As insider threats rise, the technologies to spot and defend against them increase, and it is for this reason why user behavior analytics and activity monitoring software become more popular.
I recently spoke with Mike Tierney, COO of Veriato (formerly SpectorSoft) about this, and he explained that its software is widely used for monitoring ‘high risk’ insiders and a large number of people use it for first case.
“The biggest difference now is we are not selling to home users, and the addition of behavioral analytics is because of a shift in focus to a more enterprise-centric solution,” he said. The company came from a background of monitoring technology for parents, which Tierney said “sold well, but in some areas we didn’t like”, and the mission was to help parents protect their children, but now it is driving towards activity monitoring and educating on behavioral analytics, and the stronger interest in that tends to be from larger organizations as the common security model is at a specific level, and its solution tries to make it consumable.
“We are being deliberate to avoid monitoring, and our largest customers adopt behavioral analytics and companies sell departmentally and expand with activity monitoring,” he said.
Tierney explained that it has focused on anomalies, as combined with indicators its research showed that when people engaged in insider activity, they become more invested in their own success. He said that it is often a case of spotting someone who is more “I” than “we”.
“How we are different is we take the anomaly alert and trigger it to allow the human operator to assess the situation and determine the response based on what we see. Some do just anomaly detection; we can provide both sides of the coin.”
Tierney said that when dealing with people you need a person involved, so having human operators arms you with better intelligence, and how a person and organization chooses to respond is up to them.
“The difference for us is behavioral analytics don’t have the ability to present content rich information and leaves human operators with ‘here’s an anomaly, figure it out’, while we say ‘here are the details’ and give them the information on exactly what has changed within a couple of clicks. We give a level of clarity and eliminate false positives fast. We record and capture activity as it occurs.”
In a recent survey of 400 people, only 5% admitted to taking corporate data with them for financial or personal gain but of those, 55% have used or continue to use the data in subsequent jobs. Fortunately, 92% would not take corporate data if they knew their activity was being monitored, with 79% believing their company has the right to monitor their activity.
This point, and concept of monitoring was one point I wanted to discuss. Even if you are in a workplace on a corporately owned device and managed network, does a stigma remain about watching the actions of employees? Tierney said it did, and the difference with behavioral analytics technology is that it does account for these concerns, unlike desktop management software.
“Something we found is that there are ways to do it and how to follow proper process, and if you follow the law then you are okay, so do some things to educate and within software you architect it to maximize privacy,” he said.
As an easy example, he recommended monitoring what happens on the internet, go blind on secure sites and stop recording, as the chance of business relevance is low. He added if no one looks at the activity until you see an anomaly, you can accommodate privacy needs and balance security needs with the user.
“Knowing what is going on within your perimeter is critical to keeping your valuable data out of the hands of competitors,” Tierney added. “But equally important is communicating with your employees to ensure they know what belongs to them and what consequences can result if they even think about taking it with them when they leave.”