Insider Threat Identified as a Use Case for Behavior Analytics
Boston, November 4, 2015 – Proofpoint, the leader in user behavior analytics for insider threat detection, has been recognized by Gartner as a “Representative Vendor” in its 2015 Market Guide for User and Entity BehaviorAnalytics (UEBA). Gartner reports that in 2015 “inquiries by end-user organizations on user behavior analytics rose nearly tenfold, and on security analytics by 25%.” Additionally, “Gartner expects UEBA market revenue will climb to almost $200 million by the end of 2017, up from less than $50 million today. “
With two out of every three security incidents stemming from internal users, insider threat was identified as one of five domain expertise and use cases. “Since malicious intent is difficult to assess, best-in-class vendors in this category analyze contextual behavioral information not readily available in log files.” With an endpoint agent-based approach, Proofpoint ITM is able to distinguish abusive behavior from normal activity, determine user intent, collect irrefutable forensic evidence, and even deter or block out-of-policy behavior.
“When employees were involved in a collection of incidents including copyright infringement, password harvesting, evidence tampering and billing fraud, it was Proofpoint ITM that enabled me to detect and investigate,” says Richard C. Malewicz, CISO of Livingston County. “With Proofpoint ITM I had the irrefutable evidence I needed to take action, leading to the termination of the employees involved.” Learn more about Richard’s incredible story on November 7th, when he hosts a live webinar with Proofpoint. Click here to register for the webcast.
“This report further confirms what our customers have been telling us – insider threat is a top of mind concern and log files aren’t sufficient,” said Paul Brady, CEO of ObserveIT. “You need to capture and analyze user behavior at the endpoint and within applications, and that is exactly what Proofpoint does.”
Proofpoint is the leader in user behavior analytics for inside threat detection and enables companies to mitigate the risk of insider threats from business users, privileged users, and third-party contractors.
Proofpoint ITM records, monitors, and analyses user behavior across the entire enterprise down to the application field level with zero operational impact. Analytics and scoring identify users who represent the greatest risk, enabling security teams to respond before the business is impacted. Our granular user activity metadata provide a detailed audit trail of all user behavior to streamline investigations and audits.
Subscribe to the Proofpoint Blog