Overview
Explore the concept of insider threats in cybersecurity through a comprehensive conference talk that delves into the Insider Threat Kill Chain and human indicators of compromise. Learn about admin privileges abuse, insider threat intentions, and prevention strategies. Discover the importance of log intelligence and analytics, including what to log and how to create effective correlation rules. Examine real-world logging problems and a case study involving a power company. Gain insights into integrating physical and digital security measures, addressing lazy logging practices, and preparing for future threats in the evolving landscape of insider threat detection and prevention.
Syllabus
Intro
I AM THE INSIDER THREAT
ADMIN BREAKING BAD
I'm On A Boat
INSIDER THREAT INTENTIONS
INSIDER THREAT KILL CHAIN
PREVENT: HUMAN INDICATORS OF COMPROMISE
PREVENT: HUMAN TO MACHINE INDICATORS
PREVENT & DETECT
LOG INTELLIGENCE & ANALYTICS
WHAT TO LOG?
Correlation Rules
LOGGING REAL PROBLEMS
CASE STUDY: POWER COMPANY
IDS Inside The Network
Physical Security Meets Digital
Lazy Logging
Future Threats?
Taught by
BSidesLV