Tips on Countering Insider Threat RisksCharles Carmakal of Mandiant on Choosing the Right Tools
Insider threats are difficult to counter: What happens when an employee goes rogue, and how do you catch them?
"We're definitely seeing a wide variety of insider threats for various reasons," Charles Carmakal of Mandiant, the investigative arm of FireEye, says in an interview with Information Security Media Group. Serious potential threats include employees secretly working for foreign states with an aim to steal intellectual property as well as rogue employees attempting to extort companies by stealing data, he says.
But some of the same tools used for detecting external attackers - including data loss prevention and user and entity behavior analytics software - can also help sniff out insider threats, Carmakal says. Those tools can help supply technical evidence that an employee may be up to no good.
In this interview (see audio link below photo), Carmakal discusses:
- What clues can indicate an insider threat versus an external threat;
- How human intelligence can augment technology in uncovering insider threats;
- Recommendations for detecting and preventing insider threats.
Carmakal is a vice president and strategic services CTO with Mandiant, the investigative arm of FireEye. He previously was a director with PwC and led its security consulting practice in Sydney.