Using Data Identification and Behavioral Analytics to Tackle Insider Threats

No ratings

Presented at BsidesOttawa 2016 by

Scott Masson

There are many ways that sensitive information can be leaked from organizations, however the insider threat remains the hardest to quantify and resolve. Organizations often become hung up on using technology to combat external breaches, and the insider threat doesn’t get the attention it deserves. While a great deal of time and energy must be spent on trying to stop hackers who are maliciously and intentionally trying to steal information, another big challenge for IT security departments is the threat of authorized internal users who have legitimate access to sensitive information. Being able to accurately identify the sensitivity of corporate documents so that the proper controls can be enforced is a good start in addressing insider threats. Identifying potential insider threats, however, must go beyond just data identification. By looking at behavioral analytics, ‘normal’ user behavioral patterns can be established, and changes in behavior can serve to help guide corporate security groups to specific users who might be deemed a ‘threat’.