Haystax: Prioritized Risks, Actionable Intelligence

Haystax Insights: To Catch an IP Thief

Using Bayesian modeling and other AI techniques to predictively identify rogue insiders.

Haystax Insights: To Catch an IP Thief

Using Bayesian modeling and other AI techniques to predictively identify rogue insiders.

In this first issue of our Haystax Insights Series we examine how Philip Wilson, a formerly high-flying corporate executive, evolves into an insider threat after experiencing a series of setbacks and misfortunes. In the early stages, Phil’s work deteriorates and he becomes increasingly confrontational with co-workers. Eventually, after he is passed over for a major promotion, he becomes disgruntled enough to steal proprietary product IP and defect to a competitor. The company’s security operations center is overwhelmed with others alerts and does not detect his growing adverse activity in time. This paper describes a scenario in which a SOC analyst using Haystax Technology’s Constellation for Insider Threat solution would have been alerted that Phil’s trustworthiness score was lowering to the point of needing to add him to a Watch List. He is then caught when he inserts a thumb drive into his office computer to steal product IP. After an investigation, Phil is terminated.

  1. How Phil gradually evolved into an insider threat even as his increasingly adverse behavior continued to go undetected.
  2. How Constellation for Insider Threat uses probabilisitic Bayesian models and machine learning to analyze a wide range of behavioral evidence and predictively identify those individuals at highest risk of doing harm to an organization.
  3. How Constellation would have ‘connected the dots’ and flagged Phil’s behavior to the SOC in time for him to be caught prior to stealing IP from his company.