2020-12-17T10:14:00Z

Looking for recommendations and a pros/cons template for software to detect insider threats

Hi peers,

I'm looking for recommendations for software to detect insider threats. 

Where can I find a pros/cons template (customized to an organization) to source insider threat detection support?

KK
User at University of Phoenix
  • 4
  • 75
5
PeerSpot user
5 Answers
XS
Freelancer at a non-tech company with self employed
Real User
Top 5Leaderboard
2020-12-23T11:19:16Z
Dec 23, 2020

I would suggest statistical methods (including machine learning): First, outlier detection. Then, approaches like “Association rules” (=not statistics to explain all the variance in a dataset but to find out tiny observations): for instance, they are useful for DNA prediction of diseases (one or two SNPs among millions of them), a forensic task.


When fraudsters know a tool (a template, a program), the solution is no longer valid. Research is the answer (research software rather than “production” software like in accountability). I mean, research as a step beyond production (only useful in the short term).

Search for a product comparison in Data Loss Prevention (DLP)
GJ
PAM Architect at a tech services company with 11-50 employees
MSP
Top 5Leaderboard
2020-12-23T13:11:29Z
Dec 23, 2020

This is an inside-out --- outside-in --- inside-in question, as an insider can be an outsider as well. There is no short answer other than a blend of a PAM tool with Behavioral Analytics and Endpoint Management, to protect credentials, govern activities, and detect abnormal activities.


I have about 40 questions I would ask before spitting out a single solution. Without knowing more about your environment I would be slow to start throwing possible solutions, as this will take you days to sort out the differing capabilities and features. You can start by looking at the Gartner Quadrants for PAM tools like BeyondTrust, CyberArk, Centrify, Thycotic, MicroFocus and others. If you spear your specific requirements you may miss bigger threats in your circumference, so use a net, and remedy the surrounding threats in this process.

KS
Director InfoSec and Audit at a manufacturing company with 1,001-5,000 employees
Real User
Top 20
2020-12-26T18:22:20Z
Dec 26, 2020

You'd need to break out better what you consider to be the types of insider threats. There is fraud; very different in an application system than insider activity that may be simply malicious or results in data loss. You need to identify a baseline of normal activity for each user across files, network, user behavior and the endpoint; correlate abnormal behaviour and lean false positives; that is your software and/or the CyOps team supporting you must. 


Doing that begins to give you some use cases that you can then test to determine if they are important to you and can be supported by your choice(s) of solutions. There may not be one, there may be layers needed, but depending on your choice you may be able to get more in one than with other options. Feel free to contact me off list (LinkedIn) if you'd like a matrix that could be used in a product comparison.

NF
Account-Manager at Consist ITU Environmental Software GmbH
Real User
Top 5
2020-12-30T18:03:49Z
Dec 30, 2020

Hello All,

I hope you had a merry Christmas.

In this case it is as simple as it is.
Just take Proofpoint ObserveIT - many companies in the public and financial sector have been using it for years.
By the way, it has GDPR conformity, that's especially interesting if you want to go for the EU or California.
It's easy to install, easy to administer, and comes with a huge number of use cases. So the need for customizing is reduced to minimum. It prevents, detects, alerts and tracks all inputs with a minimum of storage needed.

Few Steps
Phase 1, define the architecture and monitor all high-privileged users with the default setup. Then work with Proofpoint or local support to define gaps and customize use cases (only a few days)

Phase 2 roll out to next group of users and so on.

I apologize for this non-technical answer, but sometimes it really is this simple.
You don't need to invent the wheel a second time :)

Would like to wish everyone here a Happy New Year this way.
Please stay healthy


Best Regards


Norman

JF
Security Analyst at a financial services firm with 201-500 employees
Real User
2020-12-25T17:22:57Z
Dec 25, 2020

In addition to responsesfrom Xavier Suriol and reviewer1324719, also consider ObserveIT from Proofpoint.

Learn what your peers think about Digital Guardian. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
706,775 professionals have used our research since 2012.
Related Questions
VK
ISR Service Manager Data Security Services - Cybersecurity at Standard Chartered Bank
Mar 23, 2023
Hi Professionals,  I am a Manager of Data Security Services at a large bank. I am looking for a capability comparison between Broadcom Symantec DLP, Proofpoint DLP, and Microsoft Purview DLP. Any comparison reports provided between these products are appreciated. Thank you for your help.
See 2 answers
Muhammad Ejaz ul Hassan - PeerSpot reviewer
CEO at RISE Technologies
Mar 13, 2023
Go with Symantec DLP. If you have any questions let me know @ Ejaz.hassan@risetechno.com. 
Remy Ma - PeerSpot reviewer
Network Security Services at ACE Managed Securty Services
Mar 23, 2023
Data loss prevention (DLP) is an important security technology that can help organizations protect their data from unauthorized access, misuse, and data loss. DLP solutions are designed to detect data breaches and alert companies about the possible security risks associated with data storage. They can be used to block data transfers or restrict access to data stored in cloud-based data stores. In addition, DLP solutions can be used to monitor data usage and detect malicious behavior such as data theft or data leakage. By implementing data loss prevention technology, companies can protect their data from external threats and unauthorized access. When it comes to Email Cloud Security, Symantec DLP, Proofpoint DLP, and Microsoft Purview DLP are all strong contenders. But which solution is the right one for you? Well, that depends on your specific needs. If you prioritize ease of use and scalability in your Email Cloud Security solutions, then Symantec DLP is the right choice. If, on the other hand, you value data privacy and protection then Proofpoint DLP is a better option. Finally, Microsoft Purview DLP stands out for its comprehensive analytics tools that give users greater insight into their Email Cloud Security performance. So which Email Cloud Security solution do you pick? Choose wisely! It could make all the difference.
JL
User at Futurist Consulting
May 4, 2023
Hi community,  Can someone please explain to me how to integrate Zscaler DLP with Symantec DLP via ICAP? Thank you for your help.
See 1 answer
Muhammad Ejaz ul Hassan - PeerSpot reviewer
CEO at RISE Technologies
May 4, 2023
https://help.zscaler.com/zia/a...Follow the steps.....
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
May 30, 2022
Hi peers, This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.  Articles Check the top products and solutions below (selected based on peer reviews) or contribute your own article! Top Security Orchestration Automation and Response (SOAR) Solutions Top 8 Data Loss Prevention (DL...
NC
Content Manager at PeerSpot (formerly IT Central Station)
Apr 25, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Data Loss Prevention (DLP) Tools t...
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
May 30, 2022
Community Spotlight #15
Hi peers, This is our new bi-weekly Community Spotlight that includes recent contributions (ques...
NC
Content Manager at PeerSpot (formerly IT Central Station)
Apr 25, 2022
Top 8 Data Loss Prevention (DLP) Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our free Digital Guardian Report and get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
DOWNLOAD NOW
706,775 professionals have used our research since 2012.