Identity Access Management: Lessons From JPMorgan’s Insider Breaches

Uploaded on 2015-08-04 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

Another former JPMorgan Chase & Co. (JPMC) employee was recently arrested by the FBI on charges of stealing customer data and trying to sell it to an undercover informant for tens of thousands of dollars.
    
Similar incidents have occurred multiple times at JPMC over the past few years. Upon closer inspection a common thread emerges from each of these incidents, JPMC’s inability to account for insider threats.  

Look For Clues

JPMC wants to trust their employees and they want them to perform their jobs with the utmost integrity. Regardless of industry, every organization must grant some employees access to its most sensitive data – such as intellectual property or information that customer’s expect will remain confidential. These include systems administrators with privileged access rights, or account representatives with access to customer data.

Monitor Identities

It’s well documented that JPMC spends over $250M a year on the cybersecurity personnel, tools and services to protect their digital assets. So while JPMC’s IT perimeter may be hardened (but not impenetrable, see 2014 mega breach), insiders must have access to privileged information to do their jobs. Hardening an organization’s external perimeter poses is a very different set of challenges than hardening the internal network. Primarily because internal networks can be configured in countless ways, with endless combinations of who has access to what systems, applications and data.

Given these challenges, the most reliable way to keep track of what insiders are doing and their movements inside the network, is to manage identities and maintain visibility into their activities.

Follow The Threat Crumbs

Containing the damage, once insiders have stolen confidential company or customer information, is extremely difficult, if not impossible. Insider threats, whether in the form of malicious employees abusing their access credentials, or simple negligence, must be detected and rooted out as quickly as possible. Monitoring activity inside the network using identities provides organizations the opportunity to discover anomalous behavior early in the kill chain.

To be successful, this approach requires a robust and well-managed identity and access management (IAM) system (disclosure: I work for a User and Entity Behavior Analytics vendor). Next, actions and behaviors of each identity must be monitored using the following contextual filters:

Who - what is user or entity’s role or the role they are emulating?
What - are they looking to access?
Where - what location are they accessing systems/data from, and what is the location are they accessing?
When - what time of day, what date, what week, month, etc.?
How – what means or technology are they using to access the network -- company-issued or personal device, public kiosk, 

Using this contextual knowledge, controlling access to information can be managed via rules-based risk scoring. This intelligence can also be used for predictive risk analysis of insiders’ behavior to detect trends and activity that require further investigation.

The JPMC breaches serve as a valuable reminder that identity-based data sources and metrics must be integrated into the threat management cycle of monitoring, detecting, analyzing and responding.

Computerworld

 

 

« Disclosure: Internet companies Face UK Tax Crackdown
Google Gives Customers Control of Encryption Keys »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Logicalis

Logicalis

Logicalis are a leading provider of global IT solutions and managed services.

Performanta

Performanta

Performanta offer a consultative approach to people, process and technology, focusing on security projects in line with adversarial, accidental and environmental business risk.

AMETIC

AMETIC

AMETIC, is the Association of Electronics, Information and Communications Technologies, Telecommunications and Digital Content Companies in Spain.

CyberOwl

CyberOwl

CyberOwl builds on cutting-edge research and combines decades of experience in developing, securing and operating large distributed systems.

Smokescreen

Smokescreen

Smokescreen's IllusionBLACK employs deception technology to detect, deflect and defeat advanced hacker attacks.

Database Cyber Security Guard

Database Cyber Security Guard

Database Cyber Security Guard (aka Don't Be Breached) informs Security Professionals and DBAs of Zero Day, Ransomware and Data Breach attacks within milli-seconds

IEEE Cyber Science and Technology Congress (CyberSciTech)

IEEE Cyber Science and Technology Congress (CyberSciTech)

CyberSciTech provides a platform for scientists, researchers, and engineers to share their latest ideas and advances in the broad scope of cyber-related science, technology, and application topics.

Nemko

Nemko

Nemko offers testing, inspection, and certification services worldwide, mainly concerning products and systems, but also for machinery, installations, and personnel.

BitNinja

BitNinja

BitNinja provides full-stack server security in one easy-to-use protection suite. Enjoy real-time protection, automatic false positive handling and threat analysis for more in-depth insights.

IntegraONE

IntegraONE

IntegraONE is a IT solutions provider offering a full range of networking and technology solutions.

Port443

Port443

Port443 specialises in providing Security Orchestration, Automation and Remediation (SOAR) "as a service".

FutureRange

FutureRange

Specialising in IT Managed Services, Cybersecurity and Digital Transformation, FutureRange experts provide professional IT services for clients throughout Ireland and beyond.

Staley Technologies

Staley Technologies

Staley Technologies is a US nationwide structured cabling, technology integrator, and Managed IT & Cyber Security provider.

Index Engines

Index Engines

Index Engines is the world’s leading AI-powered analytics engine to detect data corruption due to ransomware.

Infosec Ventures

Infosec Ventures

Infosec Ventures incubates and scales cyber security innovators that solve inefficiencies in cyber security.

TrustFour

TrustFour

TrustFour is a pioneer in workload and non-human identity security, providing innovative solutions for compliance, remediation, post quantum resiliency, and advanced threat defense.