Time
1 hour 5 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:10
In today's modern world, you can hardly go anywhere without being under video surveillance,
00:16
riding public transit, pumping gas into your car or paying a cashier.
00:23
And all of these cameras are recording all activity within their scope,
00:28
normal activity, no activity, malicious activity and even accidental activity.
00:34
You can't capture the footage of the bad actor. If you're not collecting footage all the time,
00:42
it's the same with capturing data exfiltration activities.
00:46
Your insider threat program must start long before the trigger occurs with Proactiv Data collection
00:54
and too many insider threat monitoring solutions are limited to a post trigger scope, and far too often, the actual ex filtration occurs much earlier.
01:04
True monitoring technology must be continually running to provide any historical context needed in the detection and investigation phases.
01:15
So let's hear what Peter How did Georgia has to say about detection?
01:22
Your detection methods must weed out false positives from the data collected.
01:26
You're monitoring and detection tools, will record many mundane activities in a sea of normal user activity and should be able to trigger credible alerts for possible insider threat activity.
01:37
The security team may already have tools that perform penetration testing network packet sniffing and password audit. Eight.
01:45
You may already be scanning for Web attacks and monitoring your network traffic from the outside.
01:49
Maybe you already deploy stem or sore tools for detection or threat response.
01:55
When creating your program, you need to identify if any tools that are currently used can be utilized for your insider threat program.
02:04
In an ideal world, cost wouldn't be a consideration, but you will need to budget for the tools required for a successful insider threat program.
02:14
Some kind of return on risk assessment needs to be done toe fully evaluate the tools used for the activity monitoring.
02:23
So let's hear from Peter again and what he has to say about response.
02:29
Your response to the detection depends on your organization and culture
02:34
during the investigation. A good program preserves as much data as possible for potential legal actions of performance, noting a personnel file or educating your employees on proper processes.
02:46
While your organization may choose to have a different response for the previous scenario,
02:50
your insider threat program should have these types of details in place for the response phase.
02:55
Who was involved in how the interview is handled can be put into a process that is well documented and followed to keep litigation to a minimum.
03:05
Just like video surveillance is the same for everyone in the cameras field division you're monitoring needs to be constant and consistent for all users.
03:15
Your detection methods must weed out the false positives. So not to overburden the security teams with too much data, so they don't have time to react.
03:25
This is one reason to plan your insider threat program to be flexible and focus on the likely scenarios you may have to start.
03:36
Perhaps most important of all, your insider threat program must start long before a trigger.
03:42
In other words, you can't afford to only monitor and employees activity after they've given notice or after rumors of organisational change had begun rippling through the office.
03:53
Too many insider threat monitoring solutions are limited to this post trigger scope,
04:00
and far too often, the actual ex filtration occurs much earlier.
04:04
True monitoring, detection and response technology must be continuously running, providing historical context and complete visibility into all data activity.
04:17
This enables your insider threat team to quickly and effectively see the full picture and protect all data at all times.

Up Next

8 Steps to Building a Modern Insider Threat Program

In this course brought to you by Industry Leader Code42, we will cover the 8 crucial steps necessary to build a modern insider threat program for your organization.

Instructed By

Instructor Profile Image
Alex Matheson
Instructor