protecting your ip with perforce helix and interset
TRANSCRIPT
Protecting Your IP with Perforce Helix and IntersetCharles McLouthMark BennettKima Hayuk
2
Introductions
Charles McLouth• Director of Technical Sales, Perforce
Mark Bennet• Vice President, Interset
Kima Hayuk• IP Protection Program Manager, Electronic Arts
3
Agenda
Review Helix features for Security
Review capabilities of Interset Threat Detection
Review real world case studies
A Customer’s perspective
4
Helix Features for Security
Server Security Levels• Level 3 – Ticket-based authentication (p4 login)• Level 4 – Level 3 plus Service Users required for service users
Strong passwords – At least two of the following:• The password contains uppercase letters. • The password contains lowercase letters. • The password contains nonalphabetic characters.
5
Protections
Rules for Access
6
Protections
Apply to User or Group
7
Protections
Grant/Restrict to a pattern or specific file
8
Protections
Grant/Restrict to a specific IP Address or Range
9
LDAP
Delegate Authentication to LDAP
LDAP / Active
Directory
10
LDAP
Delegate Authentication to LDAP
LDAP / Active
Directory
P4-Developers P4-Developers
Interset Threat Detection
Behavioral Analytics: Remove Noise, Focus On The Real Threat
Cover More Use Cases• Compromised Accounts• Insider Threat• Negligent User• Data At Risk, Data Theft
Focus on Highest Risks• Highest risk data assets• Highest risk machines &
devices• Highest risk users/accounts• Riskiest applications running
React Quickly• Immediate incident context• Rapid incident exploration• Flexible, multi-purpose workflow• Integrate into existing IR
process
Visi
bilit
yA
ccur
acy
Res
pons
e
Visibility: Visualizing the Attach Path
• Authentication Data• Account
Compromise
Stage: Establish Foothold, Escalate Privileges
• Repository Access & Usage Data• Account
Compromise
• Insider Threat
Stage: Internal Recon
• Data Movement• Insider Threat
• Account Compromise
• Data Movement/Theft
Stage: Stage & Exfiltrate Data
46
80
99
Accuracy: Visualize Attack Path, Analytics Assigning Risk
Security Operations Centre
Escalate Investigate Remediate
UBA is fast, accurate, and actionable
SIEM
Endpoints
AD/LDAP Connectors
ActionableInformation
SIEM
Scalable Big-Data PlatformCloud, Hybrid, or On-Premise Delivery
Security Operations• Incident context• Accounts at risk• Data at riskIT Operations• System impact• Operational riskInvestigators• Incident context• Event level record• Data compromiseHuman Resources• Employee involved• Leaver theft• Watch listLegal• Incident alert• Incident context
Data Acquisition Incident ResponseAnalysis
File 1871.3XAT
User 277
Machine HK4M
CORRELATE BASELINE ANALYZE EXPLORE
UBA PLATFORM
Structured Data
Extensible Analytics Engine
IP Repository Connectors
Real World Examples
17
A Customer Case Study
18
19
20
21
Managing Risk in the Enterprise
A Customer Perspective: Electronic ArtsKima Hayuk, IP Protection Program Manager
• EA Security & Risk Management • 18 Year EA Veteran of QA, CE & Studio Operations
• Governance: Policies & Standards• Employee Training & Awareness• Internal Security Consultant: Tools & Process• Compliance Assessment Officer• IP Related Incident Response
22
Managing Risk in the Enterprise
Electronic Arts: An IP-centric Organization• Growth by Merger & Acquisition• Heterogeneous Cultural Norms & Technology Adoption
The Challenge: How to manage IP risk while supporting• Culture of Creativity & Innovation• Globally Distributed Development• Inter-Studio Collaboration and Knowledge Transfer• Highly Dynamic & Mobile Workforce
23
Managing Risk in the Enterprise
Standardization & Centralization – Consider Perforce as Single System• Operating Systems, Virtual Machines, Security Controls• Authentication, Scanning, Vulnerability Patching• System & Application Monitoring• Access Request, Approval & Management
Holistic Perspective – Protect everything with access to Perforce• Secure Development Environment – Upstream & Downstream Systems• Network Segmentation - between & within game teams• Endpoint Protection – secure client workspace
Enable Best Practices & Automation – Dev Teams as Partners• Facilitate user access reviews by information owners• Automate access provisioning & deprovisioning• Identify & Investigate Anomalous User Behavior
24
Managing Risk in the Enterprise
User Behavior Analytics for Insider Threat Detection Mandated by Policy but Difficult to Accomplish
Helix Threat Detection Deployed at EA after successful Proof of Concept Relatively Easy & Quick to Deploy Challenge in Complying with Privacy Regulations Operationalized within BSOC w/ Escalations Integration with other Security Tools
