Insider Threat Consultancy, Donovan Risk, weighs in as cybersecurity intelligence firms battle it out in Insider Attack Simulation
During a U.S. Cyber Command insider threat attack detection event, touted as The Wolf in Sheep’s Clothing, Jazz Networks emerged from the Aesop Fable-labeled competition -- as champion.
Scott Swanson, Managing Director and Owner of Donovan Risk’s insider threat boutique consultancy, made several observations and remarks following the event results. “Competitions are great for exposure and earning industry recognition, but to achieve the Cyber Command award was a huge win for the 2-year old start-up company as they ranked not only #1 in Best Overall Performance but also dominated six other categories against insider threat cyber defense players.”
Swanson, who has worked for the Defense and Intelligence community and remains an insider threat InfraGard liaison to the FBI, further shared, “The global cyber threat is real and the government’s current posture against insider threats as enablers to malicious actors, groups, and nation states is a high priority for our security and economic prosperity. This achievement by ‘Jazz’ just signaled to the entire community they are a serious contender--if not leader--in the space.
In the competition, real-world scenarios were rigorously tested to demonstrate to the Federal community who was up for the challenge. Judges assessed the solutions across daily activity alerts that consisted of prohibited or suspicious activities, or combinations and variances in occurrences of both. “Extra-credit” was awarded to participant solutions that identified events even outside of judging rounds.
Malicious or Prohibited activities included some of the following:
-Elevated privilege level to Administrator or root
-Installing keylogging or malicious software on machines for sniffing or dumping passwords
-Copying files from file share to external device or attempting to exfil via Internet
-Brute-Force password guessing
-MiTM attacks
-Performing denial of service attacks
Suspicious included:
-Installing software for concealed web traffic
-Google searches for malicious software
-Printing sensitive data
-Inserting USB on machines that rarely have any inserts
-Installing remote-access software
During the exercise, several factors were evaluated, two of which were detection and incident response. According to the results, Jazz responded to both successfully, signaling a strong approach to identifying indicators of intent. Their product capabilities showed that across the incident response platform landscape, Jazz Networks addressed a combination of User Behavior Analytics (UBA), Data Loss Prevention (DLP), and User Activity Monitoring (UAM) in a single solution. Further, the use-cases that Jazz Networks has created and input for learning are much more plausible than some of the older known “bad things” that are easily cherry picked from many systems on the market today. Others are giving a false sense of security if their use cases are not up to current or emerging threats.
“From a technological perspective and the use cases it is constructing or refining, it’s evident that Jazz Networks can be very successful across the attack timeline by being able to identify and block breaches or policy violations, as well as to investigate, respond, and gain control of adverse events. Coupled with a foundational Insider Threat Program, the Jazz Agents and Jazz Infrastructure has a powerful architecture to assess events and actions,” Swanson shared. “I’ve been impressed by what I’ve evaluated in their product’s Forensic and Threat Hunting, and of course what we have seen in the results today of their Insider Threat Detection & Response. I’m looking forward to what they have coming in Compliance and Policy Management, which is potentially going to further distance them from the competition. When the computer-based training goes into effect, they will be lapping some of the current vendors.”
Swanson rose a viewpoint on Jazz’s trade secret capabilities, as well. “Now here is another factor that I like that most companies will miss. Jazz’s machine learning works with super-rich metadata. If you compliment that system with the intellectual property trade secret metadata found within a company, there is going to be extensive visibility into hidden areas that can also assist information risk management and analysis that goes beyond policy violations.” Swanson added, “The real-time actions against an insider threat speeds up endpoint response time to conduct actions such as immediately isolating, locking, and authenticating potential malicious intent. Once you work that across predefined scenarios and human behavior indicators that, in your program, can be corroborated or fed by your company’s general counsel, human resources, or management, you have a very, very powerful risk mitigation capability.”
DONOVAN RISK is an insider threat consultancy specializing in program RedReview independent assessments, training, and Trade Secret Asset Management reviews and implementations. www.donovanrisk.com