Insider Threat Package has been designed as an early-warning system to detect suspicious white-collar activity early on and trigger preventive action, the vendor claimed.
Data breaches and insider activity related to IT sabotage and fraud are on the rise, and often the actions of an individual who is about to threaten corporate security are preceded by observable suspicious activity. Security information management systems like ArcSight’s are well suited to the task of monitoring and correlating various network events, to identify where files are printed outside of business hours say, or where large file attachments are being sent to personal email accounts.
Arcsight’s event-monitoring system melds data mining technology with traditional security management to deliver what is being called contextually aware security. Its system employs data-mining algorithms to analyze a logical sequence or flow of events to identify threats, spot security patterns such as Day Zero attacks, and low/slow attacks.
The new Insider Threat Package can be trained to monitor the actions of high-risk individuals or privileged users such as those who have administrator rights, and can correlate disparate data logs from phone switches, physical building badge readers, email, or fax systems.
