Today, we’re excited to announce the next generation of the ObserveIT Insider Threat Management Platform on top of our new cloud based architecture. Since its acquisition of ObserveIT in November, 2019, Proofpoint has demonstrated its commitment to broadening the concept of security and taking a modern, people-centric approach to Insider Threat Management (ITM).
ITM plays an important role within Proofpoint’s Information Protection strategy, with our unique context on the insider and their activity. We are excited to extend ObserveIT capabilities that reduce insider threat risk, accelerate incident response and optimize security teams’ resources.
Modern, Scalable & Secure Cloud-Based Infrastructure
The latest release of ObserveIT ITM boasts a modern SaaS architecture built for:
- Scale: From thousands to hundreds of thousands of endpoints
- Analytics: Summarize enterprise risk for executives and the board
- Security and Privacy: Balance insider threat security with privacy by design
- Ease of use: Manage without infrastructure baggage
- Extensibility: Integrate our people centric user risk analysis with rest of the enterprise security ecosystem
Even better, it has the flexibility to deploy as SaaS, on-premise, or in hybrid environments. The updated platform also enables better collaboration across departments, including cybersecurity, compliance, HR and legal for incident investigation and response. In other words, ObserveIT makes it seamless to communicate between technical and nontechnical teams.
If an incident occurs, it is quick and straightforward to understand what happened, when, where, and who was behind it. ObserveIT also enables efficiency across the broad range of insider threat management activities, from prevention and user behavior correction; to rapid investigation and containment; to clear audit trails for compliance and airtight proof in the event legal action is required.
Across the SaaS and on-premise deployments, Proofpoint’s ObserveIT ITM leads the insider threat management category, setting the standard for people-centric security with unified visibility into user activity, data interaction, and insider threat context.
Insider Threats are on the Rise, Driving Up Risk and Costs
If the changing nature of work didn’t already underscore the increasing risk of insider threats, recent data reports certainly do.
The Verizon DBIR 2020 revealed that 30% of all breaches were perpetrated by internal actors. Moreover, 8% of breaches involved misuse by authorized users.
Ponemon’s 2020 Cost of Insider Threats: Global found the average global cost of insider threats jumped 31% in two years to $11.45 million. Meanwhile, the frequency of incidents spiked 47% in the same time period. The average number of days to investigate an insider-caused incident is 77 days, and the average cost of mitigating a single incident is $645,000. This is because early warning signs are difficult to detect, and incident response requires significant evidence-gathering and collaboration across teams.
These figures highlight the need for a purpose-built insider threat management solution that takes a people-centric approach to reducing the risk, severity, and number of insider threat incidents.
Digital Transformation & The Changing Nature of Work
Digital transformation continues to spread throughout industries and organizations of all sizes. Almost every business today runs all or part of their operations from the cloud. According to Gartner, worldwide public cloud revenue is expected to reach $266.4 billion in 2020.
Moreover, given current economic and societal conditions, including the spread of the novel coronavirus, remote work is becoming more common than ever before. While this can be a boon for productivity and employee satisfaction, remote work can also increase insider threat risk.
This is why it’s more necessary than ever for businesses to take a people-centric approach to security, including insider threat management.
Reducing Risk and Delivering Greater ROI for ITM
The overall goal of ObserveIT is to reduce risk and deliver greater return on investment for teams. Reducing the mean time to detect (MTTD) is key for insider threat incidents, because it reduces the risk, severity, and number of incidents—ultimately reducing the financial and brand damage caused by insider-driven breaches.
ObserveIT accelerates incident response by reducing mean time to respond through faster correlation of user, endpoint, and data context. The platform helps teams hone in on early indicators of insider threat risk. ObserveIT also empowers teams with broader visibility into user, data, and threat signals, making security teams more resource efficient and reducing the technology spend associated with insider threat management.
Streamlining Security by Bringing ITM Under One Umbrella
One challenge many IT and security teams face is having too many tools, with too many alerts firing (hello, alert fatigue). This hampers their ability to operate efficiently and contain actual threats before they spread and cause financial and reputational damage.
Consolidating technology into a single, purpose-built ITM platform is much more efficient than using disparate technologies to collect user behavior, data movement, system access and application usage and manually correlate the alerts to achieve similar results, often without sufficient context. Ultimately, ObserveIT offers a unified, people-centric platform under the Proofpoint umbrella, avoiding the need to attempt to integrate disparate solutions from multiple vendors.