Insider threat represents one of the most vexing problem facing the USG. Executive Order 13587 seeks significant enhancements to address this threat to organizations critical assets-including employees, contractors and business partners. Theft of IP or classified information or PII via stolen credentials is a mounting challenge given the internal networks are often lacking effective security measures. Deployment of a lightweight micro-agent which captures metadata about user activities across the enterprise is available today and is a proven insider mitigation solution while also protecting requisite privacy.User activities are baselined to detect anomalies and patterns of good or bad behavior. The four high impact areas are:
(1) Detecting malicious cyber insiders that aren't detectable by other means
(2) Finding cases of compromised credentials that are only detectable by spotting suspicious changes in employee behavior
(3) Tracking, over time, risky behavior across the organization that puts the organization at risk, and taking a data-driven approach to putting in additional cyber security controls
(4) Using security tools to deliver other benefits to the business, such as dramatic savings in IT budgets.