In the present environment where “Insider Threats have increased by 250%” it is painfully clear that conventional malware-based protection is insufficient to prevent the loss of sensitive and privileged data. digitalendpoint™ recommends the following to address insider threats proactively in the hostile environment in which we operate today.

A recent survey asked 300+ information security decision-makers – from financial services, legal services, healthcare, retail, and government organizations around the world – what keeps them up at night? “Insider threats” was high on the list of responses. What scares them most about “insider threats”? It’s the imposters – the bad actors who can infiltrate an organization by taking over an account and posing as a legitimate user. Their motivation can be anything from mischief to major fraud – and these breaches cost significant time, money and resources that the organization can’t afford to spare!

The McAfee Labs 2016 Threats Predictions Report states that “behavioral analysis tools can detect attacks like these. Unfortunately, the security industry is playing catch-up in this area and it may take most of the next five years before solid behavioral analysis technologies gain the upper hand. Between now and then, two-factor authentication and biometrics will grow to supplant passwords, and other technologies will be the essential determinants of legitimacy.”

1  Verizon 2015 Data Breach Investigations Report (VDBIR)

2 Survey conducted of Private Legal Services, Healthcare, Retail and Government verticals in North America, APAC, and EMEA.

3 McAfee Labs 2016 Threats Predictions Report

Protection from imposters requires rapid and reliable detection that offers immediate insight into what’s happening, how it’s happening, where it’s happening and how to stop it fast. Leveraging a combination of network behavior intelligence and communications alerts as well as screenshot capturing from KnowIT, organizations can quickly detect, mitigate and ultimately defend against these types of imposter attacks.

The Best Defense Against Imposter Threats

KnowIT provides a fast and easy monitoring of all digital communications, quick security analysis and complete forensic screenshot recall of any network activity. KnowIT is a window into viewing any changes to patterns of behavior in your network. When any PC, Mac or Mobile device starts behaving outside the normally expected patterns, you are alerted so you can catch unknown attacks – and stop unwanted data leakage immediately.

KnowIT is designed to help you detect suspicious activity and to work seamlessly to analyze user behavior patterns, detect anomalies, and collect detailed user activity data to support investigations. Effective detection of imposter threats requires an intensive focus on the imposter.

By monitoring a wide range of user communications and activity data, you are able to detect shifts in the behavior of a user and set alerts for when those shifts suggest threat. Powerful reporting, search, and review capabilities – including the ability to replay screenshots of user interactions as they occurred – enable rapid assessment of, and response to, potential threats.

Insight into Network Behavior & User Activity During an Imposter Attack

There are typically three phases to an imposter’s approach and “87% of those who commit fraud are first-time offenders with no criminal history”4 — so combining network behavior intelligence and user activity monitoring gives you the insight you need to minimize the impact of the attacks.

Phase 1: Infiltration

Initial malicious activity often includes scanning, password cracking or attack propagation. Although a skilled imposter shouldn’t have to resort to “noisy” techniques like this, 60 percent of “bad” network behavior fits into these categories. And due to weak passwords, forgotten default credentials and/or poor firewall policies, they’re surprisingly successful. But, with KnowIT, these are an easy catch.

Phase 2: Data Gathering

Once in, an imposter will look like a legitimate user from an authorization and authentication perspective, but won’t behave like a normal user. The amount and frequency of data accessed and transferred will be unusually high compared to a legitimate user — because the imposter isn’t interested in processing information as a user would. And while the data will appear to be going to a safe, internal system/user, the reality is that this is a precursor to a potential data exfiltration. KnowIT provides you with access to easily see these types of anomalies — making it simple to detect, alert, and respond to imposter threats.

Phase 3: Data Exfiltration

With data in hand, the imposter usually doesn’t have access to “physical” options — removable media, laptop, or printer so the data needs to be moved to a remote server (often cloud-provisioned, temporary accounts). KnowIT’s advanced installed applications tracker detectors will flag this immediately — its unique filtering ensures that no danger flies under your radar. KnowIT flags data storage applications such as Dropbox, etc. ensuring nothing slips through the cracks.

Does your company have an Imposter Threats’ solution? Let us know in the comments section below!