earthwave

Insider Threat Management

Insiders have two things that external attackers don't: privileged access and trust. This allows them to bypass preventative measures, access mission-critical assets, and conduct malicious acts all while flying under the radar unless a strong incident detection solution is in place. Some employees become malicious over time; others may be spies planted to conduct industrial espionage; while still others simply make unwitting mistakes that put the organisation at risk.

A number of variables motivate insiders, but the end result is that they can more easily perpetrate their crimes than an outsider who has limited access. It doesn't take a skilled hacker to print out sensitive data, copy files to an MP3 player or send confidential information to a competitor. Because of this, anybody can become a malicious insider - from the disgruntled system administrator hoping to sabotage access to business critical systems to the human resources intern that is selling employee salary information to recruiters. Insiders can directly damage your business resulting in lost revenue, lost customers, reduced shareholder faith, a tarnished reputation, regulatory fines and legal fees. With such an expansive threat, organisations need an automated solution to help detect and analyse malicious insider activity.

The earthwave Insider Threat Management solution identifies malicious insiders with user context and early warning, then responding to insider threats efficiently and effectively with end-to-end management.

With earthwave Insider Threat Management you can extend the solution to match your company's specific needs.

A few examples of the pre-defined insider threat content available in this solution include the ability to:

  • Identify suspicious user activity patterns and identify anomalies
  • Visually track and create business-level reports on user's activity
  • Automatically escalate the threat levels of suspicious and malicious individuals
  • Respond according to your specific and unique corporate governing guidelines
  • Early detection of insider activity based on early warning indicators of suspicious behavior, such as:
    • Stale or terminated accounts
    • Excessive file printing, unusual printing times and keywords printed
    • Traffic to suspicious destinations
    • Unauthorised peripheral device access
    • Bypassing security controls
    • Attempts to alter or delete system logs
    • Installation of malicious software