Cyber Security: Insider Threat Detection

Advanced analytics is one of the biggest reasons many companies include Big Data technologies within their Cybersecurity arsenal. System Soft Technologies’ Security Intelligence and Analytics (SIA) Solution not only enables a platform for creating custom advanced analytics, but also includes a very sophisticated analytic in its Insider Threat Detection (ITD) application.

Why Monitor Employee Behavior?

Many security breaches were performed by actors who had legitimate access to the data and were located inside of the company network. InfoSecurity reports 43% of data breaches were performed by Insiders. Ponemon Institute reports even higher numbers and goes on to report the cost of such breaches can be higher than external attacks. Dark Reading reports that 55% of companies have experienced an insider threat issue, 62% of employees have access to data they should not see, and only 9% of companies believe their insider prevention methods are effective. Clearly more needs to be done for this important topic.

Data Categories Collected

System Soft Technologies Insider Threat Detection application starts by monitoring three primary categories of behavior:

E-mail Activity

100%x280

Browsing Activity

100%x280

Login Patterns

100%x280

More importantly, since System Soft Technologies solutions are all open source solutions, organizations can extend the solution to include activity in business-specific applications. For instance, healthcare companies could monitor patient lookups or financial companies can monitor transactions. System Soft Technologies started with these three categories since virtually all companies have email, Internet access, and system logins.

Dimensions Tracked

In order to enable the sophisticated analytic within the Insider Threat Detection application, the multiple features within each behavior category are tracked in two dimensions:

100%x280
100%x280

While a typical mid-sized organization can have events numbering in the millions per day, the summary statistics will likely be tens of thousands per day since it is derived from the number of features times the number of users times 90 days (by default).

Analytic Results

100%x280

Collecting lots of statistics is great for data scientists and statisticians; however, most security analysts want the actual analysis performed for them. The Inside Threat Detection algorithm crunches each day’s activities, and with a dynamically evolving weighting scheme and a cumulative probability distribution, it provides a single “risk score” for each user. With this score a security analyst can easily focus on the riskiest users in their environment on any given day.

Analytics Dashboard

System Soft Technologies designed a user-friendly dashboard for the security analyst to begin their daily review of user behavior. At a glance, the security analyst can see the riskiest user in their environment along with several other key indicators. Quickly, the analyst can see the distribution of high, medium, and low risk users as well as geographic distribution and the recent trend.

Investigation Support

A heat-map on the Overview dashboard enables the security analyst to quickly drill-down into the details of any user’s activity. From the Overview dashboard the analyst is taken directly to a category view of a single user’s activity for any given category. From the category view the analyst can quickly see a breakdown of the deviation in activity from the user’s own history compared to the community of users, a trend for this user over the past 90 days, and can dig into the details of individual records for the user.

Machine Learning Feedback Loop

Every organization is different. While System Soft Technologies Insider Threat Detection application comes with a good, tested set of weights for the various features, your organization may have different characteristics. That’s why it is critical to provide a feedback mechanism for the security analyst to enable machine learning algorithms to “train” the analytic: With this input the system will get smarter and smarter as time goes on.

Critical Thinking. Collaboration. Success.

Copyright ©2017 System Soft Technologies. All rights reserved.