The best insider threat mitigation programs often use combinations of analytic techniques to assess and prioritize workforce risk, according to a recent report by the Intelligence and National Security Alliance (INSA). For example, probabilistic models can be usefully enhanced with rules-based triggers and machine learning algorithms that detect anomalies, creating a powerful user behavior analytics (UBA) capability for government and private enterprises alike.
Haystax Technology’s Vice President for UBA Customer Success, Tom Read, was a key member of INSA’s Insider Threat Subcommittee, which produced the report, and he recently summarized its findings in an article for Homeland Security Today.
“Organizations confronting malicious, negligent and unintentional threats from their trusted insiders must make important policy, structural and procedural decisions as they stand up programs to mitigate these burgeoning threats,” Read noted. “On top of that, they must choose from a bewildering array of insider threat detection and prevention solutions.”
INSA’s report, An Assessment of Data Analytics Techniques for Insider Threat Programs, provides a framework to help government and industry decision-makers evaluate the merits of different analytic techniques. Six primary techniques are identified, Read says, along with detailed explanations of each and guidance on how insider threat program managers can determine the types of tools that would most benefit their organizations. The techniques are: rules-based engines; correlation and regression statistics; Bayesian inference networks; machine learning (supervised); machine learning (unsupervised); and cognitive and deep learning.
Read summarized the report’s assessment of each technique in greater detail, as well as its four primary conclusions — that insider threat program managers should:
- Integrate data analytics into the risk management methodology they use to rationalize decision-making;
- Assess which techniques are likely to be most effective given the available data, their organizational culture and their levels of risk tolerance;
- Evaluate the myriad software tools available that most effectively evaluate data using the preferred approach; and
- Assess the human and financial resources needed to launch a data analytics program.
Click here to read the full Homeland Security Today article.