Insider Threat Management

Insider Threat Management – Detect and Respond to Data Exfiltration

Share with your network!

As the perimeter shifts to the user and application, traditional network-based data loss prevention solutions are no longer effective. There is no longer a central network egress point to control the flow of data, as users, and the applications they access, are now distributed across the Internet. We need to rethink how we detect and respond to data exfiltration in this new distributed world.

Let’s start with your employees. Employees are now mobile. They connect from the office, their home, and even airports and coffee shops. They are accessing data in your data center, in the cloud, and via SaaS-based applications. The same holds true for your third-party contractors. Trying to centralise all the communications and access through a central point is cumbersome, frustrating, and costly. However, how do you know if they are exfiltrating data?

Proofpoint ITM moves insider threat management from the network to the endpoint, monitoring user activity from data captured on UNIX/Linux, Windows, and Mac endpoints for both employees and third-party contractors. With Proofpoint ITM's user session monitoring tools, you can be alerted to any potential breach of policy, and have a complete record of what transpired, how, when, and by whom. How does it work?

  • Proofpoint ITM's software agents monitor and capture key data about insider threats. Proofpoint records user sessions (including screen, mouse, and keyboard activity, as well as local and remote logins) and transmits captured data to a dashboard in real time.
  • Proofpoint ITM's dashboard serves as the primary work space, enabling you to detect insider threats, investigate anomalies, educate users, and protect privacy.
  • Proofpoint ITM simplifies and streamlines the investigation process by providing detailed visual captures, precise activity trails, and metadata from your users, enabling a quick and thorough response to insider threat incidents.

In a highly distributed world, you must continuously monitor all user activity to effectively detect and prevent insider threats. The network is no longer the best option. With Proofpoint ITM, your organisation can swiftly identify and eliminate risk by monitoring user activity directly from the endpoints.

Original article published on Security Weekly on 18 April 2019