By John Boatman
The Fishtech CYDERES Threat Hunt Tour, powered by Chronicle continues this week in Detroit, MI and Bentonville, AR.
One of the questions we’ve repeatedly been asked during our nationwide Threat Hunt Tour is: “How can we do a better job of mitigating our insider threats — not just the external ones?”
Good question. And very timely, considering that 70% of companies in a recent survey said insider attacks have become more frequent in the past 12 months.
At Fishtech Group, we believe the most effective insider threat mitigation programs seamlessly combine policies, processes, and technologies into a comprehensive risk-based approach that can detect insiders regardless of whether they are malicious, willfully negligent, or simply unaware of the harm they’re causing.
As part of that approach, the optimal technologies use a blend of analytic techniques to assess and prioritize workforce risk. For example, Fishtech Group’s Haystax subsidiary employs probabilistic models, enhanced with rules-based triggers and machine learning algorithms, to detect and prioritize anomalous behavior among trusted employees at government and private enterprises alike.
September was Insider Threat Awareness Month, which presented an ideal opportunity for the Haystax team to reflect on some of the top challenges that small and medium enterprises need to focus on as they hunt for insider threats:
- Take the variety of insider threat personas, for example. Haystax was supportive of a Verizon study that took organizations to task for looking primarily for malicious insiders, ignoring several other kinds of threat behaviors that are often just as harmful. Verizon lists not one or two, but five, categories of insider threat: Careless Worker; Inside Agent; Disgruntled Employee; Malicious Insider; and Feckless Third Party. It takes a particular kind of analytics to distinguish between them.
- Continuous vetting is the new black. It’s no longer sufficient for an organization to screen employees once before they walk in the door. There are examples abound of people ‘going rogue’ after a few years of employment, due to a variety of factors that can include financial stress, failed relationships or poor HR reviews. As a result, employers need to find a way to continuously vet (aka evaluate) their staff, executives and even their vendors and contractors. Haystax has blogged numerous times about the issue.
- Most malicious insiders are smart enough to conceal their behavior and blend in well with the normality around them. In these cases, it takes the ability to turn qualitative information collected from a wide variety of sources, including fellow employees and anecdotes, and transform it into quantitative evidence used to ‘connect the dots‘ and catch a spy or saboteur or fraudster before he or she can do real damage. See the Haystax use case on Cuban spy Ana Montes for an example of how that works.
- Despite its wide use, the term user behavior analytics (UBA) has come to mean something quite narrow: analysis of user behavior on networks and other systems, and the application of advanced analytics to detect anomalies and malicious behaviors in those systems. Find out why that network-centric approach is not adequate to the task of catching your most dangerous insiders — and why a person-centric analytical approach is.
- Also find out why small businesses are most vulnerable to insider fraud, and how the U.S. government’s latest Insider Threat Maturity Framework still leaves some key questions unanswered.
- Finally, the Haystax white paper To Catch an IP Thief lays out in detail the events that lead a senior executive down an unhappy path from star executive to full-blown insider threat in the space of less than four years — and how the Haystax Analytics Platform would have detected him before he could steal his company’s valuable intellectual property.
Since October is Cybersecurity Awareness Month, it’s also an opportune time to showcase Fishtech Group’s Security-as-a-Service division, CYDERES, a top-rated managed security services provider (MSSP) for detecting internal and external cyber threats.
A brand new partnership with Alphabet unit Chronicle gives CYDERES the ability to deliver managed detection and response services for Chronicle’s new Backstory platform. This partnership offers clients unmatched capabilities for threat hunting, incident investigation and ultimately detection and response.
There are nine Threat Hunt Tour sessions between now and the end of the year. Click here to register for the one closest to you, and learn how CYDERES and Chronicle can help you prey on your external and insider threats in an entirely new way.