In this first issue of our Haystax Insights Series we examine how Philip Wilson, a formerly high-flying corporate executive, evolves into an insider threat after experiencing a series of setbacks and misfortunes. In the early stages, Phil’s work deteriorates and he becomes increasingly confrontational with co-workers. Eventually, after he is passed over for a major promotion, he becomes disgruntled enough to steal proprietary product IP and defect to a competitor. The company’s security operations center is overwhelmed with others alerts and does not detect his growing adverse activity in time. This paper describes a scenario in which a SOC analyst using Haystax Technology’s Constellation for Insider Threat solution would have been alerted that Phil’s trustworthiness score was lowering to the point of needing to add him to a Watch List. He is then caught when he inserts a thumb drive into his office computer to steal product IP. After an investigation, Phil is terminated.
- How Phil gradually evolved into an insider threat even as his increasingly adverse behavior continued to go undetected.
- How Constellation for Insider Threat uses probabilisitic Bayesian models and machine learning to analyze a wide range of behavioral evidence and predictively identify those individuals at highest risk of doing harm to an organization.
- How Constellation would have ‘connected the dots’ and flagged Phil’s behavior to the SOC in time for him to be caught prior to stealing IP from his company.