Finding Insider Threat Truths at the Endpoint

Home/Products News/Finding Insider Threat Truths at the Endpoint

“The truth is out there…”

Over the past few months, I’ve travelled all over Europe and the Middle East. Meeting with so many customers has given me with unique insight into the attitudes and cultural differences towards cybersecurity and specifically the term insider threat.

Insider threat is now a well-worn phrase that the cybersecurity industry bangs on about daily. One common refrain is that insider threats can either be malicious or accidental … or something that defies simple either/or categorization. I’ve seen employees using company infrastructure to share music and films illegally. I’ve seen them bypassing data loss prevention measures or even using the TOR dark web browser to hide these suspicious activities.

Would you consider these activities as insider threats? If you don’t, you should.

Let’s say a government agency tracks the illegal file sharing to your IP address. You could very well be answering the phone and hearing “Hello, this is the UK National Cyber Crime Unit. Do you own this IP address? Did you know that an illegal file sharing services is being run on it?” That’s certainly not a call I’d like to take, and yes, that most definitely is an insider threat.

The Truth Will Out at the Endpoint

What I have learnt from our implementations and customer engagements is that the (often) ugly truth will out. Managers and executives are often assured that their IT security team has done certain things—maintained patch levels, completed updates, revoked USB access, removed admin credentials, and so on. But in reality … what’s that pantomime saying? “Oh no it isn’t!”

If you have real visibility into endpoints, you can see the truth all its glory. Fresh, untouched patches glistening in the registry hive, admin access beautifully in place and, oh look, that USB storage device plugged into a machine that I’m sure belongs to someone who has resigned!

Tying this back to insider threats, consider the amplified importance of the endpoint. Insiders, no matter their intent, interface with your network—your data—at the endpoint. If that simple fact doesn’t underscore the importance of endpoint security, nothing will.

USB Drive

Wait, don’t we have a policy written against using USB storage devices? Photo by: Corey Tomlinson

Look at Me!

Securing valuable data is a major challenge (you’re not surprised by that statement, I’m certain). Considering endpoint technologies, we face multiple vendors all screaming “Look at me, look at me!” The simple truth is that each technology has its place and many of them do a great job at their particular point in the security threat chain.

However, security these days is so much more than blocking ransomware or post-breach investigation. Securing an endpoint requires paying attention to every single action taken at that machine that could lead to a major incident, affect the organization’s credibility, or incur huge financial penalties. Even something small—a user’s actions or a piece of illegal code—bears watching. There are just too many gaps at the endpoint to protect against these real security issues.

No matter where you are in the world, cybersecurity threats are varied, complex, and a nightmare to defend against. There are technologies available that are up to the challenge, but you have to find the right solutions for your organization. To quote Agent Scully from the X-Files, “The truth is out there, but so are the lies.”