Detection, Investigation, & Elimination of Company Insider Threats

The Challenge

Whether to establish a second income stream, start a competing business, or sabotage an employer, malicious insiders can do serious harm to sensitive corporate data. And this harm can go undetected for months. In the meantime, organizations may lose customers, market share, and brand reputation.

A large manufacturer in New Jersey recently witnessed a malicious insider threat incident where sensitive corporate information was stolen.

The challenge for the company was finding a software solution that provided the necessary data protection, was easily accessible and could detect an insider threat quickly. The manufacturer had a legacy employee monitoring solution, but the solution “was not efficient, nor user friendly. And everything took too long,” the IT director said. In his hunt for a better solution, he discovered Teramind. “Teramind’s dashboards are a very beautiful thing. It’s a nice GUI and a nice design. Plus, with Teramind, we didn’t need to install any additional plug-ins,” he said.

The manufacturer began their Teramind rollout with a small pilot group.

 

The Solution

The organization’s goal was to protect intellectual property and customer data against exfiltration. The manufacturer turned to employee monitoring to prevent further insider threat data breaches.

Teramind quickly delivered real value to the manufacturer by providing the proof required to identify an insider who was leaking intellectual property and other sensitive data. Knowing that data was leaving the organization, but not knowing how or by whom, the IT director was able to review comprehensive historical data reports generated by the Teramind monitoring software. Teramind delivered the IT forensics required to pinpoint both the user and the method of data exfiltration.

The Result

When malicious insider threat behavior is suspected, the key is quick detection and mitigation. Just as important, organizations must obtain the proof required for further action such as termination or prosecution.

Teramind allowed this organization to not only monitor, detect, and stop possible insider threats, but gave IT management the ability to conduct in-depth forensics. Teramind recorded every user action, including document print requests and emails sent outside of the organization. When the breach was detected, the IT teams could launch a full forensics investigation by drilling down into a user’s specific historical actions and viewing a playback of the user’s desktop when the action took place.

Going forward, the manufacturer will continue with the Teramind rollout to more employees to ensure continued data protection. In addition, they are planning to provide managers with access to Teramind to help them measure and optimize employee productivity by categorizing activities as productive or nonproductive and viewing detailed activity reports.

The business has experienced immediate results in eliminating internal threats automatically through the use of alerts, action block, and user lock-outs to keep employees in compliance with corporate policy.

Client
New Jersey Manufacturer
Date
June 15, 2017
Services
Employee Monitoring Software
Our Role
IT Consulting & Strategy

000-017   000-080   000-089   000-104   000-105   000-106   070-461   100-101   100-105  , 100-105  , 101   101-400   102-400   1V0-601   1Y0-201   1Z0-051   1Z0-060   1Z0-061   1Z0-144   1z0-434   1Z0-803   1Z0-804   1z0-808   200-101   200-120   200-125  , 200-125  , 200-310   200-355   210-060   210-065   210-260   220-801   220-802   220-901   220-902   2V0-620   2V0-621   2V0-621D   300-070   300-075   300-101   300-115   300-135   3002   300-206   300-208   300-209   300-320   350-001   350-018   350-029   350-030   350-050   350-060   350-080   352-001   400-051   400-101   400-201   500-260   640-692   640-911   640-916   642-732   642-999   700-501   70-177   70-178   70-243   70-246   70-270   70-346   70-347   70-410   70-411   70-412   70-413   70-417   70-461   70-462   70-463   70-480   70-483   70-486   70-487   70-488   70-532   70-533   70-534   70-980   74-678   810-403   9A0-385   9L0-012   9L0-066   ADM-201   AWS-SYSOPS   C_TFIN52_66   c2010-652   c2010-657   CAP   CAS-002   CCA-500   CISM   CISSP   CRISC   EX200   EX300   HP0-S42   ICBB   ICGB   ITILFND   JK0-022   JN0-102   JN0-360   LX0-103   LX0-104   M70-101   MB2-704   MB2-707   MB5-705   MB6-703   N10-006   NS0-157   NSE4   OG0-091   OG0-093   PEGACPBA71V1   PMP   PR000041   SSCP   SY0-401   VCP550