As everyone knows, experts often recommend that the actual response include dropping connections and closing holes. But taking mass actions such as dropping connections is severe because it adversely affects business activities at scale, according to Gupta. “These systems are not granular enough to drop only a single workload but rather they disrupt the business and many workloads,” says Gupta; “it’s better to use workflow detection techniques that allow for selective intervention.”
Finally, keeping detailed accounts of insiders actions in a format that C-levels, attorneys, and others who must become involved will find accessible is vital to remediation whether legal or administrative, according to Tierney.
Though insider threats continue to be a grievous issue, adopting a solution as though it was a catch-all balm without thoroughly vetting it is not the answer. The enterprise should know what it’s getting and whether it is enough when teamed with other security resources.
Sign up for Computerworld eNewsletters.