Tanium on Latest Emerging Threats
Melissa Bischoping, Tanium‘s director of endpoint security research, was on hand at RSA to talk about the latest emerging threats.
“Everyone likes to think about it as the most sophisticated and the crazy, and the stuff coming through the skylights,” she said. “But for me, top of mind is insider threats and supply chain vulnerability. Supply chain vulnerability, both with reused third-party and open-source code, but also implanted malicious code. So I think … having a software bill of materials as part of your asset management shortens the time it takes to say, ‘Are we good?’ With insider threats, we’re not going back to the office full time anytime soon, so people are using their devices, they’re mobile and they’re working out of coffee shops. That gives additional opportunities for data to exist in places maybe you don’t know or don’t trust. So knowing where your data is and how it’s moving, even when it’s outside the confines of your physical network, is a big part of managing that insider threat risk.”
Insider threats are both deliberate and accidental, Bischoping said.
“When we look at insider threats, we talk about that from different angles,” she said. “So you’ve got the insider who might be accidental. Maybe they don’t understand that they plugged a USB device in that wasn’t trusted or wasn’t approved. Or maybe they accidentally left an unlocked device somewhere insecure. But then you also have the malicious insiders. Maybe they were hired specifically by an adversary to infiltrate your environment, or maybe they’re seeking to take revenge or they feel like they’ve been wronged. Maybe they’ve got a financial motivation and they want to sell your sensitive data. So those can come from different angles. More often than not, the accidental insider threat can be just as damaging to loss of intellectual property and loss of data.”
Asset visibility is the biggest problem among organizations, Bischoping said.
“So many times I talk to organizations and they can’t tell me exactly how many endpoints or exactly what type of software is in their environment,” she said. “So it’s comprehensive visibility and then real-time understanding of change. Did you know that that data changed location at the time that it did? You can’t audit it a quarter later and go back. So I think that real-time visibility is always paramount. And then understanding how data flows through your network normally, what is your baseline of how data moves across your applications and your endpoints, and detecting deviations from that?”
Bischoping said she is seeing some encouraging signs.
“I’m seeing more and more C-levels have conversations about that,” she said. “There’s a lot more awareness of it. And I think that’s been one of the most promising things. Educating the executive leadership is making better decisions in how we build architecture and how we actually engineer the solution.”