User Behavior Analytics: The Key to Detecting Insider Attacks
Leidos and Interset Present at This Year’s Gartner Summit
With all of a company’s sensitive information stored electronically and employees having greater access to that information than ever before, the opportunity to do harm—maliciously or unintentionally—is a reality that can no longer be ignored.
Case in point. Last year, a former network engineer, after learning he would soon be terminated, shut down his organization’s network servers and deleted critical data. His actions prevented the company from fully communicating for 30 days and limited its access to data and applications—an attack that cost the company more than $1 million.
Companies Need a Different Approach to Stop Insider Attacks
More than two-thousand risk and security leaders came to The 2016 Gartner Security & Risk Management Summit this year to discuss their biggest security challenges. The topic of insider threat detection emerged as a continuing challenge for security leaders.
One of the major problems is IT security budgets are largely focused on defending against external threats, which do little to identify, let alone prevent an insider from taking information or corrupting a system they are authorized to access. When insider threat detection is on the radar it’s often reactive – focused on detecting malicious acts after they occur. While this approach may locate the perpetrator, it cannot reverse whatever damage may have been caused. The key to a successful insider threat detection program is to identify risks within your organization before harm is done.
One reason so many malicious insiders go unnoticed is that their actions look like their authorized day-to-day activity. As a result, many insider threat detection tools that rely solely on network activity produce so many false positives the tools are unusable. This is a key driver to having an insider threat detection solution that integrates network activity with advanced user behavior analytics and non-it behaviors and continually examines the data for indicators that an employee—unintentionally or not— may be putting a company at risk.
Insider Threat Detection Solution
A new approach called User Behavior Analytics (UBA) can provide this type of proactive (rather than reactive) defense. By using log data from a variety of network devices and security software and overlaying advanced behavioral algorithms, UBA technology assesses the risk, in near-real time, of user activity.
During the Gartner event our team delivered a session about using advanced analytics to automate the detection of threats inside the organization. That culminated in the announcement of a new partnership with Interset to provide a singular, formidable insider-threat solution. The partnership brings together Interset’s big-data security analytics platform and Leidos Arena ITI insider-threat solution to create a unique combination of human and IT threat events with a true machine-learning, big-data analytics platform.
Leidos clients now have access to an scalable behavioral-analytics platform to support their inside-threat detection programs.
Leidos and Interset hosted a presentation detailing the nuances of detecting and responding to insider threats. It focused on how the most effective solutions will expand insider-threat visibility to indicators of bad activity captured from both inside and outside the organization.
Highlights from that discussion included:
- The key to mitigating insider-threat risk is early detection. This requires looking beyond traditional SIEM and IT data sources to the human and social data feeds that can define the motivation and precursor activities of an attack.
- Big-data analytics is critical in dealing with the massive amounts of data collection involved. A behavioral-analytics approach will detect and surface attacks faster, while reducing false positives.
- Technology alone will not create an effective insider-threat detection program. Incident response that combines process and people to deliver timely, effective mitigating actions and controls must be defined.
This partnership is as innovative as it is topical. It comes at a time when companies have realized that detecting inside threats is a critical investment to protect data, reputation, and revenue.
For additional insights on why insider attacks are on the rise, reasons more companies are getting hit, and how innovative technologies - request a meeting today.