Overview
Explore the concept of insider threats in cybersecurity through this 21-minute conference talk from BSidesLV 2014. Delve into the insider threat kill chain and learn to identify human indicators of compromise. Examine various aspects of insider threats, including admin privileges, intentions, and prevention strategies. Discover the importance of log intelligence and analytics, understanding what to log and real-world logging challenges. Analyze a power company case study, discuss intrusion detection systems within networks, and explore the intersection of physical and digital security. Gain insights into future threats and the implications of lazy logging practices in organizational cybersecurity.
Syllabus
Intro
I AM THE INSIDER THREAT
ADMIN BREAKING BAD
INSIDER THREAT INTENTIONS
INSIDER THREAT KILL CHAIN
PREVENT: HUMAN INDICATORS OF COMPROMISE
PREVENT: HUMAN TO MACHINE INDICATORS
PREVENT & DETECT
LOG INTELLIGENCE & ANALYTICS
WHAT TO LOG?
LOGGING REAL PROBLEMS
CASE STUDY: POWER COMPANY
IDS Inside The Network
Physical Security Meets Digital
Lazy Logging
Future Threats?