learn how to stop data theft before it happens
TRANSCRIPT
2
What we’ll talk about today
Challenges and costs of protecting intellectual property
Helix Threat Detection overview
Helix Threat Detection demo
Q&A
2
Charlie McLouth
Senior Director
Solutions Engineering
Chris Hoover
Global Vice President
Products & Marketing
3
The challenges of silo’ed IP
Friction between teams and design errors
Poor component reuse results in higher production costs
More delays, less efficient product delivery
Increased risk of quality issues
DevOps
code
reqs
specs
design
4
Increased risk of IP theft
DevOps
code
reqs
specs
design
Chief Security Officer
[ Even more separated ]
5
The impact of IP theft
Annual losses due to IP theft >$300B
“The greatest transfer of wealth in history”
Subsidizes competitors and foreign suppliers
Diminishes productivity growth, innovation, product advancements
6
Contributors
Consumers
Perforce Helix Platform
Flexible WorkflowsVersion control, code reviews, simple file sharing
Fast and Scalable10 to 10,000+ on each trunk
Every FileEfficiently handles large, often binary, data
EverywhereSupports geographically distributed teams
Secure Granular permissions & theft detection
CSO
7
Customer: $20B manufacturer
2 engineers stole data
1 YEAR
$1 million spentLarge security vendor failed to find anything
2 WEEKS
Easily identified the 2 engineers
Found 3 additional users stealing data in North America
Found 8 additional users stealing data outside North America
THREATDETECTION
X
8
Helix Threat Detection
Analytics Modeling
• Baselines and creates clusters
• Learns Patterns
• Learns Anomalies (unusual hours,
data volumes, application types &
more
Risk Scoring
• Risk by User
• Risk by Activity
• Risk by File
• Risk by Time
• Risk by Volume
• Risk by Method/Exit
Verification & Investigation
• Highly Readable Event Alarms
• Very Intuitive UI
• Executive Reporting
All Users
Ris
k f
rom
0 -
10
0
BEHAVIORAL ANALYTICS
2
0
5
23
Wintermute Wintermute 89
Armitage 82
Hideo 26
Maelcum 26
Molly 25
Aerol 25
Strayllight 25
Case 18
Chiba 8
Proteus 7
9
Reduces noise and false positives
Each entity maintains a persistent risk score
(user, machine, asset)
Risk scores change based on activities
Real-time aggregation of multiple events
“connects the dots” of related activities
John Smith is accessing an unusual, important file 25
… at a time of day he was almost never active 46
… and took from a source code project that has been inactive for months 80
… and is downloading more source code from more folders than his peers 96
Behavioral Risk Model
Behavioral Risk Score
Entity Risk Model
Entity Risk Score
11
Data & analytic models
Wanderer (access folders/projects)• Anomalous folder access
• Inactive folder access
Sneaker (access times)• Anomalous working hours
• Anomalous working days
Moocher (take more than post)• Anomalous total mooch• Sudden mooch• High mooch
Hoarder (anomalous take, volume, folders)• Unusual project take (2 models)• Inactive project take• Large sudden unusual take (4 models – self & group)• Large sudden unusual take - per project
(4 models – self & group)
General Models
• Activity from rare user
• Aggregate anomaly
• Persistent anomaly
Data Types
Timestamp (Date/Time)
User
Resource(Folder Structure)
Action (Give/Take)
Item Number
Client
Size
13
Provide 30 Days Log Data Run Analytics Executive Report
Timestamp
User
IP Address
Action
- Commit
- Sync
- Get
Resource folder
- File
- Path
No need to install & configure system for testing Simply provide logs to prove the product meets your use case
Anonymized
FieldsEncrypted
Results
Risk Analysis Report