There's a lot of noise in the cybersecurity marketplace surrounding technology. In an inundated market, many organizations are left unsure of which security solutions are actually effective and how to best protect critical information. In terms of insider threat management, these questions remain. So, which insider threat solutions successfully prevent data exfiltration and meet compliance regulations?
Forrester Senior Analyst, Joseph Blankenship, answers these questions and more as he shares his perspective on the insider threat solution landscape in a recent webinar.
Knowing there is more work to be done than hours in the day, we are sharing some of his key takeaways. Here’s a look at the pros and cons of the various security solutions for combatting insider threats and preventing data loss.
"If any company thinks that they don't have an insider threat problem, they aren't looking."
-Cyber Security Leader, Fortune 500 Company
5 Insider Threat Solutions That Mitigate Risks
Successfully mitigating insider threat risk can be summed up in a few simple words: “People, Process and Technology.” And, according to Blankenship, technology really should be the last piece of the puzzle.
What do we mean by that? Often, there is a misconception that cutting-edge technology or a shiny piece of software will solve the problem of data loss. The truth is that understanding who has access to your critical systems and data and implementing a process to detect and respond when out-of-policy actions occur are just as important as implementing technology. A layered approach is the key to protecting your company from data exfiltration.
Joseph Blankenship explains how technology can be used to enable processes and people:
https://observeit.wistia.com/medias/jbha386boq?embedType=async&videoFoam=true&videoWidth=640
In recent years, tools such as Data Loss Prevention (DLP), User Behavior Analytics (UBA), SIEM, Privileged Access Management (PAM) solutions, among many others, have become common best practices and gold standards for IT security teams. Despite these developments, major blind spots still remain.
Let’s take a look at the strengths and weaknesses of five security solutions that address insider threats:
1. Data Loss Prevention (DLP)
https://observeit.wistia.com/medias/lehonm81wt?embedType=async&videoFoam=true&videoWidth=640
2. Privileged Access Management (PAM)
PAM tools manage the provisioning and de-provisioning of privileged identities, password vaulting, access management to critical systems & applications.
Strengths
- Controls access to privileged accounts
- Delegate & control operations an admin can execute
Weaknesses
- Focus on privileged users only
- Limited platform coverage
- Lacks feature depth
3. User Behavior Analytics (UBA / UEBA)
User Behavior Analytics tools can be useful for detecting behaviors that are outside the norm, but the promise of machine learning and AI has not yet lived up to expectations. Watch the video to learn more about this insider threat tool:
https://observeit.wistia.com/medias/j5nnw0s3ry?embedType=async&videoFoam=true&videoWidth=640
4. User Activity Monitoring (UAM)
User Activity Monitoring tools are user-centric rather than data-centric. UAM does not limit or reject any action; instead, user behavior is monitored and suspicious trends are extracted for case-by-case analysis. UAM is not a log aggregation platform, nor is it a data loss and spillage prevention tool. [3] User activity monitoring provides the ability to understand context of incident to enable investigator the ability to better understand what actually occurred. Often includes the technical ability to capture screen captures for attribution of potential insider threat-related activity.
Strengths
- Investigational capabilities
- Session recording and visual capture
- Granular context
Weaknesses
- Focuses solely on user activity
- Limited to endpoint activity
5. Security Information Management (SIM / SIEM)
A security information management system is typically the heart of any cybersecurity program, but it focuses on external threats instead of internal user activity. Learn tips from Joseph Blankenship on how to set up SIM for optimal performance.
https://observeit.wistia.com/medias/fvfqtya00v?embedType=async&videoFoam=true&videoWidth=640
Final Thoughts
Most, if not all, organizations will face an insider threat-related incident if they have not already. To combat insider threats and stop data loss, organizations must put together a comprehensive strategy. This includes outlining processes that protect the business and taking advantage of an insider threat solution. With the right people, process, and technology, your organization can streamline the investigation process and effectively prevent data exfiltration.
Ready to see how Proofpoint ITM can help your organization mitigate insider threats? Learn more about our insider threat solution!