How machine learning is catching up with the insider threat

Click the button below to download the full text of the article.

Abstract: The insider threat poses a unique cyber security challenge. When it comes to meeting this challenge, the type of ‘standard’ threat detection toolsets currently deployed by organisations tend to be inadequate. This paper aims to show how and why machine learning capabilities can help organisations to reduce these inadequacies, providing an essential extra element of protection. The paper explores the reality of the insider threat, illustrating that while the possibility of a malicious actor cannot be discounted, this threat is much more likely to arise through carelessness, inadvertence or lack of understanding. The paper explains the problems that can arise with such tools, including the delays and inaccuracies that can arise with configuration and updates. With its focus on behaviour (as opposed to reliance on signatures), it examines how machine learning is able to determine ‘usual’ activities and flag up events that fall outside of the ‘usual’, and looks at the benefits this can bring to cyber security teams, in terms of ability to detect as wide a range of abnormal activities as possible, improved visibility, more accurate insights and better use of resources.

Keywords: machine learning, insider threat, user behaviour, UEBA, forensics analysis

Jamie Graves is a data security and enterprise software entrepreneur and is the founder and CEO of ZoneFox. He attended the prestigious Ignite course at Cambridge University’s Judge Business School, and the Entrepreneur Development Programme at MIT. He has a PhD in Computer Science, extensive security and digital forensics experience, and was recently recognised as the ‘Champion of Champions’ at the inaugural Scottish Cyber Security awards for his contribution to the industry.