How to Mitigate Insider Threat

The best insider threat mitigation programs often use combinations of analytic techniques to assess and prioritize workforce risk, according to a recent report by the Intelligence and National Security Alliance (INSA). For example, probabilistic models can be usefully enhanced with rules-based triggers and machine learning algorithms that detect anomalies, creating a powerful user behavior analytics (UBA) capability for government and private enterprises alike.

Haystax Technology’s Vice President for UBA Customer Success, Tom Read, was a key member of INSA’s Insider Threat Subcommittee, which produced the report, and he recently summarized its findings in an article for Homeland Security Today.

“Organizations confronting malicious, negligent and unintentional threats from their trusted insiders must make important policy, structural and procedural decisions as they stand up programs to mitigate these burgeoning threats,” Read noted. “On top of that, they must choose from a bewildering array of insider threat detection and prevention solutions.”

INSA’s report, An Assessment of Data Analytics Techniques for Insider Threat Programs, provides a framework to help government and industry decision-makers evaluate the merits of different analytic techniques. Six primary techniques are identified, Read says, along with detailed explanations of each and guidance on how insider threat program managers can determine the types of tools that would most benefit their organizations. The techniques are: rules-based engines; correlation and regression statistics; Bayesian inference networks; machine learning (supervised); machine learning (unsupervised); and cognitive and deep learning.

Read summarized the report’s assessment of each technique in greater detail, as well as its four primary conclusions — that insider threat program managers should:

Integrate data analytics into the risk management methodology they use to rationalize decision-making;
Assess which techniques are likely to be most effective given the available data, their organizational culture and their levels of risk tolerance;
Evaluate the myriad software tools available that most effectively evaluate data using the preferred approach; and
Assess the human and financial resources needed to launch a data analytics program.

Click here to read the full Homeland Security Today article.

CNAP

Cloud Native Anayltics Platform

GSOC

Global Security Operations Center

EMDR

Enterprise Managed Detection & Response

RTaaS

Red Team-as-Service

SIRT

Security Incident Response Team

CLOUD

Cloud Security

ITDR

Insider Threat Detection & Response

Overview

Our Unique Approach

IAM

Identity & Access Management

CRC

Cyber Risk & Compliance

EA

Enterprise Architecture

STAFF

Strategic Staffing

LAB

Technology Lab

Cyderes: The New Powerhouse in Managed Cybersecurity

Actionable Security Operations Tools for Educational Institutions

Google Cloud Security Talks – Fireside Chat Replay

CYDERES’s First Code-a-Thon: Collaboration and Competition

How to Mitigate Insider Threat