Catch exfiltration from cloud file stores early! [Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics]

In this session, we tackle data breaches and information exfiltration from cloud file stores. Beyond the attacks that make headlines and result in millions of stolen personal records, we will also focus on the far less publicized risks related to exposure of intellectual property, infrastructure details or finances. We will share our experience in building a defensive strategy that now detects highly-covert exfiltration attempts.To this end, we first shed a lot of light on how companies use general-purpose file stores, such as Box, Office365 or Google Drive. We cover the types of files that commonly get stored in the cloud, file sharing practices, access properties, as well as uses of cloud stores by various departments. There are a lot of unexpected insights which eventually invalidate common security assumptions.As the boundary between good and bad gets blurred, we will provide you with a peek into how to design an effective data-driven defense. This approach helped us hone our detection to just tens of validly suspicious exfiltration files in a massive cloud store.

Speaker(s)

Stanislav Miskovic, Security Data Science, Splunk

Ignacio Bermudez Corrales, Senior Data Scientist, Splunk

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2083.pdf?podcast=1577146257