Why scalability is essential for insider risk management


This is the third post in our blog series discussing insider threat monitoring versus insider risk management tools. Read previous posts here.

Scalability and Total cost of ownership are critical factors in almost all enterprise IT operations, including security. In today’s dynamic environment, organizations need solutions that reduce the demands of few security and compliance staff, do not complicate their lives and do not increase their operating costs. They need solutions that can be deployed quickly and economically without the need for an abundance of new infrastructure.

DevOps Connect: DevSecOps @ RSAC 2022

Likewise, commercial organizations need solutions that can scale with them, be deployed with minimal impact on the workforce, and not disrupt important and necessary workflows. One need only look at traditional data loss prevention solutions with their myriad rules dictating which users can perform what actions with each set of data, in advance, to understand the challenge of deploying and maintaining a solution on large groups of users.

Scalability is especially important when it comes to tackling insider risk, data loss prevention and user behavior analysis. Unfortunately, Insider Threat Monitoring Solutions cannot meet this need. The amount of data collected while capturing and processing video adds up quickly. Their system resource and network bandwidth requirements are intensive in nature, requiring above-normal processing power from the endpoint and additional cloud storage.

Likewise, with such a diverse and distributed workforce, device types, and operating systems, pervasive support for macOS, Windows, Linux, Citrix, and Android is imperative to provide true coverage and visibility to the company. Legacy insider threat monitoring tools are no longer able to provide this ubiquity based on OS configuration upgrades and changes focused on security and privacy. To look at Apple’s MacOS Monterey version for example.

Insider threat protection requires solutions that can distinguish between legitimate use and malicious intent and can be deployed quickly at scale. DTEX installs on hundreds of thousands of endpoints in just hours and begins protecting information immediately with analytics based on proven human behavior patterns. DMAP+ technologyThe effectiveness of does not depend on constant human intervention or trying to infer intent based on TTPs.

Unlike invasive monitoring approaches, DTEX INTERCEPTION anonymizes user intelligence and collects only the minimal amount of metadata needed to create a forensic audit trail and identify risky behavior, which never slows down network, endpoint or user performance. This allows DTEX Internal risk management approach to quickly scale the solution to hundreds of thousands of endpoints with continuous, near real-time visibility. DTEX requires less than 0.5% CPU per endpoint and only collects 3-5MB of data per user per day, creating no noticeable impact on network, employee productivity, or endpoint performance termination.

In our next article discussing the critical factors when comparing insider risk management and insider threat monitoring solutions, we’ll discuss behavioral analytics and their role in understanding the key differences between these two types of solutions.

The post office Why scalability is essential for insider risk management appeared first on DTEX Systems Inc..

*** This is a syndicated blog from the Security Bloggers Network of DTEX Systems Inc. written by Jonathan Daly. Read the original post at: https://www.dtexsystems.com/blog/why-scalability-is-a-must-have-for-insider-risk-management/


About Author

Comments are closed.