Cybersecurity

The barbarians are through the gate.

By Veriato Team

Insider threats are a big topic – in the news and here at Veriato. We give webinars advising companies on how to reduce their risk of an insider incident, have published articles on the topic, and offer solutions that improve insider threat detection and facilitate insider incident response.

Today we are announcing a partnership aimed at dealing with a threat that starts and ends on the outside, but behaves very much as an insider threat at its core.

The imposter: An external actor, who hijacks valid credentials, and uses that “authorized” access to locate, steal, and otherwise damage confidential information and systems.

The imposter is dangerous, but with the right tools and focus they can be caught and stopped. Since user credentials or network credentials may be compromised, focus on user behavior and network behavior is needed to detect the imposter.

Given our focus on user behavior and activity, we sought a partner that offered unique, powerful capability in detecting anomalous network behavior – one that focuses on network traffic from a pure security perspective. We found that partner in Flowtraq and its powerful network behavioral intelligence engine.

There are typically three phases to the imposter’s approach – and combining network behavior intelligence and user activity intelligence gives you the insight you need to minimize the impact of the attack.

  1. Infiltration

    Initial malicious activity often includes scanning, password cracking or attack propagation. Although a skilled imposter shouldn’t have to resort to “noisy” techniques like this, 60 percent of “bad” network behavior fits into these categories. And due to weak passwords, forgotten default credentials and/or poor firewall policies, they’re surprisingly successful. But, with FlowTraq’s advanced network behavior intelligence, these are an easy catch.

  2. Data Gathering

    Once in, an imposter will look like a legitimate user from an authorization and authentication perspective, but won’t behave like a normal user. The amount and frequency of data accessed will be unusually high compared to a legitimate user – because the imposter isn’t interested in processing information as a user would. And while the data will appear to be going to a safe, internal system/user, the reality is that this is a precursor to a potential data exfiltration. Veriato’s unique user activity intelligence capability seeks out these types of anomalies – making it simple to detect, alert, and respond to insider threats.

  3. Data Exfiltration

    With data in hand, the imposter doesn’t have access to “physical” exfiltration options – removable media, laptop, or printing – so the data needs to be moved to a remote server (often cloud-provisioned, temporary accounts). FlowTraq’s advanced network anomaly detectors will flag this immediately – its unique filtering, combined with its full-fidelity storage, ensures that no traffic flies under your radar.

To learn more about how to prevent the imposter from getting in and out of your organization undetected, send an email to [email protected] with the subject line “the imposter.”

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Productivity & Insider Risk Resources

Is Employee Monitoring Software Worth The Investment?

Is Employee Monitoring Software Worth The Investment?

Key Takeaways: Employee monitoring software offers detailed insights into employee activities, enhancing productivity and bolstering data security. Choose the right software based on features, cost, integration capabilities, and scalability to align with specific...

How To Choose The Right Employee Monitoring Software

How To Choose The Right Employee Monitoring Software

Remote work is becoming increasingly common, and data breaches are a constant threat. The importance of employee monitoring software has never been more pronounced. For businesses looking to safeguard their digital assets while optimizing workforce productivity,...

UEBA: Revolutionizing Security With Advanced Analytics

UEBA: Revolutionizing Security With Advanced Analytics

Key Takeaways: Behavior-Focused Security: UEBA revolutionizes cybersecurity by analyzing user behavior patterns, providing a dynamic approach to detecting anomalies and potential threats. Flexible and Adaptable: Scalable for any organization size, UEBA integrates with...