Augmenting Cybersecurity in Telemetry Post Processing Environments with Insider Threat Analysis

Abstract

Mature companies implement robust cybersecurity practice in their organizations by deploying a layered defense comprising many differing security tools whose functionality complements one another. Tools such as firewalls, Anti-Virus (AV), Intrusion Detection/Prevention (IDS/IPS), Data Leak Protection (DLP), and Security Information and Event Management (SIEM) can be rolled out in many combinations to create very effective cyber defenses. A general premise is that organizations are trying to keep “bad guys” out. In recent years, focus has been shifting to address the potential for malicious (insider) employees who may wish to take actions to compromise the firms they work for as an increasing number of incidents are attributed to insiders. After reviewing the insider threat landscape as well as accepted methodologies for detection; application to telemetry post processing environments will be discussed with example deployment scenarios explored.