April 01, 2016
Insider threats are present in 100% of studied environments
Insiders pose the biggest risk to business data since they are given trusted access to sensitive data, yet they often go completely undetected.
Insider threats that were found were classified as malicious insiders, careless and negligent insiders and compromised insiders. Threat incidents were not found by any existing in-place security infrastructure even though the right security layers were in place.
In most cases, granted, trusted access to data was what insiders took advantage of the most as opposed to attempting a direct hack of the databases and file shares.
Identification of insider threats
was positively reached with a combination of deception technology and behaviour analytics. Machine learning analysed detailed activity of the data accessed by insiders. Deception technology added value to the study by finding anomalies that suggested compromised end-points and user credentials.
“Just finding anomalies in user behaviour will not solve the insider threat problem,” said Amichai Shulman, co-founder and CTO of Imperva. “Enterprises need to have granular visibility into which users are accessing data, and more importantly, the actual queries and data accessed by each user. This deep level of insight proved critical to separating actual incidents from anomalies.”