Cybersecurity

The barbarians are through the gate.

By Veriato Team

Insider threats are a big topic – in the news and here at Veriato. We give webinars advising companies on how to reduce their risk of an insider incident, have published articles on the topic, and offer solutions that improve insider threat detection and facilitate insider incident response.

Today we are announcing a partnership aimed at dealing with a threat that starts and ends on the outside, but behaves very much as an insider threat at its core.

The imposter: An external actor, who hijacks valid credentials, and uses that “authorized” access to locate, steal, and otherwise damage confidential information and systems.

The imposter is dangerous, but with the right tools and focus they can be caught and stopped. Since user credentials or network credentials may be compromised, focus on user behavior and network behavior is needed to detect the imposter.

Given our focus on user behavior and activity, we sought a partner that offered unique, powerful capability in detecting anomalous network behavior – one that focuses on network traffic from a pure security perspective. We found that partner in Flowtraq and its powerful network behavioral intelligence engine.

There are typically three phases to the imposter’s approach – and combining network behavior intelligence and user activity intelligence gives you the insight you need to minimize the impact of the attack.

1. Infiltration

Initial malicious activity often includes scanning, password cracking or attack propagation. Although a skilled imposter shouldn’t have to resort to “noisy” techniques like this, 60 percent of “bad” network behavior fits into these categories. And due to weak passwords, forgotten default credentials and/or poor firewall policies, they’re surprisingly successful. But, with FlowTraq’s advanced network behavior intelligence, these are an easy catch.

2. Data Gathering

Once in, an imposter will look like a legitimate user from an authorization and authentication perspective, but won’t behave like a normal user. The amount and frequency of data accessed will be unusually high compared to a legitimate user – because the imposter isn’t interested in processing information as a user would. And while the data will appear to be going to a safe, internal system/user, the reality is that this is a precursor to a potential data exfiltration. Veriato’s unique user activity intelligence capability seeks out these types of anomalies – making it simple to detect, alert, and respond to insider threats.

3. Data Exfiltration

With data in hand, the imposter doesn’t have access to “physical” exfiltration options – removable media, laptop, or printing – so the data needs to be moved to a remote server (often cloud-provisioned, temporary accounts). FlowTraq’s advanced network anomaly detectors will flag this immediately – its unique filtering, combined with its full-fidelity storage, ensures that no traffic flies under your radar.

To learn more about how to prevent the imposter from getting in and out of your organization undetected, send an email to [email protected] with the subject line “the imposter.”

Insider Risk – How Prepared Are You?

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Insider Risk & Employee Monitoring Resources

Smart Year-End IT Investments- A Trifecta for ROI

Smart Year-End IT Investments- A Trifecta for ROI

Drive Productivity, Reduce Insider Risk, Enforce Compliance As the year wraps up, many IT, security, compliance, and HR teams have unspent budgets that won't roll over. Rather than scrambling for last-minute, low-value purchases, why not make smart, strategic...

Is IAM, SIEM, and DLP Enough to Combat Insider Risk?

Is IAM, SIEM, and DLP Enough to Combat Insider Risk?

Key Takeaways: Closing the Gaps in Traditional Security Tools: IAM, SIEM, and DLP are vital but insufficient in addressing insider risks. They focus on access control, event logs, and data protection without understanding the behavioral context that signals insider...