Insider threat events are prevalent in all organisations and that they often go completely under detected by in-place security measures according to Imperva’s new Hacker Intelligence Initiative Report.
While many organisations are buffing up their security layers, most of the focus is on preventing direct threats that come from outside, and detecting threats from within is neglected. While all of the customers involved in the study had the “right” security layers in place, they were not able to identify many types of compromising, negligent, or malicious behaviour. Imperva finds this troubling, since its research indicates many significant data breaches are ultimately an “inside job.” Insiders – be they employees, contractors, business associates or partners – pose the biggest risk to enterprise data since they are granted trusted access to sensitive data.
Insider threat events were present in 100 percent of customer environments tested in the study. In most cases, insiders took advantage of granted, trusted access to data, rather than trying to directly hack the databases and file shares.
The Imperva Defense Center conducted the research by using a combination of machine learning-based behavioural analysis and deception technology to live production data and networks. Machine learning was used to analyse detailed activity logs of the data accessed by insiders. Deception technology added context to the analysis by identifying anomalies indicative of compromised end-points and user credentials. This deeper level of insight proved critical for finding true insider threats within a sea of anomalies.
“Just finding anomalies in user behaviour will not solve the insider threat problem,” said Amichai Shulman, Co-founder and CTO of Imperva. “Enterprises need to have granular visibility into which users are accessing data, and more importantly, the actual queries and data accessed by each user. This deep level of insight proved critical to separating actual incidents from anomalies. Imperva CounterBreach allows customers to apply machine learning and deception technology to both user behaviours and the data that users have accessed, which is the key to pinpointing insider threats.”