Last week we introduced a new three-part series that focuses on corporate investigations. This week, we’re very pleased to offer the first of our Industry Insights Briefs for download: Successful Insider Threat Investigations.
What is an “insider threat”? Relative to external threat actors, insiders don’t attack with, for instance, malware delivery via spear phishing text message. They already have access to the network, and they use it—purposely or inadvertently—to exfiltrate intellectual property, trade secrets, or other sensitive data. Our customer Ryan Duquette described these threats in his guest blog from last year.
An insider threat investigation can be complex, and no two are ever the same. However, as our new Industry Insights Brief shows, a standardized process can help you run a smoother investigation. When you need to prove whether data was exfiltrated, and whether it was done inadvertently, opportunistically, or maliciously, you need an efficient, repeatable workflow.
Download the Industry Insight Brief to learn three steps toward conducting more proactive—not purely reactive—investigations:
- Acquire data from cloud, computer, and/or mobile. By targeting the data to a specific date/time range and/or devices or accounts, you can view a user’s work activity in context of any other activity—for instance, personal webmail or messaging.
- Apply keywords and filters to correlate evidence across devices to prove malicious intent or exonerate the employee.
- Report the results to non-technical stakeholders so that decision-makers can collaborate to tie the evidence back to the broader case, and if needed, more quickly mitigate any damage.