• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer
  • Internet Threat Center
  • Blog
  • Contact
  • Weekly Demo
  • Search

Plixer

Network and Security Intelligence Platform

Menu
  • Solutions
    • Overview
      • Incident Response System
      • Behavior Monitoring
      • BYOD Monitoring
      • Voice and Video Monitoring
      • Compliance Assurance
      • Virtualization Visibility
      • Cloud Service Monitoring
    • Industries
      • Education
      • Financial Services
      • Retail
      • Healthcare
      • Service Provider
      • Government
    • Your Role
      • CEO or IT Executive
      • Network Admin
      • Security Analyst
      • Application Engineer
      • VMware and Server Admin
    • Why Plixer
  • Products
    • Scrutinizer
      • Scrutinizer Overview
      • Network Analysis
      • Security Analytics
      • Multi-Tenancy
      • Advanced Reporting
      • Distributed Data Collection
      • Install Options
      • Request a Quote
      • Download Options
      • Trade-In Program
      • Competitor Worksheet
    • Flow Replicator
      • Replicator Overview
      • Flow Replicator Evaluation
    • FlowPro
      • FlowPro Overview
      • FlowPro Evaluation
      • Request a Quote
    • Free Downloads
      • Scrutinizer
      • Flowalyzer
      • IPFIXify
  • Support
    • NetFlow, IPFIX, & sFlow Configuration Guide
    • Available Scrutinizer Updates
    • End of Life Policy
    • Scrutinizer Manual
    • FlowPro Manual
    • Replicator Manual
    • FAQ
    • Services
    • Training Videos
  • Resources
    • White Papers
    • Case Studies
    • Webinars
    • Brochures
    • Solutions Briefs
    • Forensic Investigation Kit
    • Free Book Compliments of Plixer!
  • Partners
      • Partners
        • Find a Partner
        • Become A Partner
        • Partner Login
      • Technology Alliance Partners
        • Additional Integration
        • Cisco Systems
        • Citrix Systems
        • Endace
        • Gigamon
        • Ixia
        • Paessler – PRTG
        • Palo Alto Networks
        • VMware
        • Splunk
  • About
      • Company Overview
      • Awards
      • Our Culture
      • Careers
      • Our Customers
      • Community Outreach
      • Events
      • Press Releases
      • In The News
Home > Blog > Network Security

Three Strategies to Catch and Stop Insider Threats

09.26.18 by James Dougherty

Earlier this year I worked on a document that addressed some of the common misconceptions about Scrutinizer. One of the subjects that caught my attention was Scrutinizer’s ability to mitigate insider threats. Honestly, I really wanted to dig deeper on all the subjects on my list, but the marketing team frowned on me passing along a hundred-page report when they were really looking or two-page fact sheet with links. As time passed, the idea of Scrutinizer’s ability to monitor, detect, and mitigate these types of threats kept on tugging at me. So when I got the opportunity to talk more about it, I jumped on it.

Catch and stop insider threats

What is an insider threat?

I’m sure that most of you are familiar with what an insider threat is, but I wanted to make sure that everyone reading was on the same page.

“Insider threat is a generic term for a threat to an organization’s security or data that comes from within. Such threats are usually attributed to employees or former employees, but may also arise from third parties, including contractors, temporary workers or customers.” – TechTarget

Scary, isn’t it? A lot of companies are facing the issue where people with varied degrees of technology skills can be a huge security threat. In addition, just the sheer size of some of today’s networks can hinder the ability to understand what a current or former employees is or was doing from day to day. This limits companies when trying to stop insider threats.

Strategy 1:  Use metadata to gain complete visibility and stop insider threats

As I mentioned, the sheer size and scope of today’s networks can hinder the security team’s visibility that is needed to detect things like insider threats. That’s where metadata like NetFlow/IPFIX come in.

NetFlow/IPFIX delivers a record of every conversation, along with other important conversation elements, to a reporting/monitoring tool via a UDP stream. Many of today’s networking devices support this type of flow. Using this metadata resource with a reporting/monitoring platform that fully leverages the data allows you to gain visibility across your entire network with far less overhead.

Strategy 2:  Have a data retention policy that exceeds that requirements of your compliance or departmental policies

Having a record of every conversation, even the little ones that hang out at the bottom, is no longer a luxury in today’s digital world. With attacks and other nefarious activities running rampant, and with the numerous compliance laws and regulations, the ability to retain conversation data for an extended amount of time is a now a requirement and is vital for stopping insider threats.

Clearly a strong data foundation is important for seeing and stopping insider threats. I have worked with people on both sides of this story. On one side I have worked with companies that didn’t have this historical data and when a threat was detected, they had little information for investigation. I have also worked with people who leveraged their historical flow data to investigate the incident and used that same data to report or monitor other related hosts/conversations.

Strategy 3: Leverage DNS monitoring tools and other threat detection algorithms to identify abnormal traffic

Monitoring network trafficSo far, we have talked about the best way to gain the visibility needed to monitor and detect security concerns like insider threats. This data by itself is valuable, but as I have mentioned a couple of times, the size and scope of some of today’s networks can produce an overwhelming amount of information. That is why it is important to use tools that scan flow data for various traffic patterns and detect patterns that look suspicious. This not only cuts down on the amount of time needed to detect a security incident, but also lessens the time to resolution considerably.

These algorithms not only help detect attacks, but more importantly, can detect traffic patterns that are related to surveillance and reconnaissance on your network. On that note, I would also recommend that you use intelligence solutions like FlowPro Defender to monitor for things like DNS data links, malware, DNS Command and Control, botnet detection, and Domain Reputation. FlowPro Defender takes DNS traffic and extracts the fully qualified domain name associated with a conversation. This adds a whole new layer of visibility.

Many of the companies that I have worked with have enhanced their security posture by employing these three strategies.  If one of your requirements is improving your security posture and gaining deeper visibility but you don’t know where to start?  Why not evaluate Scrutinizer?

Categories: Network Security Tags: detecting insider threats, effective insider threat investigation, monitoring for insider threats

About James Dougherty

James Dougherty's avatar

I have worn many hats in my professional life. Support engineer, developer, network admin and manager are all points on my resume, but the one common thread with all of these jobs is that I enjoy working with people; that is what I do here at Plixer. I make sure that everyone understands our product and can get the most out of it. It's just simple 'no bull' support!Let me know if you have any questions, I would be happy to help.- Jimmy D

Reader Interactions

sidebar

Blog Sidebar

Subscribe to our blogs

Recent Posts

  • How to Configure Meraki for SNMP Polling
  • Why ERSPAN is Important for Network Security
  • The dangers of IoT devices and what you should know
  • Real-Time DDoS Detection & Analysis
  • Cisco ASA Access List Reporting

Search Top Blog Categories

Configuration
Cyber Attack
Cybersecurity
Incident Response
IoT
NetFlow Monitoring
Network Monitoring
Network Security
Network Traffic Analysis
Network Traffic Monitoring

All Blog Categories

Footer

Social Media

FacebookTwitterYoutubeLinkedin

68 Main St Ste 4
Kennebunk, ME 04043
+1 (207) 324-8805
+1 (207) 324-8683

Solutions

  • Incident Response System
  • Behavior Monitoring
  • BYOD Monitoring
  • Voice and Video Monitoring
  • Compliance Assurance
  • Virtualization Visibility
  • Cloud Service Monitoring

Products

  • Scrutinizer
    • Network Analysis
    • Security Analytics
    • Multi-Tenancy
    • Advanced Reporting
    • Distributed Data Collection
    • Install Options
    • Request a Quote
    • Download Options
    • Trade-In Program
    • Competitor Worksheet
  • FlowPro
  • Replicator

Support

  • NetFlow, IPFIX & sFlow Configuration Guide
  • Available Scrutinizer Updates
  • End of Life Policy
  • Scrutinizer Manual
  • FlowPro Manual
  • Replicator Manual
  • FAQ
  • Services

Resources

  • White Papers
  • Case Studies
  • Webinars
  • Forensic Investigation Kit
  • Free Book Compliments of Plixer!

Partners

  • Find a Partner
  • Become A Partner
  • Partner Login
  • Technology Alliance Partners
  • Cisco Systems
  • Citrix Systems
  • Endace
  • Gigamon
  • Ixia
  • Paessler – PRTG
  • Palo Alto Networks
  • VMware
  • Splunk

About

  • Company Overview
  • Awards
  • Our Culture
  • Careers
  • Our Customers
  • Community Outreach
  • Press Releases
  • In The News

© 2019 Copyright Plixer, LLC. All Rights Reserved. Terms and Conditions | Privacy Policy