Advancing Our Insider Threat Defenses
We’ve talked a lot as a company over the years about the best ways to counter insider threats. It takes more than just buying some tools—you need executive buy-in, established processes, employee training, continual adaptation, and unwavering diligence to protect your organization’s information assets from theft, misuse, damage, or destruction.
All these aspects of fighting insiders are well-documented. You can’t simply buy a tool, no matter how full featured or robust, and expect to deter anyone inside your walls who’s willing to lie, cheat, and steal to get what they want.
The Technical Hurdle
The challenge I personally experienced trying to build an insider threat detection and response capability (once upon a time), however, had very little to do with process, buy-in, or any of the other non-technical aspects.
We needed technology to answer the questions we were constantly being asked! It’s been close to four years since I left that role to come to Nuix, but I can still hear them as clear as yesterday.
“What was in that 80-page document that Johnny printed?”
“Can you tell me if Suzie plugged a flash drive into her computer?”
“How come you didn’t stop Bob from transferring those files to Dropbox before he left the company?”
Each one of those questions carried with it the potential for hours of highly-manual, error-prone work on our team’s part. Extrapolate that across thousands of users on a network, and it’s hard to imagine how we’d ever put up an effective defense, no matter how well our policies were written or what kind of training everyone across the company took.
Nuix Adaptive Security Today
Recently, our Director for Security & Analytics, Hoke Smith, sent over a couple videos to publish on our YouTube channel (which you should check out – we try to get something new up there regularly). He asked me to watch one of the videos closely and give him my opinion about it, based on my insider threat detection experience.
I don’t say this as an advocate for the company—when he started demonstrating some of the newest capabilities in Nuix Adaptive Security, the old excitement came back. Here were the answers to some of the technical challenges I’d faced just a few years ago, solved in a way that’s intuitive for an analyst to tackle!
- Network isolation and alert when an unauthorized device is plugged in
- Automatic screen capture upon policy violation
- Remote, targeted forensic evidence collections
Don’t take my word for it. Check out the excellent update provided by Hoke and see for yourself how far Nuix Adaptive Security has come recently.