The Cyber5 Podcast

Crowell & Moring’s Gabe Ramsey

Episode 5 of the podcast focuses on understanding the nuances around insider threat scenarios and features Gabe Ramsey, Partner @ Crowell & Moring.
Outline:

  • Intro (00:18)
  • Question 1 (00:56) – Thinking about the team that comes together in an insider threat investigation, what does that look like? Both internal and 3rd parties.
  • Question 2 (01:50) – Are there any common trends that you see with companies that are successful in investigating and, from your angle, bringing litigation against an insider threat?
  • Question 3 (02:39) – Insider threat, its a very multi-dimensional problem, but all of the effort leads to some kind of legal action or outcome. From your perspective, what is the main network informational gap that you face in trying to prove the actions or intent of an insider?
  • Question 4 (04:21) – I’ve spoken with CISO’s specifically on data collection surrounding insider threat, and it seems that there is a general lack of comfort with the total degree of valuable information gathering that can be done within the scope of the law, largely because it seems invasive to the individual. That said with an insider threat situation, you are often trying to prove something that falls more in the realm of human activity, than pure network activity. What are some of the tools you recommend clients use to collect the necessary information to be able to make the right assertion about an individual suspected of being an insider threat, and how do you help them navigate this often-uncomfortable situation?
  • Question 5 (07:28) – I’ve heard people talk about larger, more sophisticated companies allowing technical threats to dwell on specific systems so they can learn more about their motives through the actions they observe on the network, and with insider threat, I can imagine that there is a range of appropriate responses, from immediate separation to levels of overt or covert observation of the individual; from your perspective what does that look like, and what triggers lead to different actions, and what are the actions that companies end up taking?
  • Recap & Key Takeaways (10:19)

Episode 5 | July 24, 2020

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks