Security Analyst, Varonis
Ian McIntyre is a Security Analyst on the Security Architecture and Incident Response team at Varonis. In his position at Varonis, Ian helps customers understand and implement the full scope of Varonis’ detection and alerting capabilities, as well as assisting customers through cybersecurity investigations. Specific areas of interest include training SOC teams on how to analyze and triage Varonis alerts, and building full activity timelines of suspected insider threats.
See how Varonis uncovers indicators of compromise at every turn.
- An insider was paid to exfiltrate sensitive organizational data
- To cover his tracks, he takes control of a service account with elevated privileges
- Using the service account, he scans company file shares for documents with certain keywords
- Copies matching documents to his PC
- Creates an encrypted ZIP file
- He uses the service account to exfiltrate the ZIP file as an attachment to a personal Gmail account