The Insider Threat – Proportionate monitoring with a capital ‘P’

When Vigilant started on the journey to develop real-time security technology that would address the insider threat from employees, the majority of enterprise security vendors at the time were concentrating on the perimeter and external vectors. The ‘Insider Threat’ was a term most businesses didn’t want to hear. Employees were considered 100% trustworthy and HR wouldn’t countenance anything that cast doubt on the integrity of the workforce.

Roll forward ten years and things have changed. Tools like VigilancePro are as much about protecting employees from inadvertently putting both their livelihood and the company’s reputation at risk, as they are about pinpointing malicious behaviour. Either way, if you don’t have a measured way of understanding what your workforce is doing within the confines of your IT environment, you’ll never really understand the risk and, by the way, neither will your cyber insurance broker. Determining ‘risk’ within the human layer remains one of the most challenging aspects for any cyber insurance underwriter. GDPR has put a price on data breaches that it is hard for the actuaries to ignore.

Introducing UEBA – User and Entity Behaviour Analytics

As is the way, as a market develops so does the terminology and ‘Insider Threat’ was joined by UEBA – User and Entity Behaviour Analytics. Another term aligned directly to our Insider Threat solution. Our products have pioneered real-time understanding and are battle-tested in large-scale public and private deployments*. The ‘E’ in UEBA has been added as the AI revolution has unfolded to help understand how ‘entities’ as well as users are behaving – routers, servers, devices. They can be made to act like humans to a degree so need to be covered by the overall internal security blanket.

The ability to monitor what we term ‘baseline’ behaviour’ in real-time immediately allows an organisation to take the necessary precautions when that behaviour deviates from the norm.  A good starting point for most businesses is to create baseline policies that mirror an individual’s employment contract. If a user strays outside of company policy a simple automatic notification is often enough to make them think twice. Actions deemed malicious involving the likes of sensitive or critical information are stopped in their tracks. No point in having UEBA if you can’t intervene to prevent the behaviour and nullify the risk. This sets Vigilant apart and we call it ‘Behaviour Interception’…but the BI acronym has already been taken!

It is our belief that UEBA should be as ubiquitous on the endpoint stack as the likes of antivirus providing that monitoring is measured and proportionate. Ethical auditing is where we have always excelled. Monitoring user behaviour, even within our police customers, has to respect privacy. Ideally, only exceptional activity needs to be identified and real-time repudiation taken. It is this balance that satisfies HR policy and also protects the workforce from any unintentional breaches of sensitive data.   

PROPORTIONATE UEBA that minimises false positives, is cost-effective, easy to deploy and automatically PREVENTS expensive breaches is Vigilant’s specialty. As pioneers in the ‘insider threat’ space we have probably earned the right to our own lexicon. How about Proportionate User and Entity Behaviour Analytics……Do you think we would get away with PUEBA?! 

*VigilancePro powers automated governance for the NHS by protecting access to patient records.
UK Police forces maintain professional standards with VigilancePro.
VigilancePro enables compliant trading using Instant Messenger Apps.