It's Not Always the Hackers... - Exabeam

It’s Not Always the Hackers…

Published
June 04, 2016

Author
Tim Sadler

20 years ago, I was working the graveyard shift as a policeman on the south side of Chicago. Part of the area I patrolled included one of the largest railroad freight yards in the U.S.  Occasionally, we would get calls to assist the railroad police.  On this particular day we received a call to assist with a “theft in progress”. Upon arrival at the railyard, we found a freight train with 50+ rail cars stopped waiting to be unloaded.  After inspection, we found a single car with the locks broken, doors open, and a single crate pried open. There were a couple of boxes missing from the crate.

No big deal?  Unfortunately, it was a big deal — the boxes contained hand guns, and hundreds had been stolen.  During our investigation, we learned that it was common for street gangs to have an “insider” on their payroll.  The insider would be paid to steal and provide shipment information on the guns, including departure and arrival time of the train, rail car number, and track information.  What seemed to be a random burglary of a train car, turned into a case of a “rogue insider”.

I did not think much more about the burglary until a couple of months later, when another officer and I responded to a disturbance call at a house in our patrol area.  Upon entering the house, my partner and I realized we had interrupted a large party. We arrested over 60 people for disorderly conduct and recovered multiple hand guns. Each handgun had serial numbers filed off, and were the same make and model of the guns stolen from the train yard.  Since the serial numbers were filed off, there was no way to confirm they were part of the burglary of the train car. In hindsight, it’s easy to connect the dots: the railroad insider enabled a seemingly small theft that turned out to have a much larger impact. Stopping a small theft further upstream would have prevented larger harm later.

I have spent the last 12 years selling cybersecurity solutions to help organizations stop and contain malicious threats from outsiders.  Many of the largest breaches we’ve read about were caused by these outsiders.

However, the rogue insider poses a different, but equally large problem. The insider’s theft may seem small and it might be harder to catch, but the impacts can be huge. A USB thumbdrive might seem insignificant, but if it has the designs for a firm’s future product, the impact to that firm can be massive later on.

Every day I speak with prospects and customers who are well-versed in security controls, anomalies, algorithms, and data science. Despite their investment and efforts, these firms find that they can’t execute the fundamental principles of an investigation:

  • Determine if a breach has been committed
  • Take appropriate steps to stop the breach if in progress
  • Identify the offender
  • Protect and preserve the breach scene evidence
  • Locate/identify any witnesses

I joined Exabeam because our product was purpose-built to help detect these types of incidents early, and to help investigator’s do their jobs more effectively.

Recent Information Security Articles

New CISO? 5 Things to Achieve In Your First 90 Days

Read More

Our Customers Have Spoken: Exabeam named a 2021 Gartner Peer Insights™ Customers’ Choice for SIEM

Read More

What Is XDR? Transforming Threat Detection and Response

Read More

Exabeam Cyberversity: A Resource for Cybersecurity Professionals

Read More

XDR Security: 10 Ways XDR Enhances Your Security Posture

Read More



Recent Information Security Articles

7 Detection Tips for the Log4j2 Vulnerability

Read More

New CISO? 5 Things to Achieve In Your First 90 Days

Read More

5 Security Questions to Consider this Holiday Season

Read More

Our Customers Have Spoken: Exabeam named a 2021 Gartner Peer Insights™ Customers’ Choice for SIEM

Read More

What Is XDR? Transforming Threat Detection and Response

Read More