Man looking at screen with data analytics and insider threat intelligence
Analytics, Intelligence & Response: Getting Ahead of the Insider Threat in 2019 by Isaac Kohen, CTO & Founder at Teramind

Analytics, Intelligence & Response: Getting Ahead of the Insider Threat in 2019

When it comes to the scourge of corporate data breaches, it always feels like the worst must be behind us – until the next one arrives with headline-making, head-turning force.

Shockingly, it’s been two years since data disasters at Equifax and Yahoo thrust the public spotlight on the troubling trend of data mismanagement in the digital age, a problem that has only grown worse with time.

Indeed, data loss events are increasing in frequency and severity. Positive Technologies, a global cybersecurity firm, estimates that during certain stretches of 2018, cyber attacks increased by as much as 47% compared to 2017 levels. Overall, the number of companies that reported an intrusion rose 12% in 2018. Moreover, recent data events including the Marriott breach, the Tesla IP theft, and the Goldman Sachs 1MDB scandal are a clear indication that the threat landscape is getting more complex and is bound to present more challenges to organizations around the world.

The good news – if a silver lining can be derived from this environment – is that board members and executives at companies large and small are beginning to take notice. According to a survey by Thales eSecurity, 63% of respondents indicate that they are increasing spending on cybersecurity initiatives to combat the growing threat. At the same time, many have begun to implement preventative solutions to monitor data utilization and to enhance their ability to respond to insider and external malicious threats.

To meet this growing demand, user activity monitoring and insider threat detection, as a software category, is evolving to get ahead of the ever increasing threat to user data. It’s now ready to provide the necessary user behavior analytics to identify and respond to malicious threats in a timely fashion, while also capturing all necessary forensic evidence of the event, allowing the organization and the authorities to take definitive legal action.

While this software category is incredibly nuanced, by providing advanced analytics, insightful intelligence, and effective response mechanisms, it addresses three critical components of data security in 2019.


By the time most data breaches make headlines, they are already old news to the people who perpetrated the crime. It’s estimated that it takes companies 191 days to identify a data loss event, a frighteningly long delay between theft and detection.

To minimize the damage to organizations and customers, a rapid response is critical.

Real-time user activity monitoring (UAM) can alert IT admins of a possible data loss event. However, even real-time monitoring can be too late when it comes to malicious computer activity. For example, it will take an employee only few seconds to send an email containing secret company information. Even immediate action can’t stop this event, but modern User Activity Monitoring (UAM) software comes equipped with behavior-based analytics that can help identify these threats before they can act.

With the power of AI and machine learning, software solutions can build normative user profiles, so behavior anomalies can be detected and analyzed. Employees who access the company’s network at unusual hours, search for data-theft related activities, or are preparing to leave the company are all worth scrutinizing and evaluating. Building upon these analytics, the UAM can then implement rules to monitor and if the conditions allow for it, prevent a dangerous user activity.


While many data breaches are perpetrated by malicious insider threats, others are accidental. For instance, according to Verizon’s 2018 Data Breach Investigation Report, 92% of malware is delivered by email, which employees inadvertently or innocently open, compromising their company’s data integrity in the meantime.

Additionally, in a digital work environment where the lines between personal and professional technology are often blurred, it’s not uncommon for employees to inadvertently compromise company data on personal devices or through other means associated with remote work.

Regardless of the employee’s motivation, the consequences for a data breach are equally devastating.

Therefore, companies need to develop a data-protection intelligence by issuing helpful parameters and real-time guidance for data protection. At the software level, this means opting for a data loss prevention (DLP) solution. Data Loss Prevention (DLP) is a strategy for ensuring your employees and vendors do not share critical data.

A DLP solution works by utilizing content discovery through different inspection techniques and contextual analysis to identify and categorize sensitive data and IP. Next, policies and rules are created for the data usage scenarios. The system then monitors user actions, refers them against the DLP rules, and decides if the user action should be allowed or blocked.

An intelligent DLP system uses behavioral analysis to identify human factors like malicious intent, errors, or accidents, allowing IT admins to implement an effective protection against data breaches and other exfiltration attempts. Coupled with a UEBA and UAM’s granular monitoring and detection power, an intelligent DLP system is the most effective in leveraging all data for analytics, identifying potential threats, and responding timely and effectively. This combined UEBA + UAM + DLP approach is proving more effective because it provides analytics and intelligence while delivering context to a user’s actions.


In 2019, press releases and promises to do better are no longer an adequate response to a data breach.

Not only are regulations like GDPR, HIPAA and other compliance standards requiring certain responses from companies, customers are becoming less tolerant of a breach as well. Therefore, organizations need the ability to stop an identified data breach before it becomes catastrophic, and they need the digital forensic evidence to take legal action against those responsible.

Competent UBEA+UAM+DLP can provide both. The analytics and intelligence derived from activity monitoring can provide real-time alerts to employees or IT admins while the DLP component will help take immediate action to correct behavior or to prevent data theft.

At the same time, IT forensics offers the information companies need to pursue legal action while also learning from bad behavior to create a better system for the future. With IT forensics, organizations can use session recording, keystroke assessment, metadata alerts, and other data points to identify, with incredible precision, the perpetrator and extent of the crime.

In other words, every digital crime leaves a trail of breadcrumbs, and the right software allows companies to trace those crumbs back to their source effectively.

If cybercrimes are going to be adequately punished and companies are going to institute dynamic, data-driven security policies, they need to understand the details of the crime, something that software solutions are uniquely positioned to provide.

There is no reason to assume that the trend of data loss events is going to abate any time soon. Company data has incredible value to those who steal it, so everyone is adequately motivated to win this battle. However, 2019 needs to be the year that companies finally get out ahead of the threats, and analytics, intelligence, and response tools are the way forward. It’s time to start responding and to stop reacting to this dangerous digital age.