Preempt Blog

The latest insights and advice to keep your company protected from insider threats and breaches

Crunchy on the Outside, Chewy on the Inside – Eliminating Insider Threats

Sixteen years ago, when we set out to build the first commercial inline Intrusion Prevention System (IPS), the OneSecure IDP, there was a lot of consternation and concern that deploying a solution inline would never happen on enterprise networks. Fast forward to now. We have multiple successful companies like Palo Alto Networks, Fortinet, SourceFire, and others. that have integrated IPS technologies into their NG Firewalls.
bigstock-Concept-Illustration-Of-Best-C-43451419-cropped.jpg

Today, with the numbers of breaches and insider threats on the rise, the same question is being asked inside the enterprise network: Will enterprises be willing to deploy prevention solutions that could eliminate insider threats? The answer is, without a doubt, yes. Hear me out:

  • Security is mainstream and businesses don’t want to be identified as those that have been breached
  • There are just not enough security personnel to follow up on every alert
  • Loss of customer trust, and hence business, is a big concern

The state of User Behavior Analytics (UBA) products is exactly where IDS’ were a decade+ ago before the introduction of IPS’ that could not only detect but actively enforce policies. This response mechanism is vital to closing the loop in eliminating threats. Mature and mainstream technologies like Multi Factor Authentication (MFA) and Machine Learning (ML), make enforcement inside the network feasible. MFA is required as incumbent technologies like NG Firewalls that can only block or allow are too blunt for confirming suspicious activity. Being able to validate identity of a user on the fly, without intervention from the security team, is possible with technologies like MFA. This ensures security without impacting the business process.

Machine Learning, on the other hand, allows systems to automatically baseline normal behavior without the assistance of the scarce security expertise. As employee roles change and evolve, the system automatically updates the baseline. ML solves the other challenge of identifying breaches.

Combining breach detection with active responses like MFA will make internal enforcement mainstream before long. These technologies were not as widely deployed when we built the first IDP. Now, with a policy based approach and using technologies like ML and MFA, businesses can finally eliminate insider threats.

Topics: Insider Threats,

Posted by Kowsik Guruswamy on July 14, 2016 11:01 AM

Product

Brute Force Attacks: Denying the Attacker, Not the User

According tohaveIbeenpwned.com, close to 8 billion accounts have been compromised...

Read More

Developer

What State-Sponsored Attacks Can Teach Us About Conditional Access

People often think that state-sponsored attacks from groups like Lazarus...

Read More

Events

A Simplified Approach to Network Segmentation

Network segmentation has long been one of the most valuable tools for protecting ...

Read More

Research

10 Things You Need to Know About Kerberos

As our research team continues to find vulnerabilities in Microsoft that bypass all major

Read More

Product

Brute Force Attacks: Denying the Attacker, Not the User

According tohaveIbeenpwned.com, close to 8 billion accounts have been compromised...

Read More