I’m sure we can all agree there’s a lot of noise in the cybersecurity marketplace surrounding technology. Which security solutions do what? When it comes to mitigating insider threats, which tools address the problem and what are the strengths and weaknesses of each?
Forrester Senior Analyst, Joseph Blankenship, shared his perspective on the insider threat technology landscape in our webinar Cybersecurity Game Changers: A Look at Insider Threat Technologies. The webinar is chock-full of great info on how to address the insider threat challenge with a holistic approach of people, process and technology – we highly recommend checking it out!
Knowing there is more work to be done than hours in the day, we are sharing some of the key takeaways. Here’s a look at the security tools that combat insider threats and stop data loss as well as some other nuggets from our webinar.
“If any company thinks that they don’t have an insider threat problem, they aren’t looking.”
-Cyber Security Leader, Fortune 500 Company
Mitigating insider threat risk can be summed up in a few simple words: “People, Process, Technology.” And, according to Forrester, technology really should be the last piece of the puzzle.
What do we mean by that? Often, there is a misconception that cutting-edge technology or a shiny piece of software will solve the problem of data loss. The truth is that understanding who has access to your critical systems and data, and implementing a process to detect and respond when out-of-policy actions occur are just as important as implementing technology. A layered approach is the key to protecting your company from data exfiltration.
Here’s Joseph Blankenship on how to use technology to enable process.
In recent years, tools such as Data Loss Prevention (DLP), User Behavior Analytics (UBA), SIEM, Privileged Access Management (PAM), and many others, have become common best practices and gold standards for IT Security teams. Compliance teams check boxes and thousands of hours are spent responding to alerts. But despite these developments, major blind spots still remain.
Let’s take a look at the strengths and weaknesses of five security technologies that address insider threats.
Data Loss Prevention (DLP)
Privileged Access Management (PAM)
Manages the provisioning and de-provisioning of privileged identities, password vaulting, access management to critical systems & applications.
- Controls access to privileged accounts
- Delegate & control operations an admin can execute
- Focus on privileged users only
- Limited platform coverage
- Lacks feature depth
User Behavior Analytics (UBA / UEBA)
User Activity Monitoring (UAM)
UAM is user-centric rather than data-centric. UAM does not limit or reject any action; instead, user behavior is monitored and suspicious trends are extracted for case-by-case analysis. UAM is not a log aggregation platform, and it is not a data loss and spillage prevention tool.  User activity monitoring provides the ability to understand context of incident to enable investigator the ability to better understand what actually occurred. Often includes the technical ability to capture screen captures for attribution of potential insider threat related activity.
- Investigational capabilities
- Session recording and visual capture
- Granular context
- Focus on user activity
- Limited to endpoint activity
Security Information Management (SIM / SIEM)
In the coming years, the majority of organizations will face an insider threat related incident. To combat this threat and stop data loss, organizations must put together a plan that outlines the processes that best align with protecting the business and uses the power of various technologies to detect insider threats, streamline the investigation process, prevent data loss, and effectively respond.
Here’s Mike McKee, ObserveIT CEO, explaining how we are bringing together the best of technologies to address insider threat risk in an ever-evolving the security market.
Ready to see Insider Threat Monitoring and Prevention in action?