uba-insider-thumbnail

User Behavior Analytics (UBA) and Insider Theft [White Paper]

Insider theft can be devastating for companies. After all, employees know where the most valuable and sensitive data lives. According to PwC’s 2014 US State of Cybercrime Survey, one-third of respondents said insider data theft is more costly or damaging than those committed by outsiders! How can you tell when an employee breaks bad? We…

Insider Theft 2015: We’ve Been Warned

Identity Theft Resource Center (ITRC) is my go-to source for a running tally of breaches. As of last week ITRC, which gets its stats from media sources and state agencies, has counted 505 incidents, exposing over 139 million records. So a little after the mid-year mark, the number of records taken is ahead of 2014’s…

Directories

The IP Theft Puzzle, Part II: Ideas for Spotting Directory Copies

Catching an insider thief before he gets and exfiltrates IP ain’t easy. As I wrote about in the last post in this series, insiders already have access to sensitive content — they’re authorized to view, copy, and edit important code, documents, and presentations. Casing the Joint However, we do know that insiders generally first test…

446px-Elizabeth_I_in_coronation_robes

Her Majesty’s Five Essential Security Controls

The United Kingdom’s GCHQ, their NSA-like organization, has its 10 Steps to Cyber Security. We hear from our friends across the pond that it’s proven to be very popular. These tips from her Majesty’s security service point out general areas where organizations need to focus their security efforts. Are you now asking yourself whether there…

The IP Theft Puzzle, Part I: Insider Entitlement

Earlier this year, the Metadata Era explored some of Carnegie Mellon University’s Computer Emergency Response Team’s (CMU CERT) research on insider threats. To refresh memories, CMU researchers found that motivations for insider actions roughly fell into three categories: financial, sabotage, and Intellectual Property or IP theft. The last one, IP theft, turns out to have…

532px-EU_flag-map

Will the EU’s Data Protection Regulation Apply to Me?

One of the more complex issues that will have to be resolved with the new Data Protection Regulation (DPR) is what’s being called “extraterritoriality.” As proposed by EU Parliament, the DPR will apply to any data transferred outside the EU zone. So under these new rules, if a US company collects data from EU citizens,…

What is User Behavior Analytics?

There’s nothing new in using analytics in data protection or breach prevention. Firewalls, for example, analyze packet contents and other metadata, such as IP addresses, to detect and block attackers from gaining entry. And anti-virus software is constantly scanning file systems for malware by looking for bits of code and other signs that a file…

uba

Point of View: User Behavior Analytics and Varonis [White Paper]

User Behavior Analytics, or UBA, has suddenly entered the security conversation. Security folks are talking about it. Analysts are talking about it. It’s in the news. It’s a good conversation to have, and at Varonis, we’re glad it’s finally receiving the attention it deserves. We knew ten years ago that to really understand and govern…

hello hacker

Lessons from OPM: Turning Security Inside Out With User Behavior Analytics

The US Office of Personnel Management (OPM) suffered a massive breach in early June. They publicly announced that the personally identifiable information or PII of over 4 million current and former government workers had likely been scooped up by hackers. Who done it? At this point, there’s some interesting speculation about the source of the…

enterprise knowledge

Enterprise Search: Our White Paper Looks Into the Future of Business Knowledge

As enterprise search catches on — thanks to our own DatAnswers — corporate users may be wondering where this technology is leading. In our newest white paper, Enterprise Knowledge: Unlocking Hidden Knowledge in Unstructured Data, we provide a roadmap for the next few miles. Enterprise search can speedily find file content matching the right keywords. And…