The Guru sat down with Nuix VP of Business Threat Intelligence and Analysis Joe Hoofnagle and asked him about a range of topics – from compliance to data analysis, see below for how companies are adapting and what the latest in analytics and security can help us accomplish today.
Guru: How can data analysis be applied to combat insider threats?
JH: It’s often thought (and preached in the industry) that organisations need to comb through every byte of data to uncover insiders looking to do harm or steal. In fact most products on the market today tout this very idea, claiming that they will search through all manner of bits and bytes to uncover companies’ issues via “behavioural analysis”. While that may be great for the data scientists of the world, most people who find themselves dealing with insider issues are typical incident responders struggling to capture and fix all they can.
Although technology is thought to be boundless, human interaction with technology is definitely not. When conducting data analysis surrounding insider threats, organisations need to focus on the tactics, techniques, and procedures one would use to access and steal information. This is actually quite simple. Remember, there are only so many ways a person can take information, for example using USB drives, cloud storage, personal email and printed data.
Guru: Is the solution to insider threats based on people or technology? Or a mix?
JH: Definitely a mix! The right technology is key, however good old detective tactics are also in order. Analysts and responders need to understand the stories that their tools are telling them, connect digital evidence to human activities, and communicate throughout their organisations to make these connections.
It takes more than just tools and technical wizards to create an effective insider threat program and gain a greater understanding of the scope of issues they find.
Guru: How do you ensure security teams aren’t drowning in data as they work?
JH: By focusing on what matters most to the organisation. If it tries to secure everything, it runs the risk of winding up protecting nothing. Identifying critical value data and placing security emphasis and efforts there will keep the organisation sane, and will also reduce costs associated with its security programmes.
Will compliance with regulations help combat the insider threat? Will guidelines such as the GDPR help companies handle data more securely? Compliance is a great first step in any security effort. However, it should only be considered as the foundation of their efforts to comply and protect. Companies also need to understand what policies, procedures, controls, and enforcement mechanisms they need to put in place in order to truly address possible security issues and not just limit themselves to “comply”.
Guru: Lots of people are telling enterprises to prepare for the GDPR, what do you think the important first step is on the way to meeting its requirements?
JH: As a first step, organisations should assess the requirements as outlined in GDPR guidance. Most will find they already have some semblance of these directives in place and may only need to add or adjust how they handle personal data of EU residents.
The bigger issue is that sometimes, organisations consider compliance as a “check box” they need to fill out. In order to be truly be effective, appropriate policies, procedures, controls, and enforcement mechanisms need to be in place to ensure responsibility and accountability.
Guru: Is the security industry prepared to comply? Or will security teams be stretched too far?
JH: New and existing laws, directives, and guidance seem to be pulling teams into many different directions. Although when you really take a look at most of the new laws they all have one common theme; protect data. So, many of an organisation’s existing controls can be reutilised or readjusted to meet the requirements.
Thanks to Joe for speaking with us – if you want to learn more about what Nuix is working on then visit their website: http://www.nuix.com/
