Address: Keangnam Building – Landmark 72, Pham Hung Rd., Nam Tu Liem Dist., Hanoi, Vietnam
Phone: 0971 360 360
PRODUCT & SOLUTION INTRODUCTION
VIETTEL INSIDER THREAT DETECTION (VCS – InT)
THE NECESSITY OF THE SOLUTION
Compared to external threats, Insider Threat is difficult to predict and prevent, but when they occur, insider threats cause the strongest impact on the organization’s operations. According to 2022 Cost of Insider Threats Global Report of Ponemon Institute: 44.3% The increase in insider incidents took place between 2020 and 2021
Organizations are facing:
– Objects that unintentionally or intentionally use tools and software that are not regulated (shadow IT)
Viettel Insider Threat Detection (VCS – InT) is a product of Insider Risk Solution series that provides early detection of objects with unintentional or intentional risks of harm (data breach, system sabotage, fraud) for organizations coming from abnormal behavior on workstations inside the organization.
– Collection of data events and user behavior
Collect comprehensive data from sources like: data (documents, systems, accounts) and behaviors, habits of object by agent on workstations: internet, mail, file, app connection, usb, printing, clipboard (or integration with DLP systems)
– Abnormal behavior monitoring and risk assessment
Alert potentially at-risk objects by continuously tracking and assessing risk scores for all sessions of objects with even the smallest abnormal behavior on workstations with AI technology (User & Entity Behavior Analytics).
- Subjects unintentionally or intentionally illegally view, leak internal data, customers, sourcecode, account information,..
- Unintentional or intentional objects accessing, unauthorized system impact
The above problems are often caused by 3 groups of subject: careless users, users with bad intentions, account information taken over by attackers.
In addition, traditional Data Loss Protection (DLP) systems are preventing data leakage through known channels. There is no early detection, lack of linguistic information about the violators and not covering all existing and ongoing harm risks in the organization. For organizations using DLR solutions, VCS-InT combines interactive behavior collection capabilities with data and collects human behavior with AI (User & Entity Behavior Analytics) technology to assess risk across all user sessions. Focus on high-risk groups: Those who quit their jobs; Outsource, partners; Privileged accounts (IT admin, DevOps,..); External objects or interactions (Sale, Customer Service,..)
– Risk Management and Classification on Workstation
The level of organization’s risk and the improvement
The group of laws and signs is at high risk
User groups (department, position,..) are accounting for a high proportion of risk
– Customize the set of laws and signs according to the specifics of the organization
HIGHLIGHTS OF THE SOLUTION
– Early detection of risks with predefined rules and indicators
Assessing the risk level of the user based on historical context and habits.
- Abnormal access to the system is not in accordance with the location, function
- Anomalous data viewing, download actions that are not related to work
- The sensor data is being sent to the outside
- Actions using software, systems (shadow IT) are not regulated
- Unusual actions with personal and group history habits such as: login hours, strange connections, data collection, editing/deleting multiple documents, using strange software, preparing tools, etc.
– Enhance alert quality by grouping users’ work activities automatically
Users (Human Resources, Information Technology Administrator, Programmer, Partner, etc.) are grouped automatically according to their behaviors on workstations. Within a group that shares the same characteristics, the abnormality level of a behavior is reduced if other users in the group perform the same behavior
Agent: Software installed on workstations to monitor and detect anomalous behaviors
VCS – InT Server: Server that manages, analyzes, correlates and consolidates related events captured and reported by Agents, and notifies high-risk entities within the organization
VCS – InT Web Portal: Management interface that displays notified entities and generates report screens