INSIDER THREAT DETECTION

As attackers have become more sophisticated, attack surfaces have expanded, and the number of attacks increased, organizations find themselves exposed to an onslaught of novel and previously unseen attacks. Combined with the threat of inside rogue users, its clear organizations face enormous challenge:

  • Can't Access the Event Data
  • Limited knowledge of Advanced Analytics
  • Long Time to Mitigation
  • Lack of Tools Intended for Security Analysts

Business Case

Sensitive data loss within enterprises requires close monitoring for deliberate acts of exfiltration.

Challenges

With big data, identifying behaviors that are indicative of data exfiltration is challenging within today’s SIEM vendors

Solution

Use existing open source big data technology to collect sensor data in real-time

Detecting and scoring anomalous behavior with unsupervised and supervised learning models in SIA

For each activity monitored, keep a baseline for every user in the organization, than calculate the deviation from the baseline to each user’s own history, and to the rest of the community

Highlight

Baseline user/entity activity | Detect deviation from the norm, i.e, z score | Machine Learning to detect first-seen patterns