The barbarians are through the gate.

By Veriato Team

Insider threats are a big topic – in the news and here at Veriato. We give webinars advising companies on how to reduce their risk of an insider incident, have published articles on the topic, and offer solutions that improve insider threat detection and facilitate insider incident response.

Today we are announcing a partnership aimed at dealing with a threat that starts and ends on the outside, but behaves very much as an insider threat at its core.

The imposter: An external actor, who hijacks valid credentials, and uses that “authorized” access to locate, steal, and otherwise damage confidential information and systems.

The imposter is dangerous, but with the right tools and focus they can be caught and stopped. Since user credentials or network credentials may be compromised, focus on user behavior and network behavior is needed to detect the imposter.

Given our focus on user behavior and activity, we sought a partner that offered unique, powerful capability in detecting anomalous network behavior – one that focuses on network traffic from a pure security perspective. We found that partner in Flowtraq and its powerful network behavioral intelligence engine.

There are typically three phases to the imposter’s approach – and combining network behavior intelligence and user activity intelligence gives you the insight you need to minimize the impact of the attack.

  1. Infiltration

    Initial malicious activity often includes scanning, password cracking or attack propagation. Although a skilled imposter shouldn’t have to resort to “noisy” techniques like this, 60 percent of “bad” network behavior fits into these categories. And due to weak passwords, forgotten default credentials and/or poor firewall policies, they’re surprisingly successful. But, with FlowTraq’s advanced network behavior intelligence, these are an easy catch.

  2. Data Gathering

    Once in, an imposter will look like a legitimate user from an authorization and authentication perspective, but won’t behave like a normal user. The amount and frequency of data accessed will be unusually high compared to a legitimate user – because the imposter isn’t interested in processing information as a user would. And while the data will appear to be going to a safe, internal system/user, the reality is that this is a precursor to a potential data exfiltration. Veriato’s unique user activity intelligence capability seeks out these types of anomalies – making it simple to detect, alert, and respond to insider threats.

  3. Data Exfiltration

    With data in hand, the imposter doesn’t have access to “physical” exfiltration options – removable media, laptop, or printing – so the data needs to be moved to a remote server (often cloud-provisioned, temporary accounts). FlowTraq’s advanced network anomaly detectors will flag this immediately – its unique filtering, combined with its full-fidelity storage, ensures that no traffic flies under your radar.

To learn more about how to prevent the imposter from getting in and out of your organization undetected, send an email to [email protected] with the subject line “the imposter.”

2023 Preparedness Checklist: Ensure Your Workforce Is Productive and Secure

This guide will help you understand where there are opportunities and risks in your workforce, and what you can do to make sure 2023 is as secure and productive as possible with workforce behavior analytics.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Productivity & Insider Risk Resources

A More Insightful, Proactive Approach to Employee Monitoring

A More Insightful, Proactive Approach to Employee Monitoring

Also known as “bossware” and even “employee surveillance”, employee monitoring has been placed in the bucket of technologies that companies force on their employees. Whatever you call it, its use is on the rise and it looks like it’s here to stay. As of 2022, 60% of...

Bossware and the Future of Work

Bossware and the Future of Work

Recently, there has been considerable coverage of “bossware” and a focus on draconian types of “surveillance” some companies are using to stay on top of remote and flexible workforces. Articles claim companies are accessing the camera on laptops and tracking every...

The Myths and Truths of Employee Monitoring

The Myths and Truths of Employee Monitoring

Early in the pandemic, searches related to “how to monitor employees working from home” increased by 1,705%. Without the oversight of managers in an office setting, many companies are concerned that their employees are less productive, and that there is an increase...