Insider Threat

/, Security/Insider Threat

Insider Threat

The insider threat is real and it will cost your business. There are two types of insider threat, accidental and malicious.

For a cyber-criminal to access your data, they must have access to your network. This is obtained by using compromised user credentials, and can be an employee, contractor, partner or vendor who has access to your network.

It is common IT practice to protect your business against outsider threats, but most companies are failing to protect against the insider threat. This is worrying because at least 50% of all recent incidents have resulted from inside the business.

Forrester, has recently produced a best practices for Mitigating Insider threats report and the following graph, shows how real the insider threat is.

Insider threat

 

Insider threat protection or User Behaviour Intelligence is a new way to fighting insider cybercrime.

Unleashed is working with DTEX Systems to provide you with 10 reasons why you should deploy Insider Threat software.

1.       Insider Threat

One of the big problems in IT is detecting the insider threat. Most companies look at a DLP (Data Loss Prevention) solution or a SIEM (Security Incident Event Management) Both solutions have huge gaps which makes detecting an incident difficult and very time consuming.

2.       Insider-Focussed Detection

 The way the DTEX system handles your dataset allows you, as the IT professional an insight into:

 ·         Computer Misuse

·         Confidential Theft

·         Data Exfiltration

·         Lateral Movement

3.       User Intent

Intent is a big part of determining if a crime has been committed. To enable you to monitor this we look at the following information:

·         Data related to user activities

·         The sequence of user activities

·         Whether the activities are normal or abnormal depending on the user behaviour.

It is important to look at a timeline around data access. By looking at context around what happened before, during and after an event, can determine if you need to raise an alert.

4.       Forensic Investigation

 If we find an unmatched context, then the DTEX software will allow you to quickly understand how a security alert has occurred. From this information, you will be able to establish a forensic audit trail. This in turn, makes it easy to perform an investigation around the incident. You will be able to see: 

·         What files went missing or have been altered

·         Which endpoint device has opened the file

·         If it is an infected file, an audit trail of what files have also been infected

·         How long the incident lasted 

5.       Catch the Early Signs

The whole point of this is to try and stop data theft before it occurs. To do this, you must look at the whole depiction of what happens at each stage of the incident. Until you have a complete picture, you will not know if a security violation has happened or not. I.e. just because a user puts a file on a USB drive does not mean they have any intent to commit a crime.

From experience, we have found that every insider threat follows the same process.

·         Reconnaissance – Investigation

·         Circumvention – Disabling any security measures

·         Aggregation – Data collection

·         Obfuscations – Covering the tracks 

6.       Privacy & Anonymisation (GDPR Compliancy)

With GDPR just around the corner, data privacy is very relative. With DTEX, you can choose to work in an optional anonymisation mode. This means, we can ensure data such as user, domain name, machine name etc, can only be accessed by a dedicated user. Such as your Managing Director or HR Manager. To find out how DTEX can help with GDPR planning

7.       IT Policy Violations

Every business has a computer use policy. Quite often this is very time consuming and difficult to police. With DTEX, you can see who is violating any policies such as:

·         Gambling

·         Gaming

·         Inappropriate Web Browsing

·         Personal Webmail

·         Cloud File Sharing

·         Pirated Software 

8.       Off-Network Visibility

When a user removes their device from the network, the IT department loses visibility of what they are doing. For example, if you unplug your network cable and copy a file to a USB drive, this would normally go undetected. DTEX works off-network and the endpoint device will keep collecting user behavioural data no matter where they are. This works by caching all data until the device returns to the network.

9.       Reduce False Positive

All IT departments are under staffed and over worked. This means the last thing you want or need is another software program giving you alerts that can take time to investigate and resolve. DTEX’s behaviour analysis will look at the whole event history and only alert if it thinks there has been an abnormality. This means you get less false positives and you can be sure if you get an alert, it is real.

10.   Lightweight

Data stores are growing exponentially. So, this puts a heavy load on your corporate data storage. DTEX is lightweight and only uses 2-3mb of data per user per day. To put this into context, 3 x single page word documents.

I hope this has given you a good overview of how DTEX systems can help you to negate the insider threat. If you would like to read more…

To enquire about DTEX then please get in touch and we can arrange a demonstration

  • Share on Tumblr
By |2018-04-24T21:20:43+00:00November 27th, 2017|Cyber Security, Security|0 Comments

About the Author:

Chris, is a IT Security Consultant who is passionate about IT. We regularly find that cyber security is an afterthought. When really it should be the keystone your business is built on. Chris, is a qualified Cyber Essentials Consultant who can help your business to built a cyber security strategy. This will not only protect your business but could also save it. GDPR comes in next year - are you ready? if not speak to Chris and he can help you.