The Insider Threat – Proportionate monitoring with a capital ‘P’

Proportionate monitoring

When Vigilant started on the journey to develop real-time security technology that would address the insider threat from employees, the majority of enterprise security vendors at the time were concentrating on the perimeter and external vectors. The ‘Insider Threat’ was a term most businesses didn’t want to hear. Employees were considered 100% trustworthy and HR wouldn’t countenance anything that cast doubt on the integrity of the workforce.

Roll forward ten years and things have changed. Tools like VigilancePro are as much about protecting employees from inadvertently putting both their livelihood and the company’s reputation at risk, as they are about pinpointing malicious behaviour. Either way, if you don’t have a measured way of understanding what your workforce is doing within the confines of your IT environment, you’ll never really understand the risk and, by the way, neither will your cyber insurance broker. Determining ‘risk’ within the human layer remains one of the most challenging aspects for any cyber insurance underwriter. GDPR has put a price on data breaches that it is hard for the actuaries to ignore.

Introducing UEBA – User and Entity Behaviour Analytics

As is the way, as a market develops so does the terminology and ‘Insider Threat’ was joined by UEBA – User and Entity Behaviour Analytics. Another term aligned directly to our Insider Threat solution. Our products have pioneered real-time understanding and are battle-tested in large-scale public and private deployments*. The ‘E’ in UEBA has been added as the AI revolution has unfolded to help understand how ‘entities’ as well as users are behaving – routers, servers, devices. They can be made to act like humans to a degree so need to be covered by the overall internal security blanket.

The ability to monitor what we term ‘baseline’ behaviour’ in real-time immediately allows an organisation to take the necessary precautions when that behaviour deviates from the norm.  A good starting point for most businesses is to create baseline policies that mirror an individual’s employment contract. If a user strays outside of company policy a simple automatic notification is often enough to make them think twice. Actions deemed malicious involving the likes of sensitive or critical information are stopped in their tracks. No point in having UEBA if you can’t intervene to prevent the behaviour and nullify the risk. This sets Vigilant apart and we call it ‘Behaviour Interception’…but the BI acronym has already been taken!

It is our belief that UEBA should be as ubiquitous on the endpoint stack as the likes of antivirus providing that monitoring is measured and proportionate. Ethical auditing is where we have always excelled. Monitoring user behaviour, even within our police customers, has to respect privacy. Ideally, only exceptional activity needs to be identified and real-time repudiation taken. It is this balance that satisfies HR policy and also protects the workforce from any unintentional breaches of sensitive data.   

PROPORTIONATE UEBA that minimises false positives, is cost-effective, easy to deploy and automatically PREVENTS expensive breaches is Vigilant’s specialty. As pioneers in the ‘insider threat’ space we have probably earned the right to our own lexicon. How about Proportionate User and Entity Behaviour Analytics……Do you think we would get away with PUEBA?! 

*VigilancePro powers automated governance for the NHS by protecting access to patient records.
UK Police forces maintain professional standards with VigilancePro.
VigilancePro enables compliant trading using Instant Messenger Apps.

Author

Article Published: 26th September 2023
Written by: Andy Craig, Vigilant Co-founder and Director

Continue your research

Loss prevention in the retail business

LiveStore® Your Remote Duty Manager, addressing loss prevention in the retail business with real-time operational intelligence

How can legacy IT systems keep pace with the quick service demanded by QSR chains and enable real-time loss prevention in the retail business?

How can legacy IT systems keep pace with the quick service demanded by QSR chains and enable real-time loss prevention in the retail business?

VigilancePro

VigilancePro – User Activity Monitoring

VigilancePro delivers highly effective insider threat management by analysing user activity across the entire organisation covering office, remote worker and field-based staff and regardless of whether they are using fixed or mobile devices.

VigilancePro delivers highly effective insider threat management by analysing user activity across the entire organisation covering office, remote worker and field-based staff and regardless of whether they are using fixed or mobile devices.

Employee monitoring software

How Employee Monitoring Software can help HR protect and retain their workforce

As pioneers in the Insider Threat space, in the early days of deploying our employee monitoring software VigilancePro, we were often faced with a conflicting rationale between commercial risk to a business and the wellbeing of the workforce.

As pioneers in the Insider Threat space, in the early days of deploying our employee monitoring software VigilancePro, we were often faced with a conflicting rationale between commercial risk to a business and the wellbeing of the workforce.

User activity monitoring

Put advanced user activity
monitoring into action

We’ve worked with a wide range of different companies and organisations in meeting their insider threat prevention and compliance needs.

Read more on our solutions page, or get in touch to book a discovery session.

Contact us to book a discovery session
<