Detection, Investigation, & Elimination of Company Insider Threats
Whether to establish a second income stream, start a competing business, or sabotage an employer, malicious insiders can do serious harm to sensitive corporate data. And this harm can go undetected for months. In the meantime, organizations may lose customers, market share, and brand reputation.
A large manufacturer in New Jersey recently witnessed a malicious insider threat incident where sensitive corporate information was stolen.
The challenge for the company was finding a software solution that provided the necessary data protection, was easily accessible and could detect an insider threat quickly. The manufacturer had a legacy employee monitoring solution, but the solution “was not efficient, nor user friendly. And everything took too long,” the IT director said. In his hunt for a better solution, he discovered Teramind. “Teramind’s dashboards are a very beautiful thing. It’s a nice GUI and a nice design. Plus, with Teramind, we didn’t need to install any additional plug-ins,” he said.
The manufacturer began their Teramind rollout with a small pilot group.
The organization’s goal was to protect intellectual property and customer data against exfiltration. The manufacturer turned to employee monitoring to prevent further insider threat data breaches.
Teramind quickly delivered real value to the manufacturer by providing the proof required to identify an insider who was leaking intellectual property and other sensitive data. Knowing that data was leaving the organization, but not knowing how or by whom, the IT director was able to review comprehensive historical data reports generated by the Teramind monitoring software. Teramind delivered the IT forensics required to pinpoint both the user and the method of data exfiltration.
When malicious insider threat behavior is suspected, the key is quick detection and mitigation. Just as important, organizations must obtain the proof required for further action such as termination or prosecution.
Teramind allowed this organization to not only monitor, detect, and stop possible insider threats, but gave IT management the ability to conduct in-depth forensics. Teramind recorded every user action, including document print requests and emails sent outside of the organization. When the breach was detected, the IT teams could launch a full forensics investigation by drilling down into a user’s specific historical actions and viewing a playback of the user’s desktop when the action took place.
Going forward, the manufacturer will continue with the Teramind rollout to more employees to ensure continued data protection. In addition, they are planning to provide managers with access to Teramind to help them measure and optimize employee productivity by categorizing activities as productive or nonproductive and viewing detailed activity reports.
The business has experienced immediate results in eliminating internal threats automatically through the use of alerts, action block, and user lock-outs to keep employees in compliance with corporate policy.