July Newsletter 2018


Quote of the Month

“They either have a beef or want the whole cow.”

Saryu Nayyar, Gurucul CEO, on malicious insider’s motives

The Backstory

Saryu Nayyar, our CEO, was contacted by a reporter to provide comments on an Insider Threats story. The reporter sent Ms. Nayyar a list of questions. Below are her responses to some of those questions.

How large a problem are insider threats today for companies? Do you have any statistics?

Insider threats are the biggest cyber security problem for companies today because they can cause the most damage and are much harder to detect and prevent. Insiders are just that – insiders, many with keys to the kingdom. They know where the sensitive company/customer data is and who has access to it, so they know exactly where to strike if they decide to take action.

Cyber criminals use automated hacking tools continuously to attempt to breach an organization. When they do break in, they still need to surveil the network to find the data worth exfiltrating. Insiders are already inside the network and know where the proverbial gold bars are stored and who has the keys. All they need to do is find a way to access those keys or use the ones they have.

Not all malicious insiders are financially motivated. Many are angry employees who want vengeance on an organization. In this scenario, they either target individual executives (expose inappropriate emails or salaries for example), or exact whatever damage they can (like deleting customer records).

Regarding statistics, according to the 2018 Verizon Data Breach report, 28% of all data breaches involved internal actors. There were 750 incidents and 536 confirmed data disclosures reported in the Healthcare segment alone. Of those, 18.4% were Privilege Misuse. 47% of those cases were cases of fun, curiosity or “snooping” and 40% of those were for financial gain. In the same report, 13% of cyber espionage are also noted as insider threats.

The Healthcare industry is the only vertical that has a greater insider threat than external threat. This complicates definitive insider threat statistics in that 28% is an overall number based on all data breaches across all industries. As you can see, that percentage will differ based on the industry.

Further, while malicious outsiders (72%) were the leading source of data breaches, these comprised only 23% of all compromised data. On the other hand, insider threats accounted for 76% of all compromised records.

Why do employees engage in these illegal activities, and which employees are most likely to engage?

Employees often engage in these activities for financial gain or vengeance. They either have a beef or want the whole cow. Some employees are just curious or wanting to snoop on neighbor, celebrity and family members. This could be for medical records, financial or other information. Imagine if you knew that the MVP’s hand was going to keep him out of the Super Bowl 3 days before anyone else, or if a famous celebrity was in the hospital.

System Administrators or employees with privileged access are the likely candidates for either motive since they have the access needed to steal data or inflict the most damage. However, anyone can be courted by competitors or hackers to surveil internally for cold hard cash. And, individuals with something to hide are susceptible to blackmail.

How does analytical behavior monitoring technology work to help identify disgruntled employees or potential data/IP theft incidents?

Behavior and risk based security analytics identifies risky out-of-norm behaviors, provides risk prioritized alerts and helps organizations identify high-risk profiles in real-time. This enables models-driven security to automate front line security controls.

Our Gurucul Risk Analytics platform helps security teams by creating a contextual linked view and behavior baseline from disparate systems including HR records, accounts, activity, events, access repositories, and security alerts. A baseline is created for the user and dynamic peer groups. As new activities are consumed, they are compared to the baseline behaviors. If the behavior deviates from the baseline, the behavior is deemed as an outlier. To summarize, using behavior analytics and risk scoring algorithms, our machine learning engine enables companies to easily detect and predict abnormal user behavior associated with potential sabotage, data theft or misuse.

gurucul request demo


Free SaaS Trials This Summer

Get Behavior Based Security Analytics and Intelligence as a Service

Gurucul is pleased to formally announce our Software as a Service offering. Gurucul SaaS has been available for some time, but now it’s official! Powered by Gurucul Risk Analytics, Gurucul SaaS leverages over 1000 machine learning models to find hidden insights, without explicit rules and policies typically found in SIEM and log aggregation platforms.

In any machine learning model, the quality, quantity and depth of data impacts the accuracy and usefulness of the predictions. Gurucul can collect the data right from the source — cloud or enterprise — and will keep it on line for three years. Combining Gurucul Data Mine™ and the power of Gurucul Machine Learning will provide your organization with an unprecedented view of cyber risk and compliance reporting, and enable you to take action all from a cloud-based SaaS offering.

We’re excited to offer free trials of Gurucul SaaS. Get started today!

gurucul saas


Staying Secure as The IOT Tsunami Hits

Article by Leslie K. Lambert, Gurucul’s Chief Security and Strategy Officer

Just when we thought we were gaining control over our networks and computing environments, bam! Here comes the Internet of Things (IoT), and it’s the wild, wild west all over again.

This new wave of device proliferation has moved more quickly than any other computing or technology phase we’ve experienced in modern times. IDC estimates that there are 13 billion connected devices in use worldwide already, and that number could reach 30 billion in the next three years. To put this into perspective, Ericsson’s most recent Mobility Report estimated that there are less than four billion active smartphone subscriptions active around the world. The IoT phenomenon is that big.

The more devices the better

The paradox of IoT is that its full potential is only realized when there is a large enough number of devices online to interact with one another. As the number and type of unsecured IoT devices has exploded, the amount of data they are generating has become nearly immeasurable. IoT devices have wiggled their way into every nook and cranny of computing, making our lives better, while at the same time, creating an overwhelming trail of log data that begs to be tamed and understood.

IoT devices are now touching almost every activity we engage in as consumers, and driving all forms of enterprise and industrial automation, most of which we have little or no knowledge of. They are generating mountains of data on the activities of individuals and machines around the world.

leslie lambert internet of things


What’s New

BLOG: Are You Struggling with Thousands of DLP Events Per Day? The standard DLP solution will have thousands of events per day depending on how many policies are configured. It’s too many for a small team to sift through to identify the riskiest events. With Gurucul UEBA powered by Machine Learning, organizations can model certain behavior. Then, if they see alerts on those models, that means it’s a priority for them to investigate. Read More.
BLOG: Behavior Analytics Drive Preventative Controls Without Causing Undue Business Impact. Security has incredibly powerful preventative controls. We are able to block anything we want and have been doing so since the dawn of firewalls. The problem is being able to block things without causing undue business impact. Enter model driven security based on user and entity behavior analytics (UEBA). Read More.


Join Us

Black Hat USA. August 8-9​, 2018​. Las Vegas, NV. Visit Gurucul in the Exhibit Hall at booth #1244 for #MachineLearningMadness! We will reveal a new Machine Learning Model every hour during the show. And, we’re giving away a $500 AMEX gift card each day. Don’t miss it!

Gartner Security & Risk Management Summit – Australia. August 20​-21​, 2018​. Hilton Sydney Hotel, Sydney. Learn about the latest insider threats, flexible new security architectures, governance strategies, and more. Meet our local team and view product demos at our stand.

Gartner Security & Risk Management Summit – India. Get the latest information on new insider threats as well as insights to help you prepare for emerging technologies such as artificial intelligence (AI), machine learning, advanced analytics and blockchain. Meet our local sales and support team at our booth.

Share this page: