How machine learning is catching up with the insider threat

Abstract

The insider threat poses a unique cyber security challenge. When it comes to meeting this challenge, the type of ‘standard’ threat detection toolsets currently deployed by organisations tend to be inadequate. This paper aims to show how and why machine learning capabilities can help organisations to reduce these inadequacies, providing an essential extra element of protection. The paper explores the reality of the insider threat, illustrating that while the possibility of a malicious actor cannot be discounted, this threat is much more likely to arise through carelessness, inadvertence or lack of understanding. A focus on best practice and clear policies must always be part of the solution — backed up by threat detection tools. The paper explains the problems that can arise with such tools, including the delays and inaccuracies that can arise with configuration and updates. With its focus on behaviour (as opposed to reliance on signatures), it examines how machine learning is able to determine ‘usual’ activities and flag up events that fall outside of the ‘usual’, and looks at the benefits this can bring to cyber security teams, in terms of ability to detect as wide a range of abnormal activities as possible, improved visibility, more accurate insights and better use of resources.