Posts

Personam ITD Case Study – IP Law Firm

INSIDER THREAT DETECTION

Detecting a conspiracy

PERSONAM detected a conspiracy to steal client data from an overseas office of an international IP law firm. The four employees involved in the activity included one of the senior partners of the firm.

 

Download the Case Study

Insider Threat Detection Software

 

 

Insider Threat Detection White Paper

INSIDER THREAT DETECTION

behavior profiling and anomaly isolation

PERSONAM has developed an advanced new technology that detects insider threats. We use the science of Machine Learning and Advanced Data Analytics to construct behavior profiles for the humans and machines on a computer network, and generate alerts when suspicious behavior is identified. The technology will detect an insider threat at the first sign of unusual behavior, even if the computer network itself is not the instrument of attack or exfiltration. The technology provides security where everyone is most vulnerable – inside.

 

Download the full whitepaper

Whitepaper-Personam-sm

 

 

Cutter IT: Data Hacking, No Day at the Breach Article

The Insider Track on Cyber Security

In June 2013, the actions of Edward Snowden set off a firestorm of revelations about the inner workings of one of the US’s most secretive organizations, the National Security Agency (NSA). As the country began debating the spy versus whistleblower status of Mr. Snowden, a second, equally chilling dialogue began: how was one person, a contractor, able to walk so easily out the door of a heavily monitored facility with a treasure trove of secrets?

 

Download the full article

 

CaptureSmall

 

 

The adversary is using your workforce against you

Reluctant to monitor your employees? What about their accounts?

You’re one of the lucky ones. You’ve built an organization made entirely of people you trust and have come to rely on. Not many can make that claim, but you don’t have to worry about one of your own stealing from you. Installing a system to monitor your employees would be a betrayal of that trust, and it won’t be on your agenda anytime soon.

In reality, you’re not doing yourself or your employees any favors. You are, in fact, inviting disaster in.

A lot has been made about the insider threat over the last couple of years. There’s been a rise in malicious insider attacks of theft, fraud and IT sabotage, and the cost on average will be higher for an attack originating inside the perimeter. But that only tells part of the story, as we look at how outside attackers are able to breach our networks.

A quick analysis of the numbers behind the 2015 Verizon Data Breach Investigations Report shows that over 90% of all data breaches involved the use of valid network credentials. That’s right: your employee’s credentials are providing the keys to the kingdom, with or without their knowledge.

 

It’s asymmetric warfare, and your employees aren’t the ones heavily armed in this fight.

 

Whether the attack is coming from inside or out, valid credentials are still needed to VDBIRLaptopaccess your resources on the network. An insider doesn’t have to work very hard for them: they’re given their network account on their first day on the job. But if you think the outsider has to work much harder, think again. An experienced hacker has enormous resources at their disposal. The first option is to simply buy stolen credentials on the internet, as happened with the recent Anthem data breach. Then there’s the tried-and-true process of guessing simple or unchanged default passwords used by negligent employees, contractors and vendor systems, like the case at Advocate Health Care. Next are the many applications of social engineering (such as that used on Target), including sophisticated spear-phishing attacks and compromised personal devices like phones and tablets (i.e. BYOD) that your employees are connecting to the network. It’s asymmetric warfare, and your employees aren’t the ones heavily armed in this fight.

Nor is this likely to change with any amount of training and awareness. After years of coverage by the press on the dangers, employee click-rate on phishing attacks remains high, according to the 2015 Verizon DBIR: 23% of recipients now open phishing messages and 11% click on the attachments. And it only takes one to let the attackers in.

As the most prominent avenue used by attackers to enter your network, user accounts need to be continuously monitored for signs of suspicious behavior or misuse, even when the owner of the account is beyond reproach.

Personam and Sphere of Influence Offer Advanced Insider-Threat Technology to CTTSO

Personam, Inc. has partnered with Sphere of Influence, Inc. to offer their behavioral profiling platform to the US Combatting Terrorism Technical Support Office (CTTSO). The technology actively monitors computer networks for insider threats and compromised accounts and is able to provide instantaneous actionable intelligence on active threats within an organization’s security perimeter, before threats manifest into breaches. The technology is 100% passive, neither interfering with operations nor accessing sensitive data. Based on advanced real-time computational analysis of digital behaviors, it detects active and persistent threats without generating what the industry calls ‘excessive false positives’.

Developed in a joint partnership, Personam, Inc. has already introduced several of its detectors to commercial organizations, protecting them from fraud, theft, vandalism, and compromised user accounts. The CTTSO recently selected the partnership’s offering into a group of semi-finalists that will be further evaluated for suitability.

Personam CEO, Chris Kauffman, said, “It takes one week for our platform to learn the behaviors of an organization well enough to identify threats. Threatening behavior has been discovered in 100% of our commercial clients thus far, all of whom have been running conventional detection solutions for years. Given the ubiquitous nature of the insider threat, which mostly goes undetected, I’m extremely excited to see the Federal Government showing serious interest in this technology”.

The team’s technology is completely self-learning. The platform teaches itself to discern between potential threats and normal behavior. Sphere of Influence Managing Partner, Thad Scheer, said “there’s no rule book for what constitutes an insider threat or what to look for, every situation is different. What’s unique about our platform is that it teaches itself to find threats, making it nearly impossible to subvert, even if you know it’s there”.

Sphere of Influence, Inc. is a Virginia-based software developer that specializes in advanced data analytics and big data. The Analytics Studios at Sphere of Influence are the largest on the East Coast and provide solutions for Automotive, Agriculture, Consumer Products, Defense, and Intelligence.

Personam, Inc. is a new cyber-security company that focuses exclusively on detecting insider threats and compromised user accounts. The company’s patented technology generates automated threat intelligence by monitoring live networks 24×7 with behavioral profiling.

Read more here.

Personam ITD would have Saved Sony Millions

SONY, a global tech giant, was brought to kneel this past week by the Sony2most devastating type of cyber threat, an “inside job”. Losses weren’t only confined to a single division but rather affected nearly every operating unit of the global brand. Denied access to online systems, the worldwide workforce resorted to using pens, paper, landline telephones, and fax machines to perform essential duties. As reported by The Verge, the alleged culprits involved personnel with physical access to the computer network. More than a denial of service outage shrouded in a political statement, this was a heist of monstrous proportions, possibly perpetrated by North Korea in retaliation for the film “The Interview”. At least five unreleased movies from Sony Pictures were stolen and subsequently circulated freely to the public, with over 880,000 downloads in just a single day. The damage in terms of lost productivity and revenue is incalculable. Losses including those from high-profile feature films such as “Fury,” will be hundreds of millions of dollars against an already teetering balance sheet. This was the last thing Sony could afford yet the company employed no technology capable of detecting or repelling such an attack.

“At Personam, our Insider Threat Detector is the most advanced in the world.”

Sony isn’t alone, the vast majority of companies and government agencies are equally vulnerable from an inside job perpetrated by a rogue employee or person with inside access. The most advanced firewalls provide little protection against the enemy cloaked as a trusted insider with access. Defensive measures point outward, assuming attackers will assert their greatest effort against the strongest fortifications. However, attackers target the weakest layer of security, the trust place in employees with access to the network. Thieves, activists, and foreign spies spear phish credentials from top-level employees or outright recruit those individuals to their cause. The hactivist organization Anonymous, for example, deliberately inserts members into job interviews to plant those members in positions of trust.

Sony’s situation doesn’t need to be the new normal. The insider threat is preventable. Not through defending assets but instead employing behavior profiling. Improved hiring practices, background checks, two-factor authentication, advanced firewalls, and log-file analyzers are ineffective at detecting a committed insider. The only real way to defend against the insider threat is to deploy automated behavioral profiling that indiscriminately observes distinct features and employs a non-parametric alerting system, meaning it uses no “set rules” for an insider to discover or bypass. This technology is effective, maintains employee privacy, and is available today.

At Personam, our Insider Threat Detector is the most advanced in the world. Our latest appliances are non-intrusive and easily inserted into local networks. These systems have caught insiders engaged in illegal or prohibited behaviors in 100% of their installations, a testament to how common insider threats truly are. Our detectors are so sensitive that the faintest threats are detected yet well-behaved enough to produce few false-positives.

If Sony had used Personam’s Insider Threat Detector, their current breach could have been prevented. For less than the cost of one hour of outage, Sony could have protected their entire company for years. The current best practices are ineffective at catching real insider threats and give a false sense of security. Companies and government agencies must acknowledge the damage insiders can bring and immediately prioritize non-parametric behavioral monitoring technologies that preserve the privacy of each employee’s digital activities while detecting malicious intent.

Personam Featured in MarketWatch Article on Insider Threat

Personam’s Founder and CEO, Chris Kauffman, was interviewed for a MarketWatch article on insider threats , “Are you a psychopath? Your boss wants to know”.

 

About Personam

Personam is the leading innovator using advanced analytics and machine learning to detect insider threat attacks in-progress. Personam’s appliance provides passive network monitoring without the dependence of endpoint software agents or pre-defined event input data. Often installed and operational in less than an hour, Personam continuously monitors the behavior patterns of the users and devices on the network. The moment a threat is detected, analysts in Personam’s monitoring center are notified and aid the client with incident response. Personam’s headquarters and research labs are located in McLean, VA. More information can be found at www.PersonamInc.com.

Personam Briefs the CXO Forum on Insider Threats to Small and Medium Businesses

Chris Kauffman, Founder and CEO of Personam, spoke to a gathering at the CXO Forum this morning on the things every executive needs to know about Insider Threats. Patrick Stump of Roka Security was also on hand to brief the group on the growing external threats to organizations.

CXO Forum is a monthly gathering for CEOs of growing and mid-sized companies. The CXO offers C-level executives a safe haven where peer-to-peer discussions of ideas and solutions can take place in an environment of collaboration that builds collegiality. Recently, the forum’s members have grown concerned over the escalation of cyber threats to their businesses.

About Personam

Personam is the leading innovator using advanced analytics and machine learning to detect insider threat attacks in-progress. Personam’s appliance provides passive network monitoring without the dependence of endpoint software agents or pre-defined event input data. Often installed and operational in less than an hour, Personam continuously monitors the behavior patterns of the users and devices on the network. The moment a threat is detected, analysts in Personam’s monitoring center are notified and aid the client with incident response. Personam’s headquarters and research labs are located in McLean, VA. More information can be found at www.PersonamInc.com.

Cyber Security Summit in NYC

Personam generated large crowds at their booth supporting the Cyber Security Summit in NYC. Companies from industries ranging from Big Pharma, Finance, Banking, to Energy all spent time learning about Personam’s insider threat detecting solution. Most of the attendees already understood the importance of protecting their organizations from internal threats, but many did not know that an advanced solution was now available. They spoke to Personam representatives, and watched live demos in the booth. The Summit proved to be a great one-day event.

Insider Threat Detection – How It Works Flyer

Detecting active threats on a compromised network is an exceptionally difficult task, and very few organizations have been able to accomplish it. The evidence of this is clear from a single industry statistic: eighty-six percent (86%) of all data breaches go undetected by the breached organization. Insider threats play a significant role in this problem, and traditional cyber security tools can do little to address it.

 

Download How It Works Flyer

HowItWorksFlyerImageSmall-01