“I find the content of Journal of Business Continuity & Emergency Planning to be up to date, easy to follow, and applicable to the professional in the field, the student in the class, and the academic. This journal offers a mix of articles from many disciplines in a manner that allows the professional to utilise the data immediately. I have personally used material from this journal on multiple occasions, both in my academic and professional endeavours.”
How machine learning is catching up with the insider threat
Click the button below to download the full text of the article.
Abstract: The insider threat poses a unique cyber security challenge. When it comes to meeting this challenge, the type of ‘standard’ threat detection toolsets currently deployed by organisations tend to be inadequate. This paper aims to show how and why machine learning capabilities can help organisations to reduce these inadequacies, providing an essential extra element of protection. The paper explores the reality of the insider threat, illustrating that while the possibility of a malicious actor cannot be discounted, this threat is much more likely to arise through carelessness, inadvertence or lack of understanding. The paper explains the problems that can arise with such tools, including the delays and inaccuracies that can arise with configuration and updates. With its focus on behaviour (as opposed to reliance on signatures), it examines how machine learning is able to determine ‘usual’ activities and flag up events that fall outside of the ‘usual’, and looks at the benefits this can bring to cyber security teams, in terms of ability to detect as wide a range of abnormal activities as possible, improved visibility, more accurate insights and better use of resources.
Keywords: machine learning, insider threat, user behaviour, UEBA, forensics analysis
Jamie Graves is a data security and enterprise software entrepreneur and is the founder and CEO of ZoneFox. He attended the prestigious Ignite course at Cambridge University’s Judge Business School, and the Entrepreneur Development Programme at MIT. He has a PhD in Computer Science, extensive security and digital forensics experience, and was recently recognised as the ‘Champion of Champions’ at the inaugural Scottish Cyber Security awards for his contribution to the industry.