Recognizing and overcoming insider threats



Cyber attacks can come from anywhere. It could be a nation state trying to unlock your recent break-through in advanced manufacturing techniques or perhaps a competitor trying to discover your sales prospect list. It could be a disgruntled employee upset about a missed promotion or even Joe in accounting who moved some confidential data to a thumb drive so he could finish his work at home rather than stay at the office past midnight.

As a technology professional, you know that data, network and system failures aren't your biggest problems. It's the humans who interact with these systems that cause your biggest headaches.

High-risk insider threats – malicious, careless or “negligent” employees – are one of the main causes of data breaches. Most of the time, these are simply ordinary users focusing on getting their job done. They're not thinking, minute by minute, about protecting the company's sensitive or confidential information.

The key to thwarting breaches from your biggest threat, your most vulnerable “endpoints” – your employees – is knowledge. It's critical to detect breaches, understand the intent or context and then act quickly.

Forcepoint's SureView Insider Threat watches user behavior and alerts your team to any suspicious, risky, or data-exposing activities. Within moments of risky behavior taking place, you'll know. And, you can set up your own definitions of “risky” behavior or use policies Forcepoint has developed in working with large enterprises, including major federal agencies.

SureView Insider Threat identifies risky behaviors by base lining “normal” for the user, and the organization, then captures deviations from “normal” such as a change in data access, working hours, email activity, etc. These deviations are risk indicators that serve as warning signs leading up to a breach. Utilizing behavioral analytics, the top 12 riskiest users are pinpointed with historical data that provides deep visibility into their behaviors.

It's not enough to know that certain user behavior is happening. You need to understand the intent behind risky user behavior. Is it intentional or accidental? Where is it happening and when? Most major breaches begin with a well-crafted email that circumvents traditional email security and fools the end user into risky behavior.

SureView Insider Threat provides context and user intent quickly and definitively, now and in the past. In Jessica's example above, her actions were shown to be non-malicious; the context shows that she is an unintentional threat and needs some training so she doesn't do that again. This data can help you create guidelines that alert you to future risky types of behaviors, making early detection more relevant and effective to your business.

It gives you a comprehensive monitoring of multiple attack vectors – internal and external. It signals potential risky behavior – large file transfers, responses to lures or infected URLs, for example – in near real-time, giving you the details you need to contain threats immediately.

Employees' risky behavior – whether intentional or innocent – won't ever completely go away. They'll never be as vigilant about protecting data as you are; they're too busy doing great work.

Your team helps protect the employees by protecting the valuable data they use every day. But just as importantly, you also empower them to perform their jobs as best as possible by enabling them safe access to the data, tools and technology they need.

Presented by Forcepoint Security Labs


You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters