Sallie Mae | Reducing Insider Threats with Risk Analytics
Some 69 percent of enterprise security executives reported experiencing an attempted theft or corruption of data by insiders during the last 12 months, according to Accenture.
At student loan company Sallie Mae, insider threats have been amplified by increasing employee turnover and more contract-based positions. To combat the problem, Sallie Mae adopted a new approach that combines machine learning, analytics and predictive anomaly detection to user behavior and access privileges that can detect and protect against insider threats, as well as external attacks that use compromised insider credentials.
Sallie Mae deployed a user and entity behavior analytics (UEBA) platform from Gurucul. The technology first identified outlier access, orphan and dormant accounts. Next, it was used to monitor user activity to identify anomalous behavior in both on-premises IT resources and in cloud environments. If a user downloads a confidential document under abnormal circumstances, for instance, investigators can search all other users who also accessed it to uncover events which might involve multiple actors. Excess and misaligned access to data has been reduced by up to 40 percent.
For full article: http://core0.staticworld.net/assets/2017/04/26/cso50_2017.pdf