Headlines Show How Endpoint Detection, Forensics Stop and Convict Insider Threats
Over the past several weeks, we’ve seen examples of how insider threats have been detected, arrested and successfully prosecuted. In two cases, the insider threats were identified before their behaviors exploded into full-blown incidents. In at least one, a criminal conviction was secured but only after major damages had been inflicted. The key takeaways from the headlines are that effective endpoint forensic and detection capabilities are a must have and there is no reason why organizations can’t have both.
A prime example of how insider threat detection and forensic capabilities can be used to stop and convict insider threats is found in the case of Yi Zheng. This 28-year-old Chinese national stole customer data from financial services firm AMP and then attempted to sale it on the dark web. Before he could carry out his crimes and escape from Australia back to China, he was nabbed. With the help of the Dtex platform and other security layers, Zheng was detected, prosecuted and sentenced, before things got too far out of control. Read the full story: Data theft ‘load of nonsense’
Then, there is the case of US Coast Guard Lt. Christopher Hasson. Thanks to insider threat capabilities deployed across his work-issued computer, US prosecutors were able to gather evidence needed to not only charge him with several crimes but also to stop him from carrying out a deadly terrorist attack he was allegedly planning. This is another example of why it is important to have detection and investigations capabilities available. Read the full story: Coast Guard officer indicted on gun and drug charges
In the case of Harold T. Martin III, forensics capabilities paid off. Unfortunately, an apparent lack of detection allowed this former government contractor to exfiltrate and illegally retain top secret data from agencies such as the NSA for years, before he was caught. In a comprehensive overview, Phil Muncaster at Information Security Magazine spoke with Dtex CTO Mohan Koo about the situation. According to Mo:
“This case shows that there is still work to be done when it comes to stopping criminals before they have a chance to actually steal large amounts of data over extended periods. We work with public and private sector organizations daily to help them prevent insider threats from getting out of hand. The ones that place equal emphasis on illegal activity detection and investigations experience fewer data theft incidents.”
Read the full story: Ex-NSA Contractor Pleads Guilty to Top Secret Data Theft
To learn more about Dtex forensic investigations capabilities, read: Dtex for Forensics