Features, Insight, Opinion

Using hybrid-analytics to proactively prevent insider threat

Mohamed Mysara, SAS Customer Advisory, MEA Public Sector, outlines the role that a hybrid-analytics security culture can take in today’s digital landscape. 

Digital transformation is not just a buzzword; it’s a reality shaping the nation’s future. As the country continues to embrace cutting-edge technologies and smart solutions, the risks associated with insider threats have grown in parallel. These threats, which come from within organisations, are particularly concerning as they involve individuals who already have legitimate access to sensitive information and systems.

Unlike external cyber threats, which are often faceless and distant, insider threats are personal. They involve trust being broken within the organisation, making them more challenging to predict and prevent. The motivations behind these threats can vary widely, from financial gain and revenge to intimidation or ideological reasons. This variability makes it difficult for traditional security measures to detect and prevent insider threats effectively.

Governments are leading massive efforts to strengthen safety and security. However, collaboration across all sectors—private, public, and individuals—is essential to maintain national security, creating a unified approach to combating insider threats and contributing to the broader goal of a secure and resilient community.

Understanding Insider Threats in Today’s Digital Landscape

As digitalisation deepens, insider threats become more sophisticated, involving employees, contractors, and business partners with unprecedented access to vast amounts of data and advanced tools. When this access is misused, whether intentionally or accidentally, the consequences can be severe. Insider threats not only pose significant risks to organisations—such as exposing proprietary information, revealing vulnerabilities to competitors, or introducing malware—but in some cases, they can also jeopardize lives and compromise national security.

The complexity of these threats is further compounded by the difficulty of detection. Traditionally, identifying insider threats has been a manual and intensive process, often requiring investigators to sift through vast amounts of data from multiple, disconnected systems. This method is not only time-consuming but also inconsistent, as it heavily depends on the investigator’s experience and education. This inconsistency creates gaps in threat detection, leaving organisations vulnerable to risks that could have otherwise been mitigated.

SAS’s Hybrid Analytics Approach to Insider Threat Detection

SAS addresses these challenges by leveraging a hybrid analytics approach, which combines multiple methods—such as business rules, anomaly detection, predictive modelling, and network analysis—to create a comprehensive and effective threat detection system. This approach enables investigators to uncover patterns and trends that are often invisible in isolated data sets, leading to more accurate and timely identification of potential threats.

For instance, SAS’s solutions can reveal an employee’s behavioural trends across various data sources, such as emails, IT activities, and communications, enabling early detection and intervention. By aggregating and comparing these behavioural patterns against historical data, high-risk individuals can be identified and flagged sooner. This proactive approach is crucial in today’s fast-paced digital environment, where the speed of detection can mean the difference between mitigating a threat and suffering significant consequences.

SAS’s approach also recognizes that insider threats do not magically appear, they are part of a broader ecosystem of risks that include cyber threats, fraud, and compliance issues. By integrating insider threat detection with other risk management strategies, SAS provides organisations with a more holistic view of their security landscape. This integration allows for more robust and resilient defences, ensuring that organisations are not only reacting to threats but actively preventing them.

Case Study

One prominent success story demonstrating the effectiveness of SAS’s approach involves a large federal government agency with over 60,000 employees and more than 1,200 field offices, the agency’s data is stored in a 40-plus node of Hadoop data lake populated by various source systems. Using SAS, the agency ingests and cleans tens of millions of records daily, pulls data from its extensive Hadoop data lake, and tracks tens of thousands of entities with billions of events. The SAS solution enabled the generation of critical alerts on high-risk personnel, helping analysts prioritize cases effectively. Additionally, the platform uncovered hidden “unknown” leads, significantly enhancing the agency’s insider threat detection capabilities.

The SAS Viya platform offers a robust solution for managing insider threats by integrating AI-driven analytics with scalable and flexible data management. It provides real-time insights crucial for proactive threat detection, enabling organisations to stay ahead of potential risks.

SAS Visual Investigator, a key component of this platform, integrates data from various sources, including employee records, email communications, VPN logs, and HR events, into a unified system for comprehensive analysis. This tool features scenarios developed across these data sources, allowing for comparisons of employee activity against their history, peer groups, and predefined thresholds (anomaly detection). By using statistical models, SAS Visual Investigator helps detect significant deviations that indicate potential insider threats

In addition to identifying individual threats, SAS Visual Investigator can also detect broader patterns of risk across the organisation. For example, by analysing data from multiple sources, the platform can identify clusters of high-risk behaviour, such as a group of employees exhibiting similar signs of discontent or stress. This capability is particularly valuable in large organisations where it is easy for individual threats to go unnoticed amidst the noise of everyday operations.

Additionally, SAS Visual Investigator includes scorecards that combine results from hundreds of scenarios to generate a comprehensive risk score. This score provides a clear, consistent assessment of potential risks, enabling investigators to make informed decisions about how to respond to alerts, whether it’s recommending further investigation, training, or disciplinary action.

Building a Proactive Security Culture

Shifting to a proactive security posture requires more than just technology—it demands a strong security culture supported by executive leadership, clear policies, and ongoing employee training. For a hybrid analytics solution to be effective, organizations need to ensure these measures are implemented correctly and maintained over time.

As governments continue digital transformation initiatives, the collective efforts of public organisations, private companies, and individuals are crucial to combating insider threats. By adopting a holistic approach, leveraging advanced technologies and building a security-first mindset across all levels, we all can contribute to a more secure and resilient future. This collaborative effort is not just about protecting assets; it is about safeguarding the future of the nation as it navigates the complexities of the digital age.

For more information on SAS’s Insider Threat solutions, you can explore detailed capabilities [here]

Image Credit: SAS

Previous ArticleNext Article

GET TAHAWULTECH.COM IN YOUR INBOX

The free newsletter covering the top industry headlines