The barbarians are through the gate.

By Veriato Team

Insider threats are a big topic – in the news and here at Veriato. We give webinars advising companies on how to reduce their risk of an insider incident, have published articles on the topic, and offer solutions that improve insider threat detection and facilitate insider incident response.

Today we are announcing a partnership aimed at dealing with a threat that starts and ends on the outside, but behaves very much as an insider threat at its core.

The imposter: An external actor, who hijacks valid credentials, and uses that “authorized” access to locate, steal, and otherwise damage confidential information and systems.

The imposter is dangerous, but with the right tools and focus they can be caught and stopped. Since user credentials or network credentials may be compromised, focus on user behavior and network behavior is needed to detect the imposter.

Given our focus on user behavior and activity, we sought a partner that offered unique, powerful capability in detecting anomalous network behavior – one that focuses on network traffic from a pure security perspective. We found that partner in Flowtraq and its powerful network behavioral intelligence engine.

There are typically three phases to the imposter’s approach – and combining network behavior intelligence and user activity intelligence gives you the insight you need to minimize the impact of the attack.

  1. Infiltration

    Initial malicious activity often includes scanning, password cracking or attack propagation. Although a skilled imposter shouldn’t have to resort to “noisy” techniques like this, 60 percent of “bad” network behavior fits into these categories. And due to weak passwords, forgotten default credentials and/or poor firewall policies, they’re surprisingly successful. But, with FlowTraq’s advanced network behavior intelligence, these are an easy catch.

  2. Data Gathering

    Once in, an imposter will look like a legitimate user from an authorization and authentication perspective, but won’t behave like a normal user. The amount and frequency of data accessed will be unusually high compared to a legitimate user – because the imposter isn’t interested in processing information as a user would. And while the data will appear to be going to a safe, internal system/user, the reality is that this is a precursor to a potential data exfiltration. Veriato’s unique user activity intelligence capability seeks out these types of anomalies – making it simple to detect, alert, and respond to insider threats.

  3. Data Exfiltration

    With data in hand, the imposter doesn’t have access to “physical” exfiltration options – removable media, laptop, or printing – so the data needs to be moved to a remote server (often cloud-provisioned, temporary accounts). FlowTraq’s advanced network anomaly detectors will flag this immediately – its unique filtering, combined with its full-fidelity storage, ensures that no traffic flies under your radar.

To learn more about how to prevent the imposter from getting in and out of your organization undetected, send an email to [email protected] with the subject line “the imposter.”

How to Rebrand
“Bossware”at Your

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida. Risus

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Employee Monitoring Resources

The Myths and Truths of Employee Monitoring

The Myths and Truths of Employee Monitoring

Early in the pandemic, searches related to “how to monitor employees working from home” increased by 1,705%. Without the oversight of managers in an office setting, many companies are concerned that their employees are less productive, and that there is an increase...

When To be Suspicious About Work-From-Home Employees (or Not)

When To be Suspicious About Work-From-Home Employees (or Not)

Perhaps someone doesn’t answer a Slack message as quickly as they should, or they have long hours blocked on their calendar. Maybe someone doesn’t seem motivated during team meetings or they are slow to complete work. While research has shown that overall,...

Avoid These Employee Monitoring Blunders

Avoid These Employee Monitoring Blunders

In September 2021, 45% of full-time employees were still working remotely, and the trend is hard to reverse. People like the freedom of working from home. Without a commute, they save time. Without a boss looming in the background, they can multi-task at home. And,...