Despite most corporations’ robust perimeter security solutions, advanced persistent threats may already have evaded perimeter detection and be lying in wait for some future launch date. Of even more concern is the fact that some of the barbarians who are already past the gate may not be Ukrainian hackers, they may be someone working at a neighboring desk.
Insider Threats: There is something you can do
Some methods for dealing with insider threats are exercised by managers with good people skills and the ability to spot early signs of attitude or work-satisfaction issues. However, the best source of raw intelligence on potential threats in the modern enterprise is found directly at the endpoints such as laptops and servers—the targets of most serious information-security threats.
Corporate endpoints are roiling with terabytes of constantly proliferating and volatile data that may include intellectual property, conversations about business processes that will later be subject to e-disclosure rules, running processes that may be propagating across other endpoints, back-channel communications, and more. In order to glean actionable intelligence, however, that tremendous amount of data has to be collected and prepared for analysis on an ongoing basis. Even if that were a possibility for the average corporate information-security budget, how would one who is not a data scientist find the needle in the haystack and identify it as such?
This is a job for security intelligence based on endpoint analytics, and EnCase® Analytics is precisely that new security tool.
Satellite View of Data and Processes
EnCase Analytics can act as a type of satellite overseeing the processes and activities across corporate endpoints, looking for anomalous behaviors, and finding correlations between disparate data sets. A visual dashboard can give graphic representations of findings from multiple perspectives, indicating when something suspicious may be occurring, and delivering that information in an easily digestible way to an information-security specialist. That specialist, then, can apply his far deeper and more subtle analytical capabilities to judge whether further investigation is warranted.
The visual representation of those suspicious patterns, anomalies, and commonalities within an interactive interface allows for immediate, on-the-fly adjustments to views in order to zero in on potential threats closer to the time of their occurrence—possibly heading off the significant damage that would result from a lack of early intelligence.
Find out more about EnCase Analytics here, and drop us a line in the Comments section below to share your own proactive security best practices.
Sam Maccherola is Vice President and General Manager EMEA/APAC for Guidance Software and is based in the United Kingdom.