Insider Threat Management

Idea created by Paul Mcavoy Employee on Jul 29, 2019
    Information Requested
    Score240

    The following idea is part of an RSA internal innovation contest. We are sharing these ideas to gather feedback from customers and help employees improve on their concepts.  Please share your reactions to this idea by Voting and/or Commenting below. There are 8 total ideas to review now through Aug 23. You can find additional ideas here.

    If you are interested in being a potential development partner on this or another idea, please use the comment button or send an email to labs@rsa.com.

     

    ** REMINDER ** This is an internal RSA concept ONLY and has not been committed to development or product roadmap.

     

    Thank you!

    - RSA Labs

     


    Summary

    Combining the three solutions of Identity Governance and Lifecycle, User Entity Behavioral Analytics and Risk & Vulnerability Assessments; RSA Insider Threat Management solution can provide a comprehensive view of internal vulnerable users and associated risk scores. This, in turn, can be used to enable faster detection and remediation of risks through automated proactive downstream processes.

    Detail

    Insider threats are emerging from vulnerable users. Subjected to social engineering or other attacks, applications, and resources the user has access to can become susceptible. The risk vector expands if the user has access to privileged business-critical applications.

     

    Processes may be put into place to identify vulnerable users. However, these are frequently siloed and make it difficult to obtain a holistic view. Identification of false positives is mostly manual and time-intensive. Mostly SOC teams will not have enough data points to correctly assess the criticality and urgency of a threat.

     

    Functionality:

    • Identification of potential insider threats, lateral movement by external attackers or general misuse of accounts.
    • Definition and implementation of appropriate policies focused on user vulnerabilities including automated notifications/approvals for account disablement, segregation of duties enforcement and recertification of critical access.
    • Reducing ‘Time to Action’ for Security teams/Management with more holistic data and automated actions.
    • Gain rapid visibility with relevant reporting and dashboards showing vulnerable users’ access permissions.
    • Bring focus on vulnerable users and enable tailored security training to reduce the attack surface and manage potential risks.