Protecting Your IP with Perforce Helix and IntersetCharles McLouthMark BennettKima Hayuk

2

Introductions

Charles McLouth• Director of Technical Sales, Perforce

Mark Bennet• Vice President, Interset

Kima Hayuk• IP Protection Program Manager, Electronic Arts

3

Agenda

Review Helix features for Security

Review capabilities of Interset Threat Detection

Review real world case studies

A Customer’s perspective

4

Helix Features for Security

Server Security Levels• Level 3 – Ticket-based authentication (p4 login)• Level 4 – Level 3 plus Service Users required for service users

Strong passwords – At least two of the following:• The password contains uppercase letters. • The password contains lowercase letters. • The password contains nonalphabetic characters.

5

Protections

Rules for Access

6

Protections

Apply to User or Group

7

Protections

Grant/Restrict to a pattern or specific file

8

Protections

Grant/Restrict to a specific IP Address or Range

9

LDAP

Delegate Authentication to LDAP

LDAP / Active

Directory

10

LDAP

Delegate Authentication to LDAP

LDAP / Active

Directory

P4-Developers P4-Developers

Interset Threat Detection

Behavioral Analytics: Remove Noise, Focus On The Real Threat

Cover More Use Cases• Compromised Accounts• Insider Threat• Negligent User• Data At Risk, Data Theft

Focus on Highest Risks• Highest risk data assets• Highest risk machines &

devices• Highest risk users/accounts• Riskiest applications running

React Quickly• Immediate incident context• Rapid incident exploration• Flexible, multi-purpose workflow• Integrate into existing IR

process

Visi

bilit

yA

ccur

acy

Res

pons

e

Visibility: Visualizing the Attach Path

• Authentication Data• Account

Compromise

Stage: Establish Foothold, Escalate Privileges

• Repository Access & Usage Data• Account

Compromise

• Insider Threat

Stage: Internal Recon

• Data Movement• Insider Threat

• Account Compromise

• Data Movement/Theft

Stage: Stage & Exfiltrate Data

46

80

99

Accuracy: Visualize Attack Path, Analytics Assigning Risk

Security Operations Centre

Escalate Investigate Remediate

UBA is fast, accurate, and actionable

SIEM

Endpoints

AD/LDAP Connectors

ActionableInformation

SIEM

Scalable Big-Data PlatformCloud, Hybrid, or On-Premise Delivery

Security Operations• Incident context• Accounts at risk• Data at riskIT Operations• System impact• Operational riskInvestigators• Incident context• Event level record• Data compromiseHuman Resources• Employee involved• Leaver theft• Watch listLegal• Incident alert• Incident context

Data Acquisition Incident ResponseAnalysis

File 1871.3XAT

User 277

Machine HK4M

CORRELATE BASELINE ANALYZE EXPLORE

UBA PLATFORM

Structured Data

Extensible Analytics Engine

IP Repository Connectors

Real World Examples

17

A Customer Case Study

18

19

20

21

Managing Risk in the Enterprise

A Customer Perspective: Electronic ArtsKima Hayuk, IP Protection Program Manager

• EA Security & Risk Management • 18 Year EA Veteran of QA, CE & Studio Operations

• Governance: Policies & Standards• Employee Training & Awareness• Internal Security Consultant: Tools & Process• Compliance Assessment Officer• IP Related Incident Response

22

Managing Risk in the Enterprise

Electronic Arts: An IP-centric Organization• Growth by Merger & Acquisition• Heterogeneous Cultural Norms & Technology Adoption

The Challenge: How to manage IP risk while supporting• Culture of Creativity & Innovation• Globally Distributed Development• Inter-Studio Collaboration and Knowledge Transfer• Highly Dynamic & Mobile Workforce

23

Managing Risk in the Enterprise

Standardization & Centralization – Consider Perforce as Single System• Operating Systems, Virtual Machines, Security Controls• Authentication, Scanning, Vulnerability Patching• System & Application Monitoring• Access Request, Approval & Management

Holistic Perspective – Protect everything with access to Perforce• Secure Development Environment – Upstream & Downstream Systems• Network Segmentation - between & within game teams• Endpoint Protection – secure client workspace

Enable Best Practices & Automation – Dev Teams as Partners• Facilitate user access reviews by information owners• Automate access provisioning & deprovisioning• Identify & Investigate Anomalous User Behavior

24

Managing Risk in the Enterprise

User Behavior Analytics for Insider Threat Detection Mandated by Policy but Difficult to Accomplish

Helix Threat Detection Deployed at EA after successful Proof of Concept Relatively Easy & Quick to Deploy Challenge in Complying with Privacy Regulations Operationalized within BSOC w/ Escalations Integration with other Security Tools

Thank you!

cmclouth@perforce.commbennett@interset.comkima@ea.com