When sports started being televised 50+ years ago, it brought a new level of visibility to teams and games. You no longer needed to be in or from the town or city, or correlate multiple sources of information from newspapers and radio broadcasts just to find out what happened. Then, with the advent of video replay and the opportunity to challenge the play, came the visibility to correct mistakes in near real-time as they happened; most importantly, the mistakes made by both player and official. Those mistakes could now be peer reviewed, discussed, decided, and communicated to the necessary stakeholders. Something that historically was resigned to arguing over a beer after the game.
The difference between these changes and Insider Threat Detection is simply, who are the stakeholders that are depending on the “mistake”? A missed touchdown or wayward pass goes to the masses, and an employee breaking the rules requires a few Executive Group Reviews, but an employee engaging in illegal activity on their corporate device—not so much.
Users have routines, routines that rarely change, particularly once you have spotted them. When that routine consists of connecting to a home wifi, then plugging in a device that shouldn’t be connected and organizing anomalous volumes of files on the device, then carefully not copying anything to the corporate device and then going back to work for a few hours in the same three time periods a day, whilst working from home….well this is a routine. This was a real scenario. And, in this scenario, the DTEX i3 Team noticed something even more suspicious about the file names as well as the volume of files being accessed l ..
Support the originator by clicking the read the rest link below.