Relentless cyber-attacks and an expanding digital threat landscape caused by a surge in at-home workers during the coronavirus pandemic have left corporate cybersecurity teams overwhelmed and exhausted.
Making matters worse, a parallel increase in insider threat incidents has forced these teams to reckon not just with external risks but also with the growing possibility that trusted individuals from within the organization will cause financial, operational and reputational harm.
CYDERES, the pioneering security-as-a-service division of Fishtech Group, has developed a new service to address these complex and hard-to-detect threats, even while continuing to detect and respond to advanced external cyber threats.
Developed in partnership with Haystax, also a Fishtech business unit, this new Insider Threat Detection & Response (ITDR) managed service analyzes a customer’s existing user and network telemetry to pinpoint and prioritize its riskiest insiders.
An IBM study released in May notes that 40% of the insider attacks it studied between 2018 and 2020 “were detected through alerts generated via an internal monitoring tool.” In almost 10% of cases an outage was the first sign of an insider event, while human reporting was instrumental in 20% of cases. (The remaining 30% were not reported to the study’s researchers.) The study also noted that 40% of incidents involved an employee with privileged access to company assets. In all cases where the insider had administrative access, this elevated access “played a role in the incident itself.”
But what if those different sources could be stitched together and analyzed collectively? The power of ITDR is that it casts a wider net than conventional managed services for data that indicates insider risk. It augments network and device telemetry with a variety of other sources that reveal behavioral anomalies. And ITDR is optimized to focus on the most prevalent insider threat cases, such as data exfiltration, account compromise and risk from individuals who plan to depart the organization or learn they are to be involuntarily terminated (image below).
The analytic result is a composite picture of insider risk, regardless of whether the intent is malicious or the result of unwitting behavior or negligence. This is a crucial analytical capability since accidental breaches and negligence are growing elements in the insider threat landscape – due perhaps to increased stress or carelessness brought on by the pandemic and its consequences.
A recent Harvard Business Review piece noted, for example, that “employees are now 85% more likely to leak or lose files with intellectual property (IP) and other valuable data than they were before the pandemic began.” In a separate survey, 20% of respondents reported security breaches caused by remote workers – a large increase from pre-pandemic levels.
CYDERES is widely known for its human-led and machine-driven security-as-a-service operation, which supplies the people, processes and technology companies need to manage cybersecurity risks, detect threats and respond to incidents in real-time. These 24/7 services act as a ‘force multiplier’ to augment corporate cybersecurity ops teams, helping them shift from reactive monitoring to proactive threat hunting.
Haystax is an award-winning innovator in the application of AI-based risk management analytics to support any type of security mission – from critical infrastructure protection to natural disaster preparedness to insider threat mitigation. Haystax has even provided security alerting and real-time threat analysis to nine of the last 13 Super Bowls, as well as many other major national-security events.
By applying machine learning, probabilistic modeling and other AI techniques to IT telemetry and other data sources, the ITDR service developed by the CYDERES-Haystax team is able to filter out noise and false positives and deliver actionable intelligence to our clients in the form of prioritized and triaged alerts – plus response recommendations and even enhanced training and awareness services.
This seamless blend of cybersecurity firepower and AI-driven behavioral analytics within a single platform, delivered as a managed service, is the best way for organizations to proactively mitigate their riskiest insiders.
Simply put, ITDR focuses on the threats so the corporate team can focus on doing what it does best.
# # #
Note: The CYDERES Insider Threat Detection & Response managed service, powered by Haystax, will be launched on July 1. Join us on July 8 for a live interactive webinar that will include an in-depth ITDR briefing and live demonstration of its capabilities. Register here.