June Newsletter 2019

Quote of the Month

There are many types of insider threats – disgruntled employees, determined saboteurs, good-natured bozos…”

Jonathan Care, Senior Director, Gartner


The Backstory

This month we were a sponsor and exhibitor at the Gartner Security and Risk Management (SRM) Summit. As always, it was a great opportunity to meet with leading cybersecurity experts and discuss the challenges they face in the daily battle against ever more sophisticated cyberattacks. It was also a chance to hear from Gartner analysts themselves on their perspectives of trending cybersecurity issues and where the industry is headed.

During his detailed session, “Building Incident Response Scenarios for Insider Threats”, Mr. Care delved into how complex of a problem the insider threat really is. Presenting with fellow analyst Brian Reed, Mr. Care described how there is no universal type of insider threat. Instead, there are many different insider threat personas. And each persona presents unique challenges to those charged with finding and stopping insider threats.

What’s the Scope of the Insider Threat Problem?

According to Verizon’s 2019 Data Breach Investigations Report, more than one third (34%) of all data breaches last year were by internal actors. Our own industry research reflects this data. According to a survey we conducted at RSA Conference this year, 40% of organizations report that they either cannot detect insider threats or can only detect them after stolen data has left the organization.

Clearly, it’s a prevalent problem. It’s also a costly problem. Research from the Ponemon Institute reveals that the average cost of a cybersecurity incident involving employees or other insiders is now a staggering $8.7 million.

Insiders are a particular problem in the realm of cybersecurity. External attackers must first breach an organization’s perimeter and then search the network for valuable data before being detected. But insiders already know where that proverbial gold resides – and how to access it.

Who Are These Insider Threats?

When most people think of the “insider threat” there are usually some common stereotypes that spring to mind. Often people conjure up an image of the nefarious insider threat as being some malevolent super villain straight out of a 1960s James Bond film.

In reality, the insider threat is more complex than that. It could be the employee who received a poor performance review and is now itching to “get even” with the company he thinks mistreated him. Or it could be the rogue IT admin who uses his unmonitored elevated access to snoop out confidential data on the network. How about the former employee who still retains access into key systems, even years after leaving the company? For just one example of this type of insider threat, consider the recent case of a fired employee who pilfered the data of 2.9 million members of the largest credit union in Canada. And this was just last week…

While these insider threat personas exist, the totality of the problem is far greater. Certainly, some insiders truly are malicious. But, in reality, any employee in your organization with access to critical systems and sensitive data might be an up-and-coming insider threat.

Many data breaches originating from within an organization are simply due to the carelessness of employees. These unintentional insider threats (like users clicking on phishing email links) account for 25% of all data breaches. Saying that humans are the weakest link in security may sound like a cliché. But there’s truth to the adage. After all, humans operate most of the computers and devices in your organization – and humans make mistakes.

Thwarting the Insider Threat

Conventional cybersecurity tools offer little when it comes to defending against insider threats. In each of the different types of insider threat personas above, there’s a common factor of having access to “the goods” on the network. Of course, employees and contractors need access to certain systems and applications to do their jobs. Intentional or accidental misuse of these privileges is the price paid for such access.

Cybersecurity teams are stretched too thin to manually monitor every action taken by every employee in their organizations. However, modern machine learning algorithms can automatically track and analyze the employee behavior to identify anomalous and suspicious activities. These activities could range from an accountant who downloads a confidential file he never looked at before, to a salesman who suddenly starts emailing large volumes of customer data to his personal account.

Machine learning allows organizations to compare current user behavior to baselined “normal” behavior. From there, they can identify suspicious trends and spot outliers to remediate threats. The behavior is the “tell”. And, in the two potential insider threat cases stated above, the user’s behavior would be suspicious and flagged as risky and anomalous.

Detecting high-risk users with abnormal behaviors through machine learning and statistical analysis is a force multiplier. It exposes anomalies among enormous volumes of data that humans or traditional security tools could never identify.

Uncover Insider Threats with Gurucul Risk Analytics

Our customers are predicting, detecting and stopping insider threats with Gurucul Risk Analytics (GRA). GRA creates a contextual linked view and behavior baseline from various systems – HR records, accounts, activity, events, access repositories, security alerts and more. It identifies out-of-norm behaviors, provides risk prioritized alerts and helps organizations spot high-risk profiles in real-time. As new activities are consumed, those activities are compared to the baseline behaviors. Behavior that deviates from the baseline norm is classified as an outlier to be dealt with.

Want to learn more? Download our whitepaper Uncover Insider Threats Through Predictive Security Analytics.

You can also request a demo to learn how Gurucul can help you detect and defeat insider threats in your organization.


Gurucul is Named a Vendor to Watch for Insider Threat Defense in Gartner Market Trends Report

Comprehensive User Behavior Monitoring for Insider Threat Detection Provides Value to Both Security and Non-Security Stakeholders.

Gurucul, a leader in security and fraud analytics technology, today announced it was included as a Vendor to Watch in Gartner’s May 2019 Market Trends: UEBA Providers Must Embrace Specialization report. Gurucul is cited as a Vendor to Watch for insider threat defense.

According to Gartner, “Monitoring a user’s behavior, as the user interacts with data, network resources and applications, has proved to be incredibly useful to a broad range of security domains. In fact, it has been so effective in helping other technologies be better that the market for a general purpose user behavioral monitoring tool (UEBA) is threatened to move forward in its current form. Information about users is good when it stands alone, but it is great when combined with threat-related (or other program-related) data.”

Gurucul is Named a Vendor to Watch for Insider Threat Defense in Gartner Market Trends Report

How Will AI Impact Society In The Next Decade?

11 Tech Pros Weigh In.
Saryu Nayyar

In five to 10 years, artificial intelligence (AI) will have found its way into nearly every segment of our lives, both personal and professional. While the technology has many benefits—ranging from improved business operations and services to an enhanced quality of life—if employed unwisely, it also has the potential to be detrimental in terms of privacy issues, loss of jobs and more.

Increased Cybersecurity. History has already proven that AI has drastically changed the face of so many industries for the better. For example, the application of AI in cybersecurity, using analytics powered by machine learning, can predict and stop insider threats and fraud before it happens. Future AI applications are going to be more innovative and vastly superior. We’re just getting started!” – Saryu Nayyar, CEO, Gurucul.

How Will AI Impact Society In The Next Decade?


Zero-Trust Security Model Means More than Freedom from Doubt

A zero-trust security model has a catchy name, but the methodology means more than not trusting any person or device on the network. What you need to know.

Unless you’ve been living under a rock, chances are you’ve heard about the zero-trust security model. The name is enticing. It implies all devices, resources, systems, data, users and applications are to be treated as untrusted. Cybersecurity professionals don’t want to think of themselves as overly trusting, so zero trust seems like the right way to approach enterprise cybersecurity. But the moniker, while catchy, is somewhat misleading. The zero-trust security model actually refers to an architecture that features a highly distributed, granular and dynamic trust network. Each one of those terms is important. Let’s see why.

Zero-Trust Security Model Means More than Freedom from Doubt

11 Tips For Teaching Your Company’s Employees Good Cybersecurity Habits

While investing in solid hardware and software is important, even the best systems have a common point of vulnerability: the users. It’s vital for companies to train their employees in good cybersecurity habits, and that’s a task that often falls to the tech department.

So how can companies encourage good cybersecurity habits? We asked 11 Forbes Technology Council experts to share their best suggestions.

Give Them Ownership. Employees often believe that securing information is the IT department’s job, so they often do not take ownership of the process. Establishing a sense of ownership and collaboration toward information protection among the employee population—essentially deputizing them into the information security program—will encourage and empower them to contribute to the protection of company assets.” – Saryu Nayyar, CEO, Gurucul.

11 Tips For Teaching Your Company’s Employees Good Cybersecurity Habits

What’s New On Our Blog

ABCs of UEBA H is for Hijacking ABCs of UEBA: H is for Hijacking. Account hijacking is when your email address gets hijacked by a criminal. The hacker then uses your compromised email account to impersonate you, the account owner and wreak havoc. UEBA is the most effective method for detecting and preventing account hijacking attempts in real-time Read More.
Travel Tips to Keep You Safe from Cybercrime Fraud Identity Theft Travel Tips to Keep You Safe from Cybercrime, Fraud & Identity Theft. You might be on vacation, but the malicious hackers and cybercriminals are not. They are always looking to take advantage and often target travelers lacking in cyber-awareness. Through strategic hacking and careful planning, they can easily access a person’s personal devices and steal sensitive information like credit card numbers and personal data. Read More.
What-is-Big-Data? What is Big Data? Coined in 2001, Gartner’s Big Data definition refers to “high-volume, high-velocity and/or high-variety information assets that demand cost-effective, innovative forms of information processing that enable enhanced insight, decision making and process automation”. In other words, Big Data is made up of structured, semi-structured and unstructured data sets. Read More.

Join Us

FS-ISAC 2019 Asia Pacific Summit.July 10-11, 2019​. Singapore. Join Gurucul at FS-ISAC and attend our Infosys customer presentation on Thursday, July 11 at 9:30am “Overcoming Legacy Limitations with Machine Learning and Behavioral Analytics”.

RSA APAC & Japan. July 16-18, 2019. Singapore. Gurucul is pleased to present a session on “Behavior Analytics and Model Driven Security” Tuesday, July 16 from 12:30-12:50 in the Demo Theatre, Exhibition Hall, Level 5. Please join us!

Black Hat USA. August 7-8, 2019. Las Vegas, NV. Visit Gurucul at Booth #1100 for a demo of our Behavior Based Security Analytics platform. We predict, detect and stop Insider Threats! Let us show you how.

Share this page: