Morgan Stanley Insider Data Theft Spotlights ‘Profiling Analytics’

Wall Street Journal

Clint Boulton

Chief information officers establish firewalls and other layers of defense to keep hackers from stealing their corporate data. But what if the danger exists inside the moat? Analytics that profile employees’ digital work activities may be the best bet in preventing data theft by internal employees gone rogue, says one expert, but at the moment relatively few companies employ the technology.

The recent insider theft at Morgan Stanley may spur companies to invest in new digital defenses, including analytics that sift through employees work behaviors for anomalies. Such user behavior, or profiling analytics, would complement existing corporate firewalls, identity access management, and intrusion detection technologies, says Avivah Litan, a Gartner Inc. cybersecurity analyst. She said profiling analytics could alert IT when the 50 files an employee accesses daily spikes to 100,000 records. It might also compare employee activity to those of peers in their departments.

Two-year-old startup Fortscale Security Ltd. uses machine-learning algorithms to search for anomalies in employees’ computer work activities, said CEO Idan Tendler, a former agent of Israel’s cyberwarfare group. It alerts IT staff when, for example, an employee who typically accesses corporate information during the workday suddenly starts accessing corporate data from home at 2 a.m. It also correlates individual employee behavior to the behaviors of peers to see if they are accessing data sets not typically associated with the business function. “Only by profiling what is normal behavior can you spot abnormal behavior,” Mr. Tendler said.

Read more…