Build the Right Program

From compromised accounts and infested hosts to data exfiltration to zero-day attacks, the variety of threats from within the firewall continue to pose one of the biggest business risks due to the potential of high-level damage.

%

of insider attacks are caused by negligence and 26% are malicious in nature*.

*Source: 2022 Ponemon Cost of Insider Threats: Global Report

Taking the initial steps to create an insider threat program is not difficult. Most companies have the groundwork already established in their human-resource policies, legal processes, and information-security tools. Yet, bringing those disparate policies, processes and systems into a single program is the hard part. The resulting program should be well documented with frequent opportunities to insert feedback and lessons back into the process to drive the insider-threat program to maturity.

We have built a 7 steps program into an ‘Insider Threat Survival Guide’ containing some best practices for setting up your insider threat program :

  1. Calculate Magnitude of Impact of Insider Threats
  2. Evaluate Current Policies
  3. Evaluate Current Visibility into Insider Threats
  4. Establish a Holistic Insider-Threat Framework
  5. Create an Interdisciplinary Policy Group
  6. Create New Training Materials
  7. Determine What Technology Gaps Need to be Filled
Download the Insider Threat Survival Guide here

Find out more from this video explainer to get an idea how it works and the results it has delivered in different customer use cases.

The right program needs the right enabling technology.

ArcSight Intelligence, powered by an In-Q-Tel Portfolio, Interset, is a proven behavioral analytics solution for finding the most elusive threats.

Get more details around "ArcSight Intelligence Behavioral Analytics"

Also, don’t miss out on insights from industry expert interviews on how to strengthen your defense against insider threats:

  • Stephan Jou – CTO of Security Analytics, CyberRes
  • Paul Reid – Head of Threat Hunting Service, CyberRes
  • Stan Wisseman – Chief Security Strategist, CyberRes

Access these by viewing the 'Insider Threat Programs' series on our ArcSight Unplugged channel below

Up next:

Learn from Real-life Successes