Introduces powerful out-of-the-box capabilities to help companies quickly deploy an Insider Threat program with minimal expertise and staffing
RedOwl announced the release of the latest version of its Insider Risk Framework, designed to help enterprises quickly deploy and operationalize programs to mitigate insider risk in regulatory compliance and information security. With this release, enterprises can rapidly integrate new, complex data sources, apply powerful behavioral analytics that look across mode and at the intrinsic risk characteristics of people, and visualize these in a new entity-centric set of dashboards across a specific set of use cases. The capability is now generally available.
According to the latest Verizon Data Breach Investigations Report, 77 percent of data breaches are a result of insiders. Today, most security spend focuses on the perimeter, leaving many blind spots within enterprises. At the same time, enterprise data generation is exploding, with about 2.5 exabytes of data created daily. The major driver in data growth is unstructured data, which includes communications, images and audio files. For risk management teams using basic user behavior analytics, the sheer volume of structured data, complexity of unstructured data and infinite query possibilities make it impossible to implement, manage and scale systems to identify incidents and mitigate risk. Recent incidents, including the disclosure of CIA documents to Wikileaks and Google’s lawsuit against Otto, underscore the urgent need for enterprises to quickly build and deploy insider threat programs.
Organizations attempting to meet the threat from insiders typically face three primary challenges. First, they don’t know what they can and should look for to find high-risk insiders. Second, they aren’t equipped to integrate and filter to the right data. Lastly, they don’t have the right tools to quickly identify high-risk insiders, understand motivation and identify precursor activity to help avoid regulatory violations and data breaches.
“Because insiders are trusted, they typically have easy access to sensitive data and systems,” said Joseph Blankenship, analyst at Forrester. “Waiting until a malicious insider acts may mean the damage is done before you can act, causing significant harm to the business. Finding potentially malicious insiders requires a focused, cross-organizational approach to detection and response.”
“One of the biggest detection gaps enterprises face in assessing risk is the lack of skills or resources required to sift through and garner insights from the sheer volume of data they’re producing,” said Guy Filippelli, founder and CEO of RedOwl. “With RedOwl’s latest release, we’re giving enterprises the means to ingest the broadest datasets to reduce the blind spots that exist within regulatory and information security risk, so that they can evolve from incident response to incident avoidance.”
The RedOwl platform now ships with a pre-configured library of data mappings and analytics based on RedOwl’s proprietary insider risk analytics framework. By leveraging this comprehensive analytical foundation customers are able to accelerate their insider risk management program deployment without losing any capability to modify existing or implement their own unique risk models. This flexibility stands in contrast to the “black box” approach offered by many other currently available solutions.
The Insider Risk Framework support critical use cases including:
- Data Exfiltration. Individuals engaged in illicit attempts to discover, gather, obfuscate, exfiltrate sensitive and/or classified data, and remove all auditable traces of the exfiltration event.
- Malicious User. Typically disgruntled, privileged users who are attempting to inflict virtual or physical harm to an organization’s infrastructure through malicious, intentional acts of sabotage. This might include, for example, attempts to compromise an organization’s internal computer network, or to disrupt the operations of critical physical control systems.
- Compromised User Account. Individuals whose credentials have been taken over by malicious, third-party actors, and whose network identities are used surreptitiously to cause significant harm to an organization’s security.
- Negative Behavior. Individuals in violation of corporate policy for an array of reasons, such as workplace violence, sexual harassment, snooping, and at risk of leaving.
- Illicit Behavior. Individuals putting the corporation at risk through unlawful behaviors, such as espionage, organizational conflict of interests (OCI), legal malpractice, and PII leakage.