Cyber Hawk

Frequently Asked Questions

• What are insider threats?

  An insider threat is the possibility of an organization’s insiders — such as employees, vendors, suppliers, consultants and business partners — misusing their authorized access or organizational know-how to harm the organization’s networks, systems and data. An insider threat can be executed unintentionally or with malicious intent. Either way, it compromises the confidentiality, availability and integrity of an organization’s systems and data. An organization can leverage an intelligent tool such as Cyber Hawk that automatically scans a network for internal threats out of the purview of a firewall.

• What is an example of an insider threat?

  Insider threats can be largely divided into three types:

  • Malicious insiders: Individuals who maliciously and intentionally abuse legitimate credentials to typically steal sensitive information for financial or personal incentives. For example, a disgruntled employee can copy your organization’s sensitive data before joining a competitor.
  • Careless insiders: Also called negligent insiders, such individuals are ‘innocent pawns’ who unknowingly expose their organization’s IT environment to external threats. For example, an employee can unintentionally harm their organization by clicking on a malicious link.
  • A mole: An outsider who manages to gain insider access to an organization’s network by posing as an employee or partner. For example, an employee about to leave your organization can create a duplicate account to gain access to your network. This account could still give the employee "insider" access if you do not identify the account and deactivate it.

  Cyber Hawk uses "smart tags" that allow it to adapt to each unique IT environment. Smart tags enrich the detection system by adding information about specific users, assets and settings. These tags help Cyber Hawk gain intelligence about what it detects ensuring the right type of insider threat is detected in your network. As a result, over time, highly accurate alerts are generated since more potential threats and fewer false positives are identified.

• What are insider threat indicators?

  A list of indicators can help your organization identify individuals who could be potential insider threats. These indicators primarily have to do with an individual’s behavior and/or digital activity. Here’s a list of the most common indicators:

  • Indicators related to behavior
    • Expressing dissatisfaction with the organization
    • Attempting to circumvent the organization’s security
    • Regularly working beyond working hours
    • Showing resentment toward co-workers
    • Routinely trying to violate the organization’s policies
    • Openly contemplating a resignation or discussing new opportunities
  • Indicators related to digital activity
    • Logging into enterprise applications and networks at odd hours
    • Attempting to copy large amounts of data
    • Accessing resources irrelevant to the job position
    • Accessing systems or data they aren't authorized to
    • Using unauthorized devices
    • Deliberately looking for sensitive information
    • Sharing sensitive information outside the organization

  Cyber Hawk combines machine learning and intelligent tagging to identify insider threat indicators such as anomalous activity, suspicious changes and threats caused by misconfigurations.

• What is insider threat detection?

  Insider threat detection refers to the process of detecting and identifying persons who might present an insider threat risk due to their concerning behaviors. An organization can use both human and technological elements for insider threat detection. The process of threat assessment usually follows insider threat detection to compile and analyze information about a person with the possible interest, motive, intention and capability to harm the organization.

  Cyber Hawk has a built-in breach detection technology that finds footholds that an organization’s antivirus can’t. It detects keyloggers, trojans, spyware, unauthorized registry changes or other malicious activity.

• Why is it important to detect an insider threat early?

  Detecting insider threats early is extremely crucial for organizations of all sizes since insiders know exactly where your organization’s sensitive data lives and how it can be accessed. You wouldn’t want a thief/stranger to know the entire layout of your house and the location of all your valuables, would you? Therefore, whether an insider has malicious intentions or not, it’s important to implement a strategy that can help you get an early warning or indication about an insider indulging in risky or out-of-policy behavior.

  Along with instant alerts, Cyber Hawk also automatically generates weekly and monthly summaries of the issues and insider threats it has identified. These recaps create a regularly updated set of reports that describe the potential threats in a way you can easily understand.

• How does insider threat detection work?

  An insider threat management strategy is mostly implemented using one or more insider threat detection tools that monitor insider behavior, issue timely alerts and assess the alerts to eliminate false positives. Such tools can utilize:

  • Machine learning (ML) to analyze and prioritize the most relevant alerts
  • User and event behavioral analytics (UEBA) to detect any deviation from normal data access activity
  • Database activity monitoring to identify policy violations

  Along with instant alerts, Cyber Hawk also automatically generates weekly and monthly summaries of the issues and insider threats it has identified. These recaps create a regularly updated set of reports that describe the potential threats in a way you can easily understand.

• What features should insider threat detection include?

  An effective insider threat detection software must at least be able to:

  • Expose unauthorized logins or attempts to restricted devices
  • Identify a new user profile added to the key systems such as the business owner’s computer
  • Find an application installed on a locked-down system
  • Generate alerts when unauthorized wireless connections are established with the organization’s network
  • Record every time a new user is granted administrative rights
  • Detect unusual logins from an employee
  • Identify whether sensitive data is being stored on machines where it doesn’t belong
  • Detect breaches that have made past the firewalls and antivirus software
  • Expose potential hacker footholds inside an organization’s IT environment

  Cyber Hawk is packed with all the above features and more. Most importantly, it lets you view and manage everything from an online portal.