Meet insider risk with trust

Many organizations have tried to use traditional security tools like firewalls, blockers, and filters, but have consistently failed. If we are to understand why these technologies fail, we must understand the philosophy on which these technologies are built. They are built to block known external threats such as hackers, spam, phishing, etc. In this situation, the adversary is anyone not authorized (external) to the organization.

Data loss prevention (DLP) solutions are built on the blocking philosophy. DLP solutions block the movement of information based on classification or hard restrictions such as complete blocking of a specific media (e.g. a USB port). The biggest challenge to using this sort of solution occurs when communication and work styles change. The best current example being the sudden surge in the remote workforce due to COVID-19. Lack of easy classification mechanisms results in a never-ending battle between IT security and end users who are required to provide the correct classification. DLP solutions are complex and have a tendency to create an extraordinarily high workload for IT and/or security teams caught in the middle mitigating false positives without any recourse for user behavior monitoring.

Security information and event management (SIEM) solutions are an excellent blend of security information management (SIM) and security event management (SEM). As such, they are exceptionally useful as a log collection and aggregation platform for identifying and categorizing incidents and events. SIEM solutions digest multiple data sources and excel in retrospect network analytics. This said SIEM solutions are not a great option for real-time behavior analytics. The visibility into the endpoint – the user’s interface – is normally limited and they fail to address the more complicated challenges related to insider threats.

Behavior analytics systems are based on the concept that it is too cumbersome to block so it is better to trust users and allow different forms of communication media with visibility into all transactions. Monitored information is analyzed using various behavior analytics and machine learning techniques to pick up anomalous user behavior. Although pure play behavior analytics systems are starting to prove their worth in tackling insider threats, they mainly focus on malicious insiders and seldom provide a good solution for the greatest risk, the unintentional insider. There is always a balance between security measures and privacy when implementing cybersecurity solutions. Privacy is a major issue for pure play behavior analytics systems and often likened to Big Brother systems.

In practice, employees and/or internal users are given responsibility for securing information along with relevant education and accountability.

My company, Ava Security, combines the best technologies from DLP, behavior analytics and SIEM, and adds security policy monitoring and awareness training into a single comprehensive human-centric security solution.

The following are examples of key characteristics of Ava Reveal including how it mitigates challenges in managing insider risk by involving employees in the protection of the organization.

Reveal is built on visibility rather than blocking (optional) and is based on a principle of trust. It incorporates behavior monitoring capabilities rather than relying on IT security operators. Trust is extended to each user in the company empowering employees to make the right digital choices. If employees are performing potential risky activities, our incident-based training will inform and educate the employees enabling them to adjust their actions. Empowerment helps employees understand the value of the information and why the specific event in question is a potential breach of policy. Ultimately the goal is to enhance the organization’s security culture.

Today, more than ever, it is important to implement solutions that help employees avoid the breach of security policies. The goal is to help employees maximize productivity, without being a risk to themselves or the company at large. Reveal guides and trains employees to make the right digital choices and in turn, improves the general cyber hygiene for the whole organization.