combatting insider threats - a digital forensic approach€¦ · stephen can code just enough to be...
Post on 02-Oct-2020
3 Views
Preview:
TRANSCRIPT
23 September 2020
Combatting Insider Threats -A Digital Forensic Approach
2Combatting Insider Threats – A Digital Forensic Approach© 2020. For information, contact Deloitte Asia Pacific. Combatting Insider Threats – A Digital Forensic Approach© 2020. For information, contact Deloitte Asia Pacific.
Your panel today
Paul leads Deloitte’s Digital Forensic
practice in Australia and works on
collaboration projects with clients
throughout APAC and globally.
Working with clients he focuses on
the provision of forensic technology
services in relation to internal
investigations, data security
breaches, incident responses, data
theft, litigation, and regulatory
enquiries. Over the past 22 years he
has testified as an expert witness in
digital forensics in multiple
jurisdictions.
Paul TaylorPartner
Deloitte AustraliaBased in Sydney
Email: ptaylor@deloitte.com.au
Phone: +61 402 091 218
Brian leads Deloitte’s Cyber & Digital
Forensic services in China and
coordinates the same for the Asia-
Pacific region. He works closely with
professionals across the region to
provide unified and integrated Cyber
& Digital Forensic solutions to
clients, with a focus on insider
threats and data breach
investigations. Brian has lived and
worked for nearly a decade in China
while focusing on technology-based
solutions for compliance related
concerns.
Brian WilsonPartner
Deloitte ChinaBased in Hong Kong
Email: brianwilson@deloitte.com.hk
Phone: + 852 6800 0590
Stephen StewartCTO
NuixBased in Philadelphia
Stephen focuses on the convergence
of product, technology and
customer need to help solve difficult
data challenges. Stephen has been
the CTO at Nuix for over 12 years,
with previous experience at EMC
and Commvault where he was a
subject matter expert on enterprise
archiving, compliance and discovery.
Stephen can code just enough to be
dangerous and is constantly pushed
the boundaries of where Nuix
Technology can be applied to all
manner of data smashing
challenges.
Email: Stephen@nuix.com
Phone: +1 215 780 1107
Donna focuses on conducting
forensic technology led
investigations into fraud, corruption
and misconduct in the private and
public sector. Donna works with
clients and legal counsel to conduct
independent investigations on
behalf of organisations, often
involving senior executives and
serious allegations. Donna utilises
leading Forensic Technology tools to
undertake investigations for civil or
criminal proceedings.
Donna ThomsonPrincipal
Deloitte AustraliaBased in Sydney
Email: dthomson@deloitte.com.au
Phone: +61 429 407 794
© 2020. For information, contact Deloitte Asia Pacific. 3Combatting Insider Threats – A Digital Forensic Approach
Agenda
Development of Digital Forensic Insider Threat – DFIT
Application of DFIT
Employee Exits
Confidential Information Theft
Analysing Digital Behaviour
Q&A Session
Upcoming webinars
4Combatting Insider Threats – A Digital Forensic Approach© 2020. For information, contact Deloitte Asia Pacific.
Establishing fact as part of ongoing compliance, investigation and litigation matters
01. Development of Digital Forensic Insider Threat Offering – DFIT powered by Nuix
A HighlyDistributedWorkforce
CreatesChallenges
Capture digital evidence before it is lost and make intelligence-led decisionsthat preventcrises
Sensitive data is increasing
No physical or social office based controls
Around-the-clock access
Increase in peopleAdvanced evidence captures
(keystrokes, screen, printer)
Adaptable ruleset for
specific issues
Data privacy centric
workflow
Unified investigation tool
(data in one place)
5Combatting Insider Threats – A Digital Forensic Approach© 2020. For information, contact Deloitte Asia Pacific.
Current trends, insights, and leading practices
02. Application of DFIT
INSIDER THREAT
Employee Pre Departure
Reporting
Regulatory Response
Internal Compliance
InvestigationsLitigation
M & A
CI Theft
6Combatting Insider Threats – A Digital Forensic Approach© 2020. For information, contact Deloitte Asia Pacific.
Current trends, insights, and leading practices
03. Employee Exits
Employer Initiated Employee Initiated
• Resignation of key staff• Internal whistleblower• Suspicious network activity
• Economic downturn• Restructure• Performance change• Internal misconduct
DFIT – Powered by Nuix
Post Departure Preservation
• Forensic preservation of devices• Preservation of network data• Digital forensic timeline reconstruction
7Combatting Insider Threats – A Digital Forensic Approach© 2020. For information, contact Deloitte Asia Pacific.
Current trends, insights, and leading practices
04. Confidential Information Theft
Confidential Information Leak
Plan of attack
Knows systems and data
Has an exit strategy
Has monetization goal
Covers tracks
Personal cloud
Pictures
BlueTooth
Home printers
External devices
WiFi routers
Emails to personal accounts
Confidential Information Theft
8Combatting Insider Threats – A Digital Forensic Approach© 2020. For information, contact Deloitte Asia Pacific.
Proactive solutions to insider threats and the future of cyber investigations
05. Analysing Digital Behaviours
Enterprise Endpoint Detect & Response
• Patent-pending Logic Rules Engine detects and protects your Windows, MacOS, and Linux endpoints from threats
• Detect suspicious behavior in real time and respond automatically
Insider Threat Telemetry
• Visibility into all activities on an endpoint with a focus on the human behind the keyboard
More than just monitoring
• Block behaviors, instant network isolation, systematic deception, hash lists, white/blacklist domains, Windows Defender integration
Forensic Collections
• Collect and forensically preserve full images or target specific files and folders
Single, Lightweight Extensible Agent
Seamlessly bridge the gap between traditional endpoint security and corporate investigations and legal review
Digital Behaviors / Events
• Sessions, Removable Media, Print, Key Logs, Clipboard, URLs• Registry, Deceptions, Files, Loaded Modules, Processes, Network, Namespace Queries
Default Rules + Fully Customizable Logic Engine
• Command & Control, Credential Access, Deception, Defense Evasion, Discovery, Execution, Exfiltration, Insider Threat, Lateral Movement, Persistence, Spearfishing
© 2020. For information, contact Deloitte Asia Pacific. 9Combatting Insider Threats – A Digital Forensic Approach
Q&A Session
© 2020. For information, contact Deloitte Asia Pacific. 10Combatting Insider Threats – A Digital Forensic Approach
Thank you
Up coming webinars
Webinar When
Breach investigations January 2021
Nuix Discover® March 2021
© 2020. For information, contact Deloitte Asia Pacific.
About DeloitteDeloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more.
Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organization”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 312,000 people make an impact that matters at www.deloitte.com.
Deloitte Asia Pacific Limited is a company limited by guarantee and a member firm of DTTL. Members of Deloitte Asia Pacific Limited and their related entities, each of which are separate and independent legal entities, provide services from more than 100 cities across the region, including Auckland, Bangkok, Beijing, Hanoi, Hong Kong, Jakarta, Kuala Lumpur, Manila, Melbourne, Osaka, Seoul, Shanghai, Singapore, Sydney, Taipei and Tokyo.
The Deloitte brand entered the China market in 1917 with the opening of an office in Shanghai. Today, Deloitte China delivers a comprehensive range of audit & assurance, consulting, financial advisory, risk advisory and tax services to local, multinational and growth enterprise clients in China. Deloitte China has also made—and continues to make—substantial contributions to the development of China's accounting standards, taxation system and professional expertise. Deloitte China is a locally incorporated professional services organization, owned by its partners in China. To learn more about how Deloitte makes an Impact that Matters in China, please connect with our social media platforms at www2.deloitte.com\cn\en\social-media.
This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms or their related entities (collectively, the “Deloitte organization”) is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser.
No representations, warranties or undertakings (express or implied) are given as to the accuracy or completeness of the information in this communication, and none of DTTL, its member firms, related entities, employees or agents shall be liable or responsible for any loss or damage whatsoever arising directly or indirectly in connection with any person relying on this communication. DTTL and each of its member firms, and their related entities, are legally separate and independent entities.
top related