Insider threats are a growing
security problem for businesses everywhere. In fact, up to 60%
of cyberattacks come from within the organization itself.
Attacks can come from employees (intentionally or unintentionally) leaking
sensitive information, installing malware or falling for a phishing attack.
Security vendor Veriato has created a platform which they argue can help to reduce the risk to businesses from insider threats.
We sat down with Patrick Knight,
Senior Director of Cyber Strategy and Product Management at Veriato, to discuss
how businesses can stay secure from growing threats.
Could you tell us a bit about who you are and what Veriato does?
I’m the product manager for our
Insider Threat protection technology, Cerebral, which is a combination of user
activity monitoring and user and entity behaviour analytics. Both components
help to limit inside threats within the business.
On one side, activity monitoring
provides detailed evidence that employers need to do an investigation in the
event that a trusted insider has mishandled information. On the other side,
user behaviour monitoring and analytics (the machine learning component) helps
you look at the large organisation over time and protects privacy.
Cerebral is a software-based solution
that uses a server and an endpoint client or agent. It’s installed on all the
endpoints you want to monitor in the organisation to track user activity and
Is it important for businesses to be monitoring employees?
Absolutely. In this day and age of
massive data breaches, it’s not a matter of if, but when.
In fact, there are stats that project that as many as 60% of all breaches are
caused by a trusted insider, whether accidental or not.
Our technology gives you the ability
to look at data breaches and say, ‘Oh it was an accident, we need to work on
education,’ or to determine if employees are willfully looking for somewhere to
What kind of data is Veriato protecting?
If you’re a financial organisation,
it’s probably financial data. If you’re a healthcare organisation, it’s
probably patient information. Every organisation has data that they need to
protect. And there are a variety of ways it can fall into the wrong hands.
When organisations give insiders
access to their data, it’s assumed that they will handle it appropriately. But
maybe the insider’s life is in a bad place, or they want to seek revenge on the
business, or simply be fooled by a phishing email — there are dozens of reasons
that insider attacks happen.
Data can be walked out the door by a
trusted insider, downloaded to a USB stick or uploaded online. Employees can
even sabotage or breach systems and pass information to competitor
organisations — and it happens more frequently than you’d think!
Any way it’s carried out, willfully or accidentally, compromised data security
causes serious problems for the business. Veriato works to prevent this from
What sort of monitoring is carried out, is it all end user desktop activity?
It’s essentially monitoring
everything — all activities that occur on the endpoint that are generated by
However, you can narrow it down if
you need to. For example, based on data protection regulations.
For those organizations with
heightened concerns over employee privacy, our user and entity behavior
analytics is the perfect solution. It uses machine learning to examine a user’s
activity changes over time and even compares groups for anomalies. If the
machine learning indicates there is cause to investigate, the security team can
then react and examine the detailed forensics data. If that machine learning
anomaly never occurs, the activity is never sent to the Cerebral server and privacy
concerns are abated.
How do admins get visibility over this data, can they see it in real time?
The alerts are in real time, with
constant visibility. The user gets reports, real time alerts, and dashboards.
Our solution is also configurable to
the organisation’s needs. An administrator can oversee everything, department
managers can oversee the activities of the people in their jurisdiction — it
depends on the structure of the business.
This goes for monitoring alerts as
well. For example, if an employee is low-performing, Cerebral provides evidence
that shows that they’re using their work computer for personal use. Or, in the
event of a crime being committed, we give the necessary evidence, such as a
full video playback that shows whether an attack was planned or accidental.
These are just a few examples that
would go to the manager, but there are plenty of others.
So, take me through a breach. Say I want to download something on a USB stick and walk out of the office, how does your platform stop that?
We have an agent on every device, so
we can look for specific activities. This means we can tell when files are
being copied to external storage, or when large amounts of files are being
emailed or uploaded to a cloud storage platform like Google Drive or even the dark
We are constantly collecting data so
that, in the event of a breach, we can look at all of the activities that led
up to it. Organisations therefore get the full context, which is what a lot of
other solutions miss. If they’re at the network layer, for example, they may
see the data being exported. But they don’t have the contextual visibility of
what occurred on that endpoint leading up to the event.
That’s how we stop breaches. We not
only provide visibility into the breach itself — we provide visibility into
what led up to it. If a user’s risk profile changes, the policy for that user can
be changed to block data uploads and prevent breaches.
What types of companies need this technology, is it mostly larger enterprises?
Every organization, regardless of
size or industry, has some data protection need. Whether that is due to industry
compliance regulations such as HIPAA or PCI, or sensitive intellectual property
protection concerns or simply worker productivity or harassment issues, a
technology to give that needed visibility to identify fraud or breaches is constantly
Organizations are now being held
liable for data breaches. It doesn’t matter if the breach was due to external
attacks or internal ones – accidental or malicious – data protection legislation
and regulations are focusing on the organization who collect the data for
This means organizations of any size or
industry have a gaps in their security when it comes to those individuals with
authorized access and passwords to the data.
Alongside Cerebral and Investigator, Veriato also offers Ransomsafe. Can you tell us about that?
My background includes 12 years in
the anti-malware industry. Anti-malware is blocking and protection against
malware, including ransomware. But there’s still headline after headline of
companies crippled by malware infections. Why are these organisations still
suffering infections and downtime, and having to pay these ransoms, if the
Endpoint Protection is so effective?
Well the answer is, they’re not.
Because they’re signature based, and they’re good at detecting what they’ve
already seen, but not good at detecting the new stuff, that’s coming out
tomorrow. So, we’re not trying to be an anti-malware solution.
Instead, we understand what
ransomware does, which is to try and encrypt your data. When we see that, we
immediately lock out that account and back up all the data. So, you don’t lose
For my last question, can you summarize why our readers would need this product?
Data breaches are not going away —
they are only going to continue to grow. There’s no regulation around how much
data organisations can collect on users, and breaches are not unique to any type
of data. So, your use case could be vastly different, but the size and impact
of that data being breached is not — a breach can cripple your organisation and
cost a significant price.
It can sometimes take months for
breaches to even be identified. Would you know if data was walked out the door
by a trusted insider? How long would it take you to find out it had been sold
to a competitor on the dark web? How do you remediate against an attack when it
has been several months?
This is the value of Cerebral. We
monitor to give you real-time visibility and spare enormous expense and
uncertainty. There’s no size limit to the problem, and the scope is enormous.
Dealing with that scope is the problem we’re trying to solve.
Insider threats are only going to
grow more prevalent as cloud based technologies make it easier for company data
to be accessed anywhere, at any time, by trusted insiders.
Knight makes a powerful point that a company with only 10 employees can easily collect data on millions of people, with no regulation to stop this. Platforms like Veriato could become vital tools for all companies to protect this data.
Read independent reviews of the top cyber security products and services: Expert Insights
Find out more about Veriato: Veriato Home