Demystifying Insider Threats: An Insightful Discussion

Insider threats are often the hidden dangers in cybersecurity — an elusive risk that, due to their inherent complexity, can cause substantial harm to any organization. And these threats aren’t exclusive to shadowy figures with malicious intentions; they might also arise from well-meaning employees or associates with access to sensitive data. We recently hosted a webinar on this complex issue, featuring Cynthia Gonzalez, Sr. Product Marketing Manager, and Jordan Forbes, Technical Account Manager, both at Exabeam. This blog post delves into their discussion and unpacks the insights revealed.

In this article:

• Insider threats — a brief overview
• Leveraging UEBA to decipher user behavior
• Insider threat detection with Exabeam — a demonstration
• How automation and proactivity bolster threat management
• Conclusion

Insider threats — a brief overview

Gartner describes an insider threat as any malicious, careless, or negligent threat to an organization that comes from people within the organization. These threats generally fall into three categories:

1. Compromised credentials usually result from phishing scams, accidental malware downloads, or clicking on malicious links. Cynthia describes the infamous Twitter breach where attackers exploited employee credentials through phone spear-phishing. As Cynthia explains, “The attackers managed to gain information about Twitter’s processes and target employees with access to account support tools to hack high profile accounts and spread a cryptocurrency scam that earned $120,000.” 

2. Malicious users intentionally attempt to pilfer data or disrupt operations. Cynthia cites the instance of “Apple engineers who were charged with data theft for stealing driverless car secrets” for a foreign company.

3. Careless users inadvertently risk sensitive data through negligence or ignorance of good security practices. Cynthia uses the example of “a data analyst who, without authorization, took home a hard drive with personal data from 26.5 million United States military veterans. The hard drive was later stolen from their home during a burglary.”

The average costs of these incidents can be staggering —  $13.8 million per incident, according to the 2022 Ponemon Cost of Insider Threats Global Report. Therefore, understanding and managing these threats is of paramount importance. Jordan highlights the importance of understanding the motive behind each threat. Here, user and entity behavior analytics (UEBA) play a vital role in categorizing threats.

Leveraging UEBA to decipher user behavior

The Exabeam machine learning-powered UEBA capability revolutionizes insider threat detection by creating a behavioral baseline for each user to identify deviations. It tracks and analyzes user access patterns and activities, pinpointing anomalies. Exabeam Security Analytics assigns risk scores whenever abnormal behavior is detected. 

Exabeam provides multiple use cases for compromised insiders, malicious insiders, and external threats. “And within those packages we have additional use cases,” Jordan elaborates. “So if you think about a use case like data leak, data exfiltration, our UEBA has the capability to detect compromised insiders — those compromised credentials, that lateral movement — all the way through to ransomware, to data leak abuse, privilege abuse. So that basically your entire security requirements can be built-in within the UEBA platform.”

Insider threat detection with Exabeam — a demonstration

During the webinar, Cynthia and Jordan showcase how Exabeam enables threat detection, investigation, and response (TDIR) for insider threats. They illustrate this with Smart Timelines^TM, which consolidate normal and abnormal activities, and furnish necessary information for rapid investigation.

Jordan demonstrates the capabilities of Exabeam using a hypothetical case of an employee exhibiting suspicious behavior. This exercise underscores the power of Exabeam Security Analytics and Smart Timelines, along with the value of data models that offer insights into user behavior.

How automation and proactivity bolster threat management

Jordan emphasizes the significance of automation in incident response. Analysts can leverage various options and playbooks within the Exabeam Security Operations Platform. For instance, if a case involves potential data exfiltration, analysts can reset the user’s password or add them to a watchlist, all within the platform.

This automation not only saves time, but also streamlines the TDIR workflow. Moreover, proactive measures like watchlists and threat-hunting capabilities allow organizations to stay a step ahead of security threats.

Conclusion

The webinar provides a comprehensive understanding of the Exabeam approach to managing insider risks. With features like UEBA, automation, and proactive checks, Exabeam presents an effective solution for modern security operations. In a world where cyberthreats are constantly evolving, these capabilities are indispensable for organizations striving to protect their data and systems.

The capacity to detect, investigate, respond to, and manage insider threats will continue to be a critical facet of cybersecurity. With Exabeam, organizations can confidently face these hidden challenges, equipped with the necessary tools and insights.

For more insights from Cynthia and Jordan, watch the on-demand webinar or read the transcript.

Watch this informative webinar to learn about the dangers of insider threats, including the financial, regulatory, and reputational consequences that can result from an insider breach.

You will learn:

• The three categories of insider threats
• Why insider threats are harder to detect than traditional external threats
• The importance of implementing UEBA to increase visibility into user access and activities and quickly review and investigate potential threats

Watch the webinar on demand.