Get Pricing Start Free Trial

Insider Threat Blog

Posted on Tuesday, May 12, 2015 by David Mai
In the Information Age, where data is bigger, more valuable and more sought after it’s no surprise that data protection is quickly becoming an issue. In recent news, Yahoo, the technology giant who played a role in inventing the internet is dealing with protecting their data from insider threats like their so-called “trusted” employees. Yahoo is suing a former employee who they claim leaked private information. The lawsuit alleges that Cecile Lal, a former Senior Director of Product Management... Continue Reading →
Posted on Tuesday, May 5, 2015 by Daniel Petri
You may already be familiar with the term “key logging” (short for keystroke logging), which describes the recording of every key press on a computer keyboard, by software known as a “key logger.” Key loggers are most commonly associated with software that is surreptitiously installed on a computer, either by way of malware (such a Trojan) or by someone with physical access to the computer (a suspicious spouse, perhaps?). These keyloggers are used to covertly monitor a user’s activity in order... Continue Reading →
Posted on Thursday, April 30, 2015 by David Mai
Stealing Sensitive Customer Data A JP Morgan employee was arrested by the FBI on charges of stealing customer account information and trying to sell it to an undercover informant. A FBI spokesperson said that Peter Persaud got access to customer accounts in order to sell data including birth dates, Social Security numbers, passwords, bank account balances, debit card number, and three–digit security code. The informant wore a wire to record conversations and calls with Persaud. The undercover... Continue Reading →
Posted on Tuesday, April 28, 2015 by Daniel Petri
    As readers of this blog know well, User Activity Monitoring solutions generate logs and screen video of all user actions on company servers and/or desktops. In terms of how this kind of system is deployed, there are actually two approaches: agent-based and agent-less. In this post, I am going to present the pros and cons of each approach, and share two customer stories that demonstrate how some of the inherent issues played out for those customers. Before getting to the nitty-gritty, it is... Continue Reading →
Posted on Tuesday, April 28, 2015 by Dimitri Vlachos
We are excited to announce that we walked away with 3 awards from Info Security Products Guide, the information security industry’s foremost research and advisory guide, on April 20, 2015 at the RSA Conference in San Francisco. We are honored to win Gold in the 2015 Global Excellence Awards in Forensics, and Bronze for both Database Security, Data Leakage-Protection/Extrusion Prevention, and Risk Management. A judge panel of over 50 industry experts from all around the globe selected the... Continue Reading →
Posted on Friday, April 24, 2015 by Gaby Friedlander
The National Institute of Standards and Technology (NIST) is providing a baseline that organizations can use to structure and review their IT security strategies. NIST 800-14 gives specific security requirements that all companies should follow to properly secure their IT resources.   Here are some of the compliance requirements of NIST 800-14: 1) Individual accountability by tracking user actions NIST regulations understand the importance of individual accountability. While users can’t be... Continue Reading →
Posted on Thursday, April 23, 2015 by Daniel Petri
Security information and event management (SIEM) systems help organizations aggregate, correlate and analyze log data from numerous sources, such as network devices, servers and security systems (e.g., firewalls, anti-virus and IDS/IPS). The three main goals of using a SIEM are (1) to analyze and alert on anomalous events or suspicious trends in real time (or near real time), (2) to speed post-incident IT forensics, and (3) to assist with regulatory compliance and reporting. SIEM Limitations... Continue Reading →
Data Misuse Prevention & Detection
Posted on Thursday, April 16, 2015 by Matt Zanderigo
Data misuse is the inappropriate use of data as defined when the data was initially collected and can be governed by laws and/or corporate policy. However, even with laws and policies in place the misuse of data continues to grow and perpetrators can be both individuals and corporations. The misuse of data can lead to the loss and subsequent misuse of data such as theft and losses through human mistakes and process flaws, but there are also many cases of the deliberate targeting of secure... Continue Reading →
Posted on Tuesday, April 14, 2015 by Tal Yaffe
Research has shown that a majority of data breaches are accomplished via remote access to a company’s systems. For example, Verizon has reported that remote access accounts for 88% of data breaches, while Trustwave has reported that 76% of data-breaches investigated were due to exploitation of remote vendor access channels. The most common of these channels are Virtual Private Network (VPN), Remote Desktop Protocol (RDP), Microsoft’s Terminal Services, Citrix Remote Desktops and Published... Continue Reading →
Posted on Thursday, April 9, 2015 by Matt Zanderigo
AT&T will pay $25 million to the Federal Communications Commission as a result of an investigation that discovered that employees at international call-centers illegally disclosed the personal information of upwards of 280,000 customers. The hefty penalty is the largest for privacy violations ever issued by the FCC, Travis LeBlanc, chief of the agency’s enforcement bureau, said in a press conference call. The workers sold U.S. AT&T customer names and Social Security numbers to third... Continue Reading →

Pages

Try it Now
Contact Us