Real-world insider threats causing the most harm go well beyond news headlines or Hollywood stories. For example, what about the system administrator caught selling corporate data to acquisition targets? Or the employee caught trying to steal a manufacturing process formula and client lists, and who sent confidential information to other employees? How were they caught, how quickly could your organization be breached by malicious insiders like these, and how could your team find them? Threat hunters are often tasked with looking for attackers' tools, techniques and procedures, but how can your team look for malicious insiders? Join us for this session as we discuss the techniques used during specific investigations that helped uncover these insider threats. We'll get inside the minds of various kinds of malicious insiders -- from the leaker, to the blackmailer, to the snooper, to the wannabe spy - and why every organization needs to expand threat hunting to insiders like them.
My talk will cover: Real vs. Hollywood insider threats. During the talk, I will show instances of insider threats from around the world including two specific cases I have worked over the years where I caught insider threats. We'll talk about what they took, how they took it and how we were able to catch them. These examples will reinforce my talk with personal experiences. Case No. 1 will be the story of a rouge system administrator who was selling info to acquisition targets. Case No. 2 will review a case where an employee was trying to steal the formula for a manufacturing process and client lists, as well as trying to damage the employer by sending confidential info to employees.
David Balcar, Security Strategist, Carbon Black