Posted in Product

ObserveIT 7.6: Improving Insider Threat Data Exfiltration Visibility

 

The Story So Far

Data exfiltration is a really big problem for cybersecurity teams and executives in a wide variety of industries. In fact, 2 out of 3 insider threat incidents are caused by employee or contractor mistakes, which can lead to data breaches and exfiltration.

The reason for this is that there are so many ways for your employees and third-party contractors (your potential insider threats) to exfiltrate valuable company data. From the hundreds of web applications, from webmail to cloud storage drives, to physical means like USB thumb drives, your insiders could be knowingly or inadvertently transmitting sensitive information outside of your protected space.

How can any security team be expected to protect so many exit points, and know who, did what, and for what purpose?

What’s New

Version 7.6 of our Insider Threat Management platform enhances the existing user activity metadata collection capabilities with something that we call: File Activity Monitoring (FAM).

File Activity Monitoring does exactly what it sounds like: helps you monitor file activity. Combined with ObserveIT’s unique user activity data streams, FAM helps provide the added context that you need to be able to detect, investigate, and stop data exfiltration within your organization.

Your Job, Made a Little Easier

The File Activity Monitoring tools that arrive in ObserveIT version 7.6 can proactively alert you (based on customizable indicators) when insiders are distributing files outside of the scope of policy.

For example, if your policy disallows file sharing (i.e. uploads) to a web application like Dropbox, you might receive an alert notifying you that an insider is acting “riskily.”

Be Selective, Or Cast a Wide Net

With ObserveIT 7.6, you can choose exactly which file and user activity is worth watching, broadening or narrowing the scope as needed.

For example, if you would prefer to include only web applications that contain sensitive information such as internal content hubs (e.g. Sharepoint), sales and support portals (e.g. Salesforce), and financial and HR applications (e.g. Workday).

Let’s See it in Action

In the event that you start monitoring file activity (such as a user download from a web application, webmail attachment, social media posting, or upload to cloud storage drive), ObserveIT can keep track of the files and alert you.

  1. Proactive Alerts

    An ObserveIT alert was triggered when a file was uploaded from an insider’s local system to the web.

    It’s important to note that even if the original download gets moved, copied, or renamed, ObserveIT will continue to track them to the exfiltration point. (In this case, Guerilla Mail.)

  2. Timeline View of User Activity

    After receiving the initial alert, you may wish to investigate the incident further. ObserveIT delivers a full chronological timeline view of everything that happened from the insider’s perspective, before and after the file activity occurred.

    This provides much needed context for assessing the risk posed by the activity.

  1. Control Which Files Are Monitored

    ObserveIT platform administrators have full visibility into which files are currently being tracked on each endpoint, and what can be excluded from tracking.


  1. User-mode Agent

    ObserveIT lightweight user-mode agent technology tracks user Web file uploads and downloads without requiring any additional browser plug-ins, this means your IT teams can be assured that they will not be flooded with support tickets reporting browser and application crashes or even worse blue screens on their workstations.

What’s Next

If you’re a current ObserveIT customer, you can learn more about Version 7.6 (and how to upgrade) over on our Product Release page.

Not a current ObserveIT customer? That’s okay! You can start learning more about our Insider Threat Management platform on our homepage.

On Demand: We sat down with Dave DeWalt, Founder @ NightDragon Security, to get his expert take on insider threats.Watch Now
+ +
18 Shares
Share
Tweet
Share18
Email