The Insider Threat Chain is a roadmap of how data exfiltration, fraud and IP theft unfolds in a company. It starts with a tipping point where insiders enter an exploratory phase of using authorized access to do unauthorized things. However, because no rules are technically being broken within Data Loss Prevention (DLP), IDS, Firewalls, and AV, these early indicators go undetected. These early indicators may take place months before an employee or contractor attempts to actually remove information from the company via email, unauthorized cloud applications or thumb drives. Prior to reaching the data extraction phase, most employees are able to hide the sensitive information they plan on stealing, and have tested their means of extraction so that risky behavior eludes Data Loss Prevention software.
ObserveIT focuses on users and the critical role they play in data loss, instead of just focusing data and files. This allows you to detect early indicators of risk and out-of-policy behavior before data exfiltration takes place. This enables companies to be proactive about data loss while continuing to use Data Loss Prevention software for the final phase, exfiltration.
After reading this whitepaper you’ll know how to:
- Enhance reactiveness of data loss security programs
- Map ObserveIT and DLP to the Insider Threat Chain
- Detect and Deter risky user behavior with ObserveIT