About Us

Index Engines Introduces CyberSense Dashboard

Index Engines’ CyberSense detects the most sophisticated attack vectors by scanning backup and snapshot data with over 200 content-based analytics and machine learning to identify corruption and the most recent good version of files and databases, enabling intelligent and rapid recovery to minimize downtime. There is no other product on the market that offers the same level of depth and breadth of analytics across files, databases, and core infrastructure.

Jim McGann, Vice President of Index Engines said, “Ransomware attacks are becoming more sophisticated and more challenging to recover from. In the ongoing battle against cybercriminals, organizations need to arm themselves with the most powerful and insightful capabilities on the market today.

Therefore, CyberSense stands alone in delivering full content analytics which will uncover even the most advanced data corruption along with a new powerful and intuitive post-attack dashboard which will allow customers to quickly recover from disruption and minimize business downtime.”

Index Engines introduced a new dashboard for its CyberSense security analytics product to provide intuitive post-attack forensic reports that provide insights into data corruption caused by a ransomware attack. The new CyberSense interface streamlines the user experience by providing detailed information about who, what, where, and when an attack occurs. If signs of an attack are discovered, analytics are provided to help cyber security specialists in the recovery process. High-level information on why machine learning generated an alert and the scope of the attack.

To streamline the recovery process, exportable analytics are required to scope and analyze attacks independently/on their own. In a single dashboard, pre-programmed and customizable reports are required to investigate the attack. Who was affected, and which servers were affected? How much harm was done?

Listing of corrupted files, as well as the last good version. Capability to analyze corrupted files to determine the user account and executable used to corrupt data. When did the corruption happen, and what backups should be recovered? Customers of CyberSense will be able to access this new interface in the third quarter of 2022, with the first release focusing on post-attack recovery.

Read more articles:

The benefits of cyber threat intelligence!

How expensive is Insider Threat?

Proofpoint published a report on the costs and trends associated with negligent, compromised, and malicious insiders. Notably, impacted organizations spent an average of $15.4 million per year on overall insider threat remediation and took 85 days to control each incident.

According to the report, the frequency and costs associated with insider threats have increased dramatically over the last two years across all three insider threat categories, which include: careless or inattentive employees/contractors, illegal or malicious insiders, and cybercriminal credential theft.

EVP of cybersecurity strategy at Proofpoint, Ryan Kalember says, “Months of sustained remote and hybrid working leading up to “The Great Resignation” has resulted in an increased risk around insider threat incidents, as people leave organizations and take data with them.”

“In addition, organizational insiders, including employees, contractors, and third-party vendors, are an attractive attack vector for cybercriminals due to their far-reaching access to critical systems, data, and infrastructure. With people now the new perimeter, we recommend layered defenses, including a dedicated insider threat management solution and strong security awareness training, to provide the best protection against these types of risks.”

Managing Insider Threat in the era of Work From Home Policy

The COVID-19 pandemic forced organization to work remotely. By allowing employees to work remotely, they put themselves at greater risk of being exposed to insider threats. Staff could be distracted by personal online activities and mix them with work-related ones due to today’s global state of affairs. Because of this, tailored phishing campaigns and other cybercrime attacks are more effective. While working away from the office, employees are more likely to neglect cybersecurity protocols, exposing remote devices to cyber attacks. Working remotely increases the risk of being a target for cyber criminals because of the additional technical vulnerabilities it introduces, such as insecure network connections. However, security professionals must encounter threats or attacks from the insiders. Dissatisfied or angry staff members are exploiting the fact that many companies do not provide secure access to off-site networks. They are also taking advantage of their co-workers who may unknowingly cause damage.

New methods of prioritizing and reducing cyber risk are needed because of the insider threat phenomenon. A process improvement plan is needed for security teams to resolve deliberate or accidental misuse of resources. They should be equipped with better and specific solutions like insider threats to deal with threats and gain insight into attacks.

Malicious insider activity poses the following risks to firms:

Data loss or corruption — Insider activities can include making changes to or deleting confidential information. Trying to recover deleted or corrupted files can be time consuming and frustrating.

Financial loss — This includes costs for cleaning up after an attack like system upgrade and making restitution to those who were harmed like clients and vendors. The more damage an attack causes, the more money a company has to spend to fix the damage it causes.

Brand Image loss — Customers’ confidence in a firm will be disturbed if it fails to protect their data, and that trust is difficult to restore.

Employee Monitoring

As part of an insider threat risk mitigation program, companies should limit and control user access. Organisations should restrict and minimize access by only authorizing employees the level of privilege required for them to do their tasks. Likewise, businesses should reassess staff members’ access rights on a regular basis and remove access that are not required for staff to fulfil their work roles. 

Employee Access Restrictions and Control

It is important for companies to incorporate controls for restricting staff access and managing insider threat risks into their overall risk mitigation strategies. Businesses should restrict and minimize access by only authorizing staff members the access required for them to do their functions and carry out responsibilities. The implementation of the Zero-Trust model can benefit the organisation. Likewise, organisations should reassess staff members’ access rights on a frequent basis and remove any access that are not required for staff members to fulfil their work tasks.

Teleworking Policy

Businesses should begin by creating a proper teleworking policy that outlines network and data security issues. Developing a strong teleworking policy is an effective way to prevent insider threats, especially those that arise from negligence. It is essential for teleworking policies to include several key elements. Teleworking policy must tackle the problem of remote access. Employees working from home should be able to connect to business networks using company-owned systems as long as they follow remote access rules that define permitted BYOD practices like the use of multi-factor authentication (MFA) passwords.

Employee education and training

Staff members must be extensively trained and educated about using, organisational resources securely as part of their work. Staff members must also be equipped with knowledge of the latest cyberattack techniques, like phishing and social engineering. They should be taught the best practices to avoid cyberattacks.

To detect insider threats effectively, companies must have centralised security visibility and management to monitor their remote and distributed staff.  The crux of detecting an insider threat lies in the ability to clearly define “normal” in the new scenario of work from home policy. User behaviour analysis can help a company better mitigate insider threats and protect its key resources when used with zero-trust access.

Insider Threat Management – An Overview

An insider threat occurs when employees, vendors, or business associates who have access to an organization’s information, network, or premises use that access intentionally or unintentionally to compromise the security and perform malicious activities like theft, fraud and damaging systems.

Types of Insider Threats are –

  • Malicious Insider – A malicious insider is an employee who intentionally steals information for monetary or personal gain. Since they are very well acquainted with the company’s security policies and procedures, they have an advantage over other attackers.
  • Negligent Insider – Insiders do not want to put the company at risk, but they do so unintentionally by acting recklessly. An employee who does not adhere to IT security policies or make mistakes due to poor judgement. e.g., an administrator who does not install a security patch.
  • Compromised Insider – An employee whose computer is infected with malware is a typical example of a compromised insider. This usually occurs as a result of phishing scams or clicking on links that lead to malware downloads.

Some Key Features of Insider Threat Management Solutions are –

  • Privileged Access Management (PAM) – ITM solution determines who has access to systems and applications at any given time. PAM apps can do this by creating and deleting user identities. It employs password vaulting, encryption techniques and access control for mission-critical technologies and applications. For password and data sharing PAM uses encryption which is a secure way of communication and it prevents attackers from reading data. A compromised credential is at the heart of the majority of security breaches. As a result, Privileged Access Management (PAM) is an essential component of ITM (Insider Threat Management) solution.
  • User Activity Monitoring with Big Data Analysis – Security threats have increased and become more complex as work-from-home and remote-work activities have expanded. As a result of remote work, security priorities have shifted, and security protocols have been changed. Insider security management tools create models of user behaviour and assign risk scores. Creating behavioural baselines based on various factors like timing of activity, data accessed and actively learning what is acceptable behaviour is the most effective way to detect insider threats without producing a large number of false-positive warnings. To detect privilege misuse, sophisticated machine learning models and data science is used to track and analyse vast quantities of data from a variety of sources. This helps in the detection of multiple attacks spanning multiple alarms, allowing for rapid detection and response.
  • Investigation and Threat Mitigation – In case an intruder breaches the perimeter and gains access to the organization’s network, security teams can search for multiple compromised credentials or abuse indicators to confirm the threat. ITM’s machine learning is used by security teams to generate security-relevant signals. These techniques will help in visibility and detailed forensic analysis.

A successful Insider Threat Management solution requires an understanding of what organization values and what could potentially harm or threaten those assets. A complete understanding of an organization’s assets allows for proper coordination and risk management. A tried-and-true ITM solution starts with figuring out where an organization’s properties are kept and who has access to them. This allows for a more comprehensive classification of each asset’s risk and the implementation of risk-based mitigation strategies.