NITSIG Workshop - Insider Threat Detection Tools
The National Insider Threat Special Interest Group (NITSIG) is spearheading a project with the University of Maryland, on doing evaluations of commercial Insider Threat Detection Tools (ITDT's).
ITDT vendors may use other names when marketing their tools; User Activity Monitoring (UAM), User Entity Behavior Analytics (UEBA), User Behavioral Analytical (UBA), Data Loss Prevention (DLP), Security Information Event Management (SEIM), etc.
This is a much needed and long overdue project. This evaluation and the results, will help Insider Threat Program (ITP) Managers and others involved in Insider Threat Mitigation (ITM), determine the best solutions and capabilites for their organization.
This evaluation is intended to go beyond traditional evaluation methods from Gartner and other organizaions.
ITDT Workshop
The NITISG needs your input for this evaluation project. A limited number of seats are available for this worksop (15 Seats).
The NITSIG will hold the workshop on June 5th, at the Johns Hopkins University - Applied Physics Laboratory (JHU-APL), in Laurel, Maryland. I anticipate the workshop to go from 9am-1pm.
Address
JHU-APL
Kossikoff Center
11100 Johns Hopkins Road
(Turn Right Off Of Johns Hopkins Road Onto Pond Road)
Laurel, MD 20723-6099
The purpose of the workshop will be to hear from individuals (Insider Threat Program Managers, Insider Threat Analysts, and others directly involved in:
The Evaluation / Purchasing of ITDT's (UAM, UBA, DLP, DRM, SIEM, Etc.)
ITDT Deployment / Configuration / Maintenance (Setup, Customization, Issues, Etc.)
ITDT Use (Ease Of Use, Detection, Prevention & Reporting Capabilities, Etc.)
Integration with other network security tools.
Current capabilities in your ITDT that are best assisting you in your Insider Threat detection and mitigation efforts.
ITDT features that are not available in your current tool, but would be beneficial.
This workshop is not open to ITDT vendors. The NITSIG has numerous vendors that are interested in participating in the ITDT evaluation. This workshop will lay the foundation.
The following organizations / individuals have committed to attending this workshop:
Leidos / Marcus Carpenter / ITPM
Missile Defense Agency / Jim East / ITPM
Boeing ITP / Chad Scott
Army / Michael Birmingham / ITPM
BAE / Jason Blue / Director, Investigations & Forensics
SAIC / JP LeBlanc / ITPSO
Aveshka / Warren Holt / Data Loss Prevention-Insider Threat / Executive Office of the President
Foundations To Support The ITDT Evaluation Project
In doing extensive research for this evaluation project, and speaking with a high number of ITP Managers, the consensus is that vendors seem to be telling organizations what they need, why they need their tool, and why their tool is the best.
I also sight a DoD report on the subject below.
DoD PERSEREC 2018 Report - A Strategic Plan To Leverage The Social & Behavioral Sciences To Counter the Insider Threat
Insider Threat Detection Tools: High Price Tags / Steep Learning Curves
Page 14
The sheer size of the past and present DoD workforce, along with the mandate to monitor all activity on classified networks, has motivated a number of technological innovations.
Today’s user activity monitoring (UAM) and user entity behavioral analytics (UEBA) products can: ingest multiple data sets, to include free text; automatically anonymize data and link datasets; baseline behavior against individual and peer group norms; identify anomalies; assign risk scores; and present actionable results on easy-to-navigate dashboards. Faster processing times and cheaper storage enable agencies to simultaneously gather, organize, and analyze disparate data sets and respond to potential threats in near real-time.
UAM and UEBA tools are expensive, and critics have begun to ask whether the value-add sufficiently exceeds the price tag, especially when these tools have steep learning curves. According to several SMEs, many tools were not designed with end-users in mind, cannot be quickly deployed “out of the box”, and / or require maintenance that causes lengthy outages. In the absence of comprehensive and free market surveys, consumers have begun to educate themselves on open source solutions that could meet their needs without the corresponding high cost.
https://www.dhra.mil/Portals/52/Documents/perserec/reports/TR-18-16-Strategic-Plan.pdf
Please contact me with any questions, or let me know if you would be interested in attending this workshop.
Interested In Becoming A NITSIG Member?
http://www.nationalinsiderthreatsig.org/nitsigmembership.html
Contact Info / Questions
Jim Henderson, CISSP, CCISO
Founder / Chairman Of The National Insider Threat Special Interest Group
CEO Insider Threat Defense, Inc.
Insider Threat Program Development / Management Training Course Instructor
Insider Threat Vulnerability Assessor & Mitigation Specialist
888-363-7241 / 561-809-6800
www.nationalinsiderthreatsig.org
jimhenderson@nationalinsiderthreatsig.org
www.insiderthreatdefense.us
james.henderson@insiderthreatdefense.us