioral characteristics to detect changes, and misuse



              Policy Examples
                     All servers must be hardened to eliminate files that are not needed
                     All passwords must be 6 characters
                     No access to XXX sites allowed
                     Email policy covers appropriate uses
                     Confidential documents cannot be sent via the Internet




                                                                                           5
        { Computer Network Forensics
              
 SilentRunner is able to provide forensic capability very quickly while
 maintaining full data integrity. Designed with help from law
 enforcement and with the use of Time Stamping, Sequencing &
 Playback, the forensics capability is unsurpassed.

•Drastically reduce the time required
for investigations
      "Finding answers quickly is what
      distinguishes our forensics labs from
      many," said Mr. Altschuler of
      Deloitte & Touche.

• Sequence, view and playback
events to determine the extent of the
security problem under investigation,
and assess actual damage

• Output the data in acceptable
format for evidentiary exhibit

•Must be admissible in court cases




   | Exploit Current Security Technology

               
 SilentRunner is able to complement other security devices by taking
 the output logs from IDS’s, Firewalls, and even Syslogs and correlating
 them and playing them back on a single 3-D screen. Hundreds of thousands
 of log entries can be seen on a single screen.



•Minimize human resources costs

•Detect subtle & masked events

•Correlate into a visual pattern

• Narrow the search to quantify
  “false positives”




                                                                            6
                   
   How SilentRunner Works
♦The DISCOVERY ENGINE collects everything at packet level and data is parsed in various
ways……virtual maps, ontology’s, etc. in order to set the data up for the ANALYSIS ENGINE.




♦The ANALYSIS ENGINE uses the 25 proprietary algorithms to sort and analyze in preparation for
handoff to the VISUALIZATION ENGINE.

♦We take these tremendous amounts of data and using the VISUALIZATION ENGINE we draw
pictures in order to make the tool easy to use and understand.




                      Discovery, Visualization, and Analysis




        SilentRunner Benefits
    Assists in protecting your vital information; detects illicit activity

    Shows who is viewing/moving information, what is being viewed/moved,
    where it is being moved to, and when it occurred

    Session recorder for complete re-assembly and content viewing for
    analysis (Email, FTP, Telnet, HTTP, NNTP, etc.)

    Ability to sequence events as they happened and play back

    Risk assessments

    Network activity can be viewed as it happens or recorded for analysis later

    Virtually undetectable to anyone seeking unauthorized access



 INFORMATION THEFT                                            ⇒
   DETECTION




                                                                                                 7
                                   Summary
SilentRunner can provide total network security
   when combined with external protection such as
   firewalls and intrusion detection systems.


External Network Security:
            Firewall = control user in/outbaound network access
            IDS = notification of device logon attempts (attacks)



Internal Network Security:
            SilentRunner = detects user access to and movement of vital
                                     company information




                              Conclusion
                        External                                                 Internal
                                                                           Your Corporate Network
                                                       Intrusion
                                   Firewalls           Detection


         Internet
                                                                       E-Commerce             Finance
                                                                        Human             Intellectual
                                                                       Resources           Property




  With so much at stake, identifying and containing the threat to your information is critical to the
  health of your organization.

                     
       **SilentRunner is similar to insurance to help protect
       your valuable information and if your information is
       worth more than the cost of SR, you need it.**




                                                                                                         8

								
To top