Predictive Analytics Tools Confront Insider Threats

Uploaded on 2016-01-13 in TECHNOLOGY--Resilience, TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

Defeating the new normal is the mission of advanced software.

Since the 2009 fatal shootings of 13 people at Fort Hood by a US Army major and psychiatrist and the leaks of some 750,000 classified and sensitive military documents to WikiLeaks by another soldier, the US Defense Department has sought technology to give analysts an advantage in finding insider threats.

Now many US federal agencies employ advanced analytics and cybersecurity solutions to protect against an ever-morphing landscape of breaches, from those outside firewalls to rogue or careless employees. One of those solutions is a product called Carbon.
“Rather than focus on data mining and forensics, [it sorts] through hundreds of real-time information streams to identify the emerging threats … and prioritize them for analysts,” says Haystax Technology CEO William Van Vleet III of the risk-rating tool analysts use whether working from an office desktop or via a mobile response unit.

Carbon uses the patented Constellation analytics platform and aggregates and analyzes large streams of real-time data to spotlight anomalies. “Carbon offers a continuous evaluation of risk due to insider threats, even in highly complex, large organizations,” Van Vleet says. “It has new enhancements that makes it even easier to use and deploy without slowing down day-to-day work.”

Such technology is critical for those charged with hunting for the enemy from within. The Obama administration’s National Insider Threat Task Force, created following the WikiLeaks scandal, works to detect and deter employees who pose threats to national security. Government specialists in the areas of security, counterintelligence and information assurance assess the adequacy of insider threat programs across the government and circulate best practices to mitigate problems, often relying on continuous and automated solutions.

The Defense Department also wanted continuous evaluation solutions that would flag troop behavioral changes. “The Army approached us and said look, we’ve got WikiLeaks, the shooting at Fort Hood [and] all of these veterans and soldiers coming back from the Middle East, some with PTSD [post-traumatic stress disorder]. How do we get ahead of this to predict threats and prevent incidents from happening again?” Van Vleet offers.

The military certainly is not the only institution challenged by insider threats. A recent study by Intel Security titled “Grand Theft Data” indicated that internal actors were responsible for 43 percent of data loss following a breach of company networks. Perhaps surprisingly, half of these breaches were unintentional, reads the report. “Most people think that when you talk about insider threats, it’s really about the malicious intent, somebody trying to do something bad, like a Snowden or something like that,” says Van Vleet, referring to former National Security Agency contractor Edward Snowden, who leaked information on the government’s surveillance efforts to news media.

Intel Security’s report gathered data from information technology and security professionals representing 1,155 organizations worldwide. Almost 70 percent of respondents noted that data loss prevention technology could have averted past data exfiltration incidents. In fact, organizations that continuously monitored networks for unusual or anomalous behavior were more likely to detect data breaches with internal resources and more likely to have zero exfiltrations, the report shares. Additionally, internal actors were more likely to use physical media instead of electronic methods, especially USB drives and laptops. Employee information such as identity and health data was the most frequently compromised, the report states, and Microsoft Office documents were most commonly stolen, most likely because they are stored on employee devices with few access controls.

While no single tool or technology will solve all data security problems, automated threat analytics platforms may help. They create predictive risk profiles for organizations to determine which employees might pose a danger, looking into everything from work-related behavior, such as what files and computers employees access, to personal conduct, such as whether they have credit problems or marital or legal issues. Effectively countering insider threats requires a two-pronged approach: monitoring both cyber activity and human behavior, Van Vleet offers. “What you have to realize is that at the other end of that keyboard is a person,” he says. “To have a robust approach, you want to address the full spectrum of both human behavior and the cyber behavior.” Along that line, Carbon is not an acronym. “As we do all of this cybersecurity stuff, one thing that’s important for us is that we don’t forget what’s behind the computer. It’s a person. It’s a carbon-based life form, and that’s why we call it Carbon.”

The solution does not provide instant results and requires diligence for the long haul. “You can’t just monitor at one point in time. It’s not like one alarm goes off,” Van Vleet states.

Additionally, the tool prioritizes employee behaviors into a pyramid, alerting officials to those the system flagged as high risk for possible nefarious actions. “From a management standpoint, it allows you to ... use the analytics to focus on the riskiest ones,” he says. “By watching this over time, this continuous monitoring and evaluation allows you to pre-empt behavior before it reaches a catastrophe. You can do some counseling, maybe. It can match your response to the actions that you’re seeing.”

Necessity pushed for a rapid maturation of the tool. In three years, Haystax Technology has moved Carbon from a prototype to an operational program that several government agencies use, Van Vleet says. “I can’t discuss specific results because that’s obviously customer-specific, but I can say we’ve gone from a pilot where we tested it on a sample size of 1,000 to it now being used on a few hundred thousand personnel on a continuous basis.”

The concern over insider threats shares the stage with outsider-launched attacks rather than taking the spotlight, Van Vleet points out. In addition to insider threat mitigation technology, Haystax has deployed modified programs that officials use to predict physical or cyber attacks linked to major sporting events or civil unrest and even at public schools. For example, during the April protests in Baltimore that followed the death of a local man after police transported him to jail, predictive technology alerted authorities to the likelihood of violence during some of the demonstrations. Generally, Carbon combines data from open-source feeds such as Facebook, Twitter and news networks with information from proprietary feeds such as video surveillance and alarm systems, in real time, to prioritize threats and issue alerts for the most pressing risks. Haystax altered the basic software platform to provide a program used by public school officials to forecast incidents that require immediate attention, such as gang violence or a possible school shooting, he allows. The Los Angeles School Police Department, for example, relies on analytic technology to forecast security issues.

AFCEA: http://bit.ly/1RwbXdQ

« Experts Make 2016 Cybersecurity Predictions
NSA Chief Says The Rules of War Do Apply to Cyberwar »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Acumin Recruitment

Acumin Recruitment

Acumin is an internationally established Cyber Security recruitment specialist.

Vanguard Integrity Professionals

Vanguard Integrity Professionals

Vanguard Integrity Professionals is an independent provider of enterprise security software solutions that address complex security and regulatory compliance challenges.

European Council on Foreign Relations (ECFR)

European Council on Foreign Relations (ECFR)

ECFR is a pan-European think-tank conducting research and promote informed debate on European foreign policy. Cyber security is becoming an intrinsic element of foreign policy debate.

BPC Banking Technologies

BPC Banking Technologies

BPC’s advanced fraud prevention solution helps card issuers and acquirers combat the growing threat by monitoring 100% of transactions, online, in real-time across all channels.

Tata Consultancy Services

Tata Consultancy Services

Tata Consultancy Services is a global leader in IT services, consulting & business solutions including cyber security.

Alpine Cyber Solutions

Alpine Cyber Solutions

Alpine Cyber is a Managed IT Service Provider focused on cybersecurity and cloud services.

SixThirty CYBER

SixThirty CYBER

SixThirty is a venture fund that invests in early-stage enterprise technology companies from around the world building FinTech, InsurTech, and Cybersecurity solutions.

Intraprise Health

Intraprise Health

Intraprise Health is a Certified HITRUST Assessor and award-winning provider of health information security products and services.

SpecterOps

SpecterOps

SpecterOps has unique insight into the cyber adversary mindset and brings the highest caliber, most experienced resources to assess your organizations defenses.

Netenrich

Netenrich

The Netenrich operations intelligence platform is built from the ground up to help enterprises resolve everyday and futuristic problems for stable, secure environments and infrastructures.

Cyber Lockout

Cyber Lockout

Comprehensive ransomware insurance and preventative cybersecurity technology solution, working together to help protect businesses 24/7/365.

CyberUSA

CyberUSA

CyberUSA is a collaboration of leaders and states focused on a common mission purpose of enabling innovation, education, workforce development, enhanced cyber readiness and resilience.

Dataminr

Dataminr

Dataminr Pulse helps organizations strengthen business resilience with AI-powered, real-time risk and event discovery—and the integrated tools to manage responses.

Ionize

Ionize

Ionize offers solutions to help you uplift your capability across the full-spectrum of cyber security - assessment, remediation, monitoring, governance and ongoing education.

Keeran Networks

Keeran Networks

Established in Edmonton in 1999, Keeran specializes in delivering comprehensive IT support and solutions aimed at optimizing technology investments for businesses.

TerraZone

TerraZone

TerraZone is a global cyber security and privacy solutions provider to governments and enterprises.