There are a few insider threat incidents that have reached infamy in the United States of America, and the individuals that have carried these incidents out have become household names. Looking back on these events, many professionals have asked if there was something that could have been done to recognize some of the warning signs of these individuals to nip these attacks in the bud.
Our colleagues at Haystax, a wholly-owned subsidiary of Fishtech Group, have been focusing on a couple of these infamous actors, asking the question – if they had tried to pull off a similar attack today, would their behavior stand out to security analysts? Using Haystax’s security analytics platform, they believe the answer is, yes!
In a new ‘use case’ blog series, a few of the professionals at Haystax will focus on four total infamous insider threat incidents. The first two use cases that Haystax have put out focus on Edward Snowden, who leaked classified government documents back in 2013, and Ana Montes who was arrested on suspicion of spying for the Cuban government in 2001 after a years-long internal mole-hunt and was eventually convicted.
Finding Edward Snowden: A Haystax Use Case
With recent focus shifting back toward Edward Snowden due to increased press around his new book, it was worth looking back at this particular incident, especially being that it happened so recently relative to other cases, like with Ana Montes.
Haystax asserts that using their analytics platform, it would have been possible to detect and intervene on Edward Snowden’s plan to leak classified information and flee the country.
The Haystax analytics platform combines more traditional machine learning and similar data-driven techniques along with a probabilistic model that ingests data as evidence and extrapolates future outcomes from it. In this particular case, a risk score would be produced in the system that would allow Snowden’s adverse behavior to be recognized all the way back in 2007, giving adequate time to intervene before his eventual flee to Hong Kong in 2013.
The most significant obstacle to finding Edward Snowden was the lack of a system of processes and technologies that focused on person-risk, analyzing multiple information sources the way an analyst would. Haystax breaks down each of the various critical events that would today raise flags using their technology from 2007 to 2013.
Check out the full use case here.
Finding Ana Montes: A Haystax Use Case
For those who don’t recall, Ana Montes was a spy. She joined the U.S. Defense Intelligence Agency (DIA) in September 1985 and was eventually promoted to senior analyst, only to be arrested in her office on September 21, 2001 on suspicion of spying for the Cuban government after a years-long internal mole-hunt, and eventually convicted.
In their second use case, Haystax asks another simple question – in the resulting years from her hiring in 1985, to her eventual arrest, would Montes have been recognized as showing behavioral riskiness that would have enabled DIA security analysts to receive alerts in context, surfacing incidents that otherwise wouldn’t seem concerning using the technology of today?
Using the Haystax for Insider Threat Solution, our colleagues believe that they would have captured all the normal indicators that alert DIA analysts, but would have additionally given top analysts and investigators (with the appropriate permissions) the ability to capture more qualitative events like those that eventually led to Montes’ arrest. Using this solution, they would be able to feed them back as structured data into the probabilistic model that underlies the Haystax analytics platform, leading to an earlier detection and arrest.
Check out the full use case here.
More Haystax Use Cases to Come
These two Haystax use cases are just the tip of the iceberg. Stay tuned to the Haystax website for more use cases coming soon.
Note: Want to conduct a risk assessment to find your hidden insider threats, regardless of whether their intent is malicious or – whether they are unwitting or negligent actors? Contact a Haystax rep or click here to find out how.