This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Labs Ideas

Drive innovation and crowdsource improvement by submitting enhancement requests for RSA Labs.

Insider Threat Management

Submitted by Employee on ‎2019-07-29 02:27 PM

The following idea is part of an RSA internal innovation contest. We are sharing these ideas to gather feedback from customers and help employees improve on their concepts.  Please share your reactions to this idea by Voting and/or Commenting below. There are 8 total ideas to review now through Aug 23. You can find additional ideas here.

If you are interested in being a potential development partner on this or another idea, please use the comment button or send an email to labs@rsa.com.

 

** REMINDER ** This is an internal RSA concept ONLY and has not been committed to development or product roadmap.

 

Thank you!

- RSA Labs

 

Summary

Combining the three solutions of Identity Governance and Lifecycle, User Entity Behavioral Analytics and Risk & Vulnerability Assessments; RSA Insider Threat Management solution can provide a comprehensive view of internal vulnerable users and associated risk scores. This, in turn, can be used to enable faster detection and remediation of risks through automated proactive downstream processes.

Detail

Insider threats are emerging from vulnerable users. Subjected to social engineering or other attacks, applications, and resources the user has access to can become susceptible. The risk vector expands if the user has access to privileged business-critical applications.

 

Processes may be put into place to identify vulnerable users. However, these are frequently siloed and make it difficult to obtain a holistic view. Identification of false positives is mostly manual and time-intensive. Mostly SOC teams will not have enough data points to correctly assess the criticality and urgency of a threat.

 

Functionality:

  • Identification of potential insider threats, lateral movement by external attackers or general misuse of accounts.
  • Definition and implementation of appropriate policies focused on user vulnerabilities including automated notifications/approvals for account disablement, segregation of duties enforcement and recertification of critical access.
  • Reducing ‘Time to Action’ for Security teams/Management with more holistic data and automated actions.
  • Gain rapid visibility with relevant reporting and dashboards showing vulnerable users’ access permissions.
  • Bring focus on vulnerable users and enable tailored security training to reduce the attack surface and manage potential risks.
2 Comments
DesmondKwang
Contributor Contributor
Contributor
‎2019-08-02 12:57 PM
‎2019-08-02 12:57 PM

Looking forward to the prototype/product of this innovation. This could potentially integrate and provide more data points to a SOAR.

MohammedMustafa
Employee
Employee
‎2019-08-13 02:05 PM
‎2019-08-13 02:05 PM

Thank you Desmond. Yes, integrating this with SOAR is one of the other usecase that we have & this will offer customer an intelligent data source with automated solution.

Idea Statuses

Unspecified 8
© 2020 RSA Security LLC or its affiliates.
All rights reserved.