23 September 2020

Combatting Insider Threats -A Digital Forensic Approach

2Combatting Insider Threats – A Digital Forensic Approach© 2020. For information, contact Deloitte Asia Pacific. Combatting Insider Threats – A Digital Forensic Approach© 2020. For information, contact Deloitte Asia Pacific.

Your panel today

Paul leads Deloitte’s Digital Forensic

practice in Australia and works on

collaboration projects with clients

throughout APAC and globally.

Working with clients he focuses on

the provision of forensic technology

services in relation to internal

investigations, data security

breaches, incident responses, data

theft, litigation, and regulatory

enquiries. Over the past 22 years he

has testified as an expert witness in

digital forensics in multiple

jurisdictions.

Paul TaylorPartner

Deloitte AustraliaBased in Sydney

Email: ptaylor@deloitte.com.au

Phone: +61 402 091 218

Brian leads Deloitte’s Cyber & Digital

Forensic services in China and

coordinates the same for the Asia-

Pacific region. He works closely with

professionals across the region to

provide unified and integrated Cyber

& Digital Forensic solutions to

clients, with a focus on insider

threats and data breach

investigations. Brian has lived and

worked for nearly a decade in China

while focusing on technology-based

solutions for compliance related

concerns.

Brian WilsonPartner

Deloitte ChinaBased in Hong Kong

Email: brianwilson@deloitte.com.hk

Phone: + 852 6800 0590

Stephen StewartCTO

NuixBased in Philadelphia

Stephen focuses on the convergence

of product, technology and

customer need to help solve difficult

data challenges. Stephen has been

the CTO at Nuix for over 12 years,

with previous experience at EMC

and Commvault where he was a

subject matter expert on enterprise

archiving, compliance and discovery.

Stephen can code just enough to be

dangerous and is constantly pushed

the boundaries of where Nuix

Technology can be applied to all

manner of data smashing

challenges.

Email: Stephen@nuix.com

Phone: +1 215 780 1107

Donna focuses on conducting

forensic technology led

investigations into fraud, corruption

and misconduct in the private and

public sector. Donna works with

clients and legal counsel to conduct

independent investigations on

behalf of organisations, often

involving senior executives and

serious allegations. Donna utilises

leading Forensic Technology tools to

undertake investigations for civil or

criminal proceedings.

Donna ThomsonPrincipal

Deloitte AustraliaBased in Sydney

Email: dthomson@deloitte.com.au

Phone: +61 429 407 794

© 2020. For information, contact Deloitte Asia Pacific. 3Combatting Insider Threats – A Digital Forensic Approach

Agenda

Development of Digital Forensic Insider Threat – DFIT

Application of DFIT

Employee Exits

Confidential Information Theft

Analysing Digital Behaviour

Q&A Session

Upcoming webinars

4Combatting Insider Threats – A Digital Forensic Approach© 2020. For information, contact Deloitte Asia Pacific.

Establishing fact as part of ongoing compliance, investigation and litigation matters

01. Development of Digital Forensic Insider Threat Offering – DFIT powered by Nuix

A HighlyDistributedWorkforce

CreatesChallenges

Capture digital evidence before it is lost and make intelligence-led decisionsthat preventcrises

Sensitive data is increasing

No physical or social office based controls

Around-the-clock access

Increase in peopleAdvanced evidence captures

(keystrokes, screen, printer)

Adaptable ruleset for

specific issues

Data privacy centric

workflow

Unified investigation tool

(data in one place)

5Combatting Insider Threats – A Digital Forensic Approach© 2020. For information, contact Deloitte Asia Pacific.

Current trends, insights, and leading practices

02. Application of DFIT

INSIDER THREAT

Employee Pre Departure

Reporting

Regulatory Response

Internal Compliance

InvestigationsLitigation

M & A

CI Theft

6Combatting Insider Threats – A Digital Forensic Approach© 2020. For information, contact Deloitte Asia Pacific.

Current trends, insights, and leading practices

03. Employee Exits

Employer Initiated Employee Initiated

• Resignation of key staff• Internal whistleblower• Suspicious network activity

• Economic downturn• Restructure• Performance change• Internal misconduct

DFIT – Powered by Nuix

Post Departure Preservation

• Forensic preservation of devices• Preservation of network data• Digital forensic timeline reconstruction

7Combatting Insider Threats – A Digital Forensic Approach© 2020. For information, contact Deloitte Asia Pacific.

Current trends, insights, and leading practices

04. Confidential Information Theft

Confidential Information Leak

Plan of attack

Knows systems and data

Has an exit strategy

Has monetization goal

Covers tracks

Personal cloud

Pictures

BlueTooth

Home printers

External devices

WiFi routers

Emails to personal accounts

Confidential Information Theft

8Combatting Insider Threats – A Digital Forensic Approach© 2020. For information, contact Deloitte Asia Pacific.

Proactive solutions to insider threats and the future of cyber investigations

05. Analysing Digital Behaviours

Enterprise Endpoint Detect & Response

• Patent-pending Logic Rules Engine detects and protects your Windows, MacOS, and Linux endpoints from threats

• Detect suspicious behavior in real time and respond automatically

Insider Threat Telemetry

• Visibility into all activities on an endpoint with a focus on the human behind the keyboard

More than just monitoring

• Block behaviors, instant network isolation, systematic deception, hash lists, white/blacklist domains, Windows Defender integration

Forensic Collections

• Collect and forensically preserve full images or target specific files and folders

Single, Lightweight Extensible Agent

Seamlessly bridge the gap between traditional endpoint security and corporate investigations and legal review

Digital Behaviors / Events

• Sessions, Removable Media, Print, Key Logs, Clipboard, URLs• Registry, Deceptions, Files, Loaded Modules, Processes, Network, Namespace Queries

Default Rules + Fully Customizable Logic Engine

• Command & Control, Credential Access, Deception, Defense Evasion, Discovery, Execution, Exfiltration, Insider Threat, Lateral Movement, Persistence, Spearfishing

© 2020. For information, contact Deloitte Asia Pacific. 9Combatting Insider Threats – A Digital Forensic Approach

Q&A Session

© 2020. For information, contact Deloitte Asia Pacific. 10Combatting Insider Threats – A Digital Forensic Approach

Thank you

Up coming webinars

Webinar When

Breach investigations January 2021

Nuix Discover® March 2021

© 2020. For information, contact Deloitte Asia Pacific.

About DeloitteDeloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more.

Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organization”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 312,000 people make an impact that matters at www.deloitte.com.

Deloitte Asia Pacific Limited is a company limited by guarantee and a member firm of DTTL. Members of Deloitte Asia Pacific Limited and their related entities, each of which are separate and independent legal entities, provide services from more than 100 cities across the region, including Auckland, Bangkok, Beijing, Hanoi, Hong Kong, Jakarta, Kuala Lumpur, Manila, Melbourne, Osaka, Seoul, Shanghai, Singapore, Sydney, Taipei and Tokyo.

The Deloitte brand entered the China market in 1917 with the opening of an office in Shanghai. Today, Deloitte China delivers a comprehensive range of audit & assurance, consulting, financial advisory, risk advisory and tax services to local, multinational and growth enterprise clients in China. Deloitte China has also made—and continues to make—substantial contributions to the development of China's accounting standards, taxation system and professional expertise. Deloitte China is a locally incorporated professional services organization, owned by its partners in China. To learn more about how Deloitte makes an Impact that Matters in China, please connect with our social media platforms at www2.deloitte.com\cn\en\social-media.

This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms or their related entities (collectively, the “Deloitte organization”) is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser.

No representations, warranties or undertakings (express or implied) are given as to the accuracy or completeness of the information in this communication, and none of DTTL, its member firms, related entities, employees or agents shall be liable or responsible for any loss or damage whatsoever arising directly or indirectly in connection with any person relying on this communication. DTTL and each of its member firms, and their related entities, are legally separate and independent entities.