Insider Threats

What is an Insider Threat?

An insider threat can happen when someone close to an organization with authorized access misuses that access to negatively impact the organization’s critical information or systems. This person does not necessarily need to be an employee – third party vendors, contractors, and partners could pose a threat as well.

The potential risks of insider threats are numerous, including installing malware, financial fraud, data corruption, or theft of valuable information. To counteract all these possible scenarios, organizations should implement an insider threat solution with 6 key capabilities:

Detect Insider Threats

Uncover risky user activity by identifying anomalous behaviour.

Investigate Incidents

Investigate suspicious user activity in minutes—not days.

Prevent Incidents

Reduce risk with real-time user notifications and blocking.

Protect User Privacy

Anonymize user data to protect employee and contractor privacy and meet regulations.

Satisfy Compliance

Meet key compliance requirements regarding insider threats in a streamlined manner.

Integrate Tools

Integrate insider threat detection with SIEMs and other security tools for greater insight. 

Email Security

No longer is Email Security solely concerned with spam.

Targeted attacks, Phishing, Data Loss, Auditing, Compliance and Confidentiality concerns are now well and truly in the domain of Email Security.

The use of Email is now so ubiquitous that most, if not all businesses rely heavily on it for vital internal and external communications. The prevalence of email-enabled Smart Phones means that Email is constantly on, with the user 24/7, wherever they are.

Data Loss via email is on the rise varying from users mistakenly sending to the wrong address, to maliciously leaking data to themselves or others. How much sensitive data do you own that at some point or another has been sent via email? What controls can you put on data when it's sent via emails? How can you control access to an attachment once it leaves your network?

Phishing is used by attackers to get users to provide personal information, such as credit card details, bank account numbers, passwords etc. This can be achieved by imitating a bank's login screen, or simply asking the user to reply to the email with their password.

Targeted attacks are more sophisticated than Phishing. They target certain people in the business to learn key information, which could then be used in further attacks. Targeted attacks will be specific to a particular person or people with something in common, and will have a higher rate of success.

Auditing is becoming a more widespread requirement; from companies looking to provide reputable email archiving, to legal and compliance reasons to keep all emails for audit purposes

Web Content Security

Facebook, Twitter, LinkedIn, YouTube, Office 365, Dropbox... There's more to the internet than URL's and Categories.

Historically, a web filter maintained a large database of URL's and their category. Policy consisted of either a blacklist or whitelist, controlling what categories users could access.

Then there was the "Web 2.0". The Internet became more than web sites; web applications are now commonplace. Looking deeper, Facebook is more than just Social Media. Embedded games such as Candy Crush, Farmville etc. mean that you need a way to granularly control access, both to URL categories, as well as web applications.

Once you've decided what sites and applications users can visit, you need to make sure those sites haven't been infected with malicious software. Web Browsing is one of the most common attack methods for malware. With the continued use of Flash, Java, Silverlight and many other plug-ins that almost always, are not up-to-date, means you need a way to protect your users and their data.

Finally, consider what information could be leaked through a web browser. Access to online storage such as Dropbox; webmail such as Google Mail and collaboration sites such as Office365 means that users have the ability to upload sensitive business data.

How can you control this? The traditional method is to block it all - "They can't harm us if they can't do it" mentality. Then you need to collaborate with a third party on a particular project, or your CEO wants to access his Gmail account while at work. How can this ad-hoc policy be formalised and scaled up to an enterprise level?

Perimeter Security

Traditionally, IT security best practice was to ensure you had a strong, secure network perimeter. Clearly defined ingress / egress points, with layers of firewalls protecting these points ensured that all of your systems were protected.

The downside to this method was that it created a false sense of security. A "hard shell" often led to a "soft centre"; where attackers, malware and rogue employees had free reign.

With the new technologies being adopted within the business, it can now be quite difficult to identify your perimeter as it may change on a day to day basis. Simply securing the network perimeter is not enough.

However, perimeter security is still needed. Internal network segmentation, along with the creation of multiple de-militarised zones (DMZ) mean the "soft centre" is now somewhat stronger.

Traditional perimeter devices were able to protect your information only from a network level allowing Host A to communicate with Host B using Port X. This level of protection is no longer enough.

Almost every firewall vendor now has a Stateful Packet Inspection. What other features might be useful? Intrusion Protection can be incorporated, ensuring protection up to layer 7 of the OSI model. Integrated Web Filtering and AntiVirus can be useful for some, and the Application Awareness offered in most firewalls now means you can have more granular control.

For more information about the additional features you may want to incorporate into your perimeter security, see the option on the left of the page

Consultancy and Implementation Services

Our highly trained engineers have many years' experience in delivering secure solutions to meet even the most complex and specialist of requirements. Our staff members hold top level industry recognised qualifications for the products and services we offer, enabling us to advice upon deliver and implement solutions to meet all our clients' needs. Our broad technology experience and mature consulting processes ensure that the solutions we engineer deliver long lasting benefits to our clients.

The close relationship we maintain with our partners provides us with direct access to the latest product information as well as key vendor resources. In addition, allowing us to pass on the benefits of our relationships to our customers.

Using PRINCE2 project management techniques to control resources, manage business and project risks ensures a timely and effective project delivery experience. All project work undertaken by PSW  follows the same methodology from planning through to completion, with an open communications channel to a dedicated project resource throughout

Security Assessment

Any system can be at risk from attack due to incorrect configuration, lack of security patching or flawed network design. The objective of a security assessment is to obtain an 'attacker's eye view' and assess an organisation's security posture, discover weak links in the infrastructure and provide recommendation and remediation guidelines to help mitigate these risks.

Any system can be at risk from attack due to incorrect configuration, lack of security patching or flawed network design. The objective of a security assessment is to obtain an 'attacker's eye view' and assess an organisation's security posture, discover weak links in the infrastructure and provide recommendation and remediation guidelines to help mitigate these risks.

Our reports include an executive summary that clearly sets out our findings as well as recommendations for securing any discovered vulnerabilities. The detailed section of the report includes sufficient detail to allow technical understanding of the findings and comprehensive resolution recommendations. Subsequent to the test the consultant will be able to offer advice and further explanation by e-mail and phone, or by presenting the results to the Client