September 23, 2019
We are extremely excited to announce that we have officially kicked off our first ever multi-part video course, “The Key to Context: The Insider Threat Kill Chain.” In this seven-part video series, I’ll be introducing you to the Insider Threat Kill Chain — the five stages followed by nearly every malicious insider threat attack — all using insights gathered from my experience as an Insider Threat Expert & Analyst at Dtex.
There’s a reason why we chose to do a deep-dive on this topic, in particular. At Dtex, we’ve been detecting, investigating, and studying insider threats for years. Over the course of hundreds of investigations, it became increasingly clear that insider threat incidents are not self-contained events — no instance of data theft, for example, is really just one file transfer dangling in solitary isolation.
It’s all a part of a bigger story.
We know this is true for two main reasons: firstly, because we’ve seen the evidence too many times to count. And secondly, because of the reason inherent to the name itself. Insider threats are humans, and human behavior is fluid.
This is why so many lock-and-block or rule-based security solutions fail to detect insider threats, and it’s also the reason why we have been so vocal in the past about the importance of seeing the full kill chain. Seeing that full story is the key to stopping data theft before it happens. It’s the key to seeing what security solutions were successfully circumvented, or which DLP rules failed, or how exactly that credential thief managed to get into your network.
Seeing the exfiltration itself may initially seem like the most important goal, but it’s the rest of the story that helps you build a stronger security posture, fill in the gaps, or stop a potential risk.
The Key to Context course aims to illuminate this with deep-dive lessons into each stage of the kill chain. Over the course of these seven lessons, I’ll be giving you an overview of the kill chain, walk you through each step, and show you in specific terms exactly what you need to be looking for in order to catch each type of behavior.
The introduction and first episode are available to watch now. More lessons will be released on a weekly basis, and we’ll notify registered students as new ones air.
Katie Burnell is a cybersecurity expert and insider threat specialist who has held roles in public and private sector organizations, including the Bank of England. At Dtex, she analyzes user activity, conducts threat assessments, and communicates security risks to clients that include large global financial institutions, power suppliers, and government agencies.