Insider risk management is the next frontier in cybersecurity. If there is any question on that statement, I will defer to the top analyst in the space, Gartner. The firm predicts insider risk will cause 50% of enterprise organizations to develop a formal program by 2025, up from only 10% today. This represents an unprecedented opportunity for partners to develop their insider risk capabilities.
Enterprises today are focused on developing a security-first culture so that every employee knows they are core to protecting the business. The key mechanism for driving this culture from the top down is through an insider risk program.
Most programs start with an executive sponsor who provides the vision and oversight of the program to a dedicated insider risk team. The team typically comprises leaders across security, human resources, legal, governance risk and compliance, and finance.
Once formed, the insider risk team develops their charter and works together to develop insider risk maturity throughout the business. This might include acceptable use policies and the security controls used to enforce those policies.
Next, they consider what actions a malicious insider could potentially take and develop use cases and behaviors to monitor for. This is where DTEX excels. Most customers struggle to monitor 20-30 use cases with traditional security tools. DTEX has hundreds of behaviors built-in out of the box that can be easily customized to meet the customers’ requirements, saving significant time that can be repurposed for insider risk program development.
Based on the maturity of the customer and their program, the customer falls into one of two camps. First is the customer that already has an insider risk program and is looking to rationalize their current tool set, typically through consolidation. The other is the customer that is looking to develop the program for the first time. Both offer opportunities for professional services:
- Insider risk program development
- Program foundation – use case/behavior development
- User behavior analytics, escalation, and triage development
- Integration of the insider risk program – SIEM, SOAR, EDR, ticketing systems
- Ongoing monitoring
- Incident response.
The net new customers to insider risk offer the greatest potential in the next couple of years. A great way to get started is to develop an insider risk assessment. This is very difficult to accomplish with customers who have dozens of security tools. At DTEX, we have developed a simple program that will provide a comprehensive assessment in just three weeks. Several of our partners have leveraged this successfully to get into the space.
Finally, there is an art to how the entire program is deployed and managed. Measuring a response to any incident is critical. If you overreact or under react there can be unintended consequences. This is where joining insider groups and learning from peers will provide ideas based on real-world examples. Another great source of information on this is the DTEX i3 team. They respond to hundreds of insider investigation requests from our customers every year.
If you would like to learn more about how you can maximize the insider risk opportunity, please reach out. DTEX is also developing a workshop series with our strategic partners where they will share best practices from their experience. Get in touch to register your attendance.