GoSecure, a leading provider of Managed Detection and Response (MDR) services and a predictive Endpoint Detection and Response (EDR) platform, announced the addition of Insider Threat Detection and Response to their portfolio.
Insider incidents caused by malicious insiders, or where credential theft was the goal, accounted for 32% of incidents. With the remaining 68% the result of end-use negligence, the challenge increasingly is knowing good behavior from bad.
Whereas many Insider Threat solutions are focused on data, GoSecure Insider Threat Detection and Response (ITDR) is focused on users, actions and behaviors.
“Insider threat is a growing issue for most organizations, increasing to the point where 34% of organizations have experienced a malicious insider incident,” said Neal Creighton, Chief Executive Officer of GoSecure.
“Our approach is unique in that we allow security teams to define suspicious behaviors and actors rather than simply defining data to be protected. GoSecure Insider Threat Detection and Response is event-driven, not data-driven.”
Offering more than 50 unique insider threat event types, GoSecure ITDR provides almost unlimited flexibility in creating the exact rulesets required for any organization. By combining personnel with actions, GoSecure ITDR can detect user behavior and respond immediately with a variety of potential actions.
GoSecure ITDR has also taken a unique approach to responding to suspicious activity. Proprietary 3D Adversary Manipulation allows the GoSecure endpoint sensor to prevent or manipulate an event prior to processing by the operating system. GoSecure 3D Adversary Manipulation provides 3 distinct capabilities:
- Deny: Completely block access to a file, registry, remote host, etc.
- Delay: When the evaluation criteria for the condition is met, the sensor will “sleep” for the specified time before passing the operation through to the operating system. Rather than zipping a file in seconds, for example, the process can be delayed for minutes. This gives the security team advance warning as well as time to respond.
- Degrade: When the evaluation criteria for the intercept rule is met, the sensor will degrade the operations by corrupting data or replacing it with alternate content. This can give the appearance of a successful operation, but the sensitive data has been replaced.
Based on customer-defined criteria, GoSecure Insider Threat Detection and Response also can record user activity via keystroke recording or video capture.
According to Creighton, “The National Insider Threat Task Force Maturity Framework establishes user activity monitoring as a key capability for US Federal agencies. In conversations with some of our largest customers, the private sector has defined very similar requirements.”
Monitoring web traffic before the browser encrypts it is the final key element of GoSecure Insider Threat Detection and Response. Rather than decrypting SSL traffic using the traditional man-in-the-middle approach, GoSecure ITDR performs SSL introspection.
SSL introspection is performed by the GoSecure sensor to review the web request, and data, before it is sent to the browser. This allows GoSecure ITDR to apply policy without having to rely on decrypting the web traffic.
GoSecure Insider Threat Detection and Response provides an unprecedented view into an organization’s suspicious user activities. With flexible monitoring and response options, GoSecure ITDR gives security teams not only the time to respond, but the information to make an accurate assessment of the risk.
GoSecure offers a full range of cybersecurity solutions from advisory services that include cybersecurity threat assessments and penetration testing to full stack security technologies and managed security services – powered by the CounterTack platform that addresses detection and response, insider threats, and forensics analysis that mitigate emerging attack vectors like ransomware and fileless malware.