2

D etecting insider threats is arguably the most important emerging discipline within cybersecurity. Over the

last 12 months, 69 percent of enterprise security executives reported experiencing an attempted theft or corruption of data*. This is not surprising considering an estimated 62 percent* of business users have access to sensitive or classified company data. This problem appears to cross all business sectors and is enabled by the employer’s desire to promote innovation through resource accessibility.

Insider threats are a universal vulnerability that companies are constantly battling. One recent Ponemon study* shows that 43% of businesses take a month or longer to detect when employees access sensitive data or emails without authorization. Even more alarming is the fact that a third of all organizations are completely unable to prevent or deter an insider threat or active attack. In fact only nine percent of surveyed IT executives believe their insider threat protection is effective.

Over 40 percent* of IT executives point to malicious insider threats as a primary contributor to email security risks. IT and security executives need people, processes and better technology to identify vulnerabilities, mitigate breaches and close the gaps so that insider threats can be prevented. But where should they start?

A good place to begin is by understanding the motives and methods used to successfully commit an insider attack. According to a recent Gartner study, 62 percent* of insider threats are employees trying to build a secondary income stream by using access to their employer’s sensitive data. Of these, 29 percent* stole data as they left the company in the belief that it would help their careers. Nine percent of these employees were actively trying to sabotage their company.

1Currentsituation and problems

* http://www.darkreading.com/vulnerabilities---threats/8-surprising-statistics-about-insider-threats/d/d-id/1326653?image_number=9

3

I T security is a strategic advantage—when executed effectively IT security can boost efficiency and reduce

costs otherwise incurred through successful breaches, undiscovered gaps and unforeseen bottlenecks. Not only is IT security important for protection, but with the use of effective solutions like Logtrust, IT security can create an integrated implementation that enhances the usability of products and services. To realize these benefits, organizations have to think beyond cybersecurity as a cost center and empower the IT security within an organization to add value as a strategic, corporate enabler.

Insider threat mitigation is one example of this pivot from cost center to business enabler. If done correctly insider threat detection programs can help streamline operations and facilitate the execution of products and services. Effective threat hunting requires collecting and integrating telemetry and log data from disparate network systems and technologies within an enterprise. Logtrust is a real-time platform that empowers organizations to solve the insider threat problem by providing the right kind of integrated investigation and visualization capabilities to find insider threats.

Logtrust can collect all event data, regardless of the source. Logtrust can even collect logs coming from applications, as well as flows and traffic coming from network devices including any kind of data generated in every layer of the OSI model. This agility lets IT security professionals scour system records, API information, database information, Client Relationship Management program information and even social media communications to determine possible insider threats. Once collected, Logtrust distributes the data into several data nodes and provides users with access to all data via a Web browser interface that highlights what is arguably the most effective feature about Logtrust accessibility and subsequent ease of use.

Logtrust removes the complexity traditionally seen with real-time Big Data solutions by building an interface that lets the subject matter experts navigate, query, analyze and report the data as opposed to the highly-technical Data Architects. In the IT security world this accessibility to a robust real-time analytics engine allows IT security analysts the ability to monitor large volumes of disparate data and provide actionable intelligence concerning insider threats.

2Defending Against Insider Threats

4

T hwarting insider attacks requires detecting and remediating events quickly. If it takes too long for

IT security analysts to analyze complex data and process multiple queries, it can then become more difficult for the analysts to have to wait a long time for the search engine to execute each one of the queries. Furthermore, the analyst becomes easily exhausted by the long lead-times and could lose focus on the initial trace and potential threat.

With Logtrust IT security users can ascertain very quickly who is accessing sensitive areas of the network, sensitive hardware and privileged software. Then IT security analysts can collect social media data and query the data for a potential correlation and understanding of potential behavior flags that could thwart or uncover an insider threat.

The logical and user-friendly design of Logtrust provides IT security analysts with quick answers, while powerful enough to arm them with the ability to jump back and forth from different queries to help them easily identify threats. Depending upon the volume, Logtrust can decrease the time it takes for cybersecurity analysts to execute a large query from hours to minutes and even seconds. The speed and ease-of-use empowers your organization with the ability to execute any kind of query with any volume of data to identify the anomalous user behavior or events that exist outside the normal behavior of a user.

Figure 1: Keep track of all the analysis you’ve done with our

search tree and easily enhance your logs with virtual columns

without creating any complex code.

3TheReal-time Threat Hunter

5

On the back-end, Logtrust streamlines the indexing process to provide always available data without the duplication of a traditional indexing process to supply actionable data at break-neck speeds. The result is the capability for a Security Operation Center (SOC) or IT security department to implement a User Behavior Analytics (UBA) technology into their enterprise security fabric that any analyst can easily learn to use.

With Logtrust, organizations can leverage insights to learn who has access to their most sensitive information, and identify typical user behavior patterns. Organizations can then effectively monitor infrastructure, hardware like printers, servers and databases, and determine who is accessing those resources, what they are doing on those resources, and when these actions take place.

With a robust reporting capability, Logtrust is then able to provide the analytical output for IT analysts to present total access to enterprise resources and rank them by threat-severity via correlated user behavior, providing a broader vision of all data and network integrity.

Figure 2 : Analyze massive datasets with advanced visuals such as the Sankey diagram.

Figure 3: Perform deep multilevel analysis with the Voronoi graph and dynamically interact with your information.

6

Lastly, Logtrust is about providing organizations with flexibility and choice. The data nodes that store the data can reside on premise, or on a cloud solution such as Amazon or Microsoft Azure. Logtrust can also work on a hybrid platform which combines the flexibility of the cloud with the control of an on premise data node.

The hybrid cloud version is ideal for providing small banks, for example, an affordable and secure method to track run queries and perform the level of data analysis that can thwart insider threats. Either way, Logtrust encrypts any data that leaves a company’s network to provide organizations with the highest level of security.

Insider threat and threat detection programs may be the most important emerging discipline within cybersecurity but with Logtrust at the helm of your SOC or IT security department, your organization can retain the accessibility of company resources to promote innovation and keep-the-lights on initiatives, without compromising sensitive data or network resources.

In combining the layers of Big Data into an actionable monitoring solution, cybersecurity analysts can drill into the actual root cause of an issue in short periods of time. Logtrust can identify if datacenter links are in trouble, quickly diagnose application bottlenecks, report on end-user behavior and manage operational occurrences thereby removing the element of surprise.

Figure 4: Obtain insights through time with our dynamic dashboards. Combine multiple

levels of analysis in a single dashboard.

7

Logtrust is a Real-time Big Data-in-Motion platform offering Fast Data, Big Data analytics through a solution that enables real-time analytics for operations, fraud, security, marketing, IoT and other aspects of business. Recognized as a Gartner Cool Vendor 2016, Logtrust is intuitive, interactive, and collaborative, with no coding required, guided widgets, and out-of-the-box advanced interactive contextual dashboards. The platform provides a completely real-time experience, with new events always available for query and visualization, and pre-built queries always updated with the most recent events. The highly customizable solution works non-intrusively with your system, with agentless collectors and forwarders, platform remote APIs to check health, and all capabilities callable via REST APIs. Service is always on with cross-cloud region disaster recovery, and data is always hot and unmodified (to meet data reliability and integrity compliance requirements). Logtrust is located at t he epicenter of Silicon Valley in Sunnyvale, CA, and further serves its global clients through offices in New York and Madrid. For more information, visit www.logtrust.com or email info@logtrust.com.

4About Logtrust