Home

What is the best Insider Risk Management solution?

I am personally involved in the selection and assessment of the overall Enterprise Risk Management solution. We have selected Resolver, as it met our needs and some end users in the Security community were already familiar with that tool.

230 views
29 comments
7 upvotes
Related Tags
Anonymous Author
I am personally involved in the selection and assessment of the overall Enterprise Risk Management solution. We have selected Resolver, as it met our needs and some end users in the Security community were already familiar with that tool.
2 upvotes
Anonymous Author
I think first it helps to be clear on your insider risk issues. So look at the profiles or personas or relevant roles in your business and then work out what your insider risks are. Once you know the risks, you can get clear on what controls or mitigation strategies you need to put in place or what gaps you have to fill. Then you can look at solutions and tools to help.
1 upvotes
Anonymous Author
The tool will be the least of your worries. Look at developing the policies and procedures around insider risk management. Also, be sure to inform your leadership on the difference between insider risk and insider threat. Once you have defined these things, you can look at tools like Proofpoint ITM, Dtex, Vectra, etc. to name a few.
1 upvotes
Anonymous Author
In fact this term has assumed wide definitions and meanings post pandemic with increased remote working and proliferation of endpoints. Many vendors push products like SOAR, SIEM, UEBA etc. We have very good experience with endpoint security and Data Loss Prevention (DLP) tools. Good DLP tools are Zscalar and Forcepoint
1 upvotes
Anonymous Author
ENTERPRISE RISK MANAGEMENT with diligent Identify, monitor and manage risks across the organization Continuously evolve ERM program to improve compliance and elevate public confidence Easily report on results directly to  executives
1 upvotes
Anonymous Author
I have evaluated ZScalar in past. Nothing wrong in tool but given our size and business, we chose to go positive reinforcement of training and awareness - if we still believe that insider risk management solution is needed, we will probably go for one of these. I would have definitely implemented in my last role of healthcare where I was responsible for HIPAA or consultancy role before that where I had huge chunks of HR data accessible to my staff 
1 upvotes
Anonymous Author
The best is what is right for your organization. Do you prioritize cost, cutting edge technology, reporting, ease of implementation or management? Only you can answer your question, but you always have to define your needs and wants, then you can find out what is out there and what is the best fit.
1 upvotes
Anonymous Author
Microsoft Advanced Threat Analytics can be a good pick. Worth considering especially if you already have M365 and other MS apps in your stack.
1 upvotes
Anonymous Author
It’s definitely a topic you need to approach and tackle from multiple angles. For me, a combination of meaningful training and consistent positive reinforcement, great processes/policies,  together with a software solution (like zscaler) are key to insider risk management.
1 upvotes
Anonymous Author
You need to have proper policies and procedures and a team that will manage that. The tool is a supplement and can aid in detection and risk management and can automate some of the manual checks. There are a lot of tools available, depending on whether you are looking for exclusively risk management or can be part of a larger security bundle.  The best tool depends on your use case, but I would say if you use Splunk as your SIEM then the best tool will be Splunk User Behavior Analytics (UBA). If you are a Fortinet shop i.e use Fortigate, FortiEDR, FortiAnalyzer and their security fabric then the best tool for you is FortiInsight. Other great tools are Varonis and Proofpoint Inside Threat Manager.
1 upvotes
Anonymous Author
I think I will want to say code42....others might say otherwise. But sometimes solutions often depend on the insider issues you are facing.
1 upvotes
Anonymous Author
I have had some good luck with forcepoint recently from stitching together abnormal user behavior with system and network flow logs to find some pretty deep insights. It’s a tough product to deploy at scale but if the size of org/company is right, it is worth a look to see if it works for you. 
1 upvotes
Anonymous Author
We have an in-house developed IRM that addresses our specific needs. We took this route because of the work force employ. As a production facility,  we needed a to focus on the working knowledge of how our users might be a risk, and then build our mitigation plan around them. They are our biggest risk.   
1 upvotes
Anonymous Author
We solved this problem by limiting access to any of our databases even by executives until there is an approval from a higher-level executive.  We set daily limits and total access to make sure there is no large or even small leakage of data.  Several executives get monthly reports as to total access of internal data.
1 upvotes
Anonymous Author
The products that exist will most likely meet 80% of the requirements you're looking for, rather than go in the direction of finding the product, I would focus on business priorities, policies, and procedures to help make the decision instead.  Solid vendors include: Code42, MicroFocus, Forcepoint, and Varonis. 
1 upvotes
Anonymous Author
Well, before searching for solutions We must have to Target and find potential risks within our organization. There can be many. The best solution can be firstly indexing all potential insider threats Then we can create an AI Based model or use existing solutions to implement it 
1 upvotes
Anonymous Author
It's very important question most of IT Leaders face for internal security as well as for 3rd party audits. You want to find out types of internal risks in your environment. Unfortunately there is no single tool or solution. In my case, I came up with a policy and put a procedure in place to review access reports weekly and some of DLP reports daily. NIST Framework publications can help to write a good policy/procedure to implement oversight of common insider risks. Reports from endpoint protection systems and Data Loss Prevention systems are important to include in the reviews.
1 upvotes
Anonymous Author
We have used Varonis in the past and it has proven to be a very powerful tool in analyzing risky behavior, but it works most effectively when paired with end-user education and training. I might suggest having a security risk evaluation performed to determine where your major strengths and weaknesses lie.,
1 upvotes
Anonymous Author
We've used both Microsoft's suite and McAfee's DLP solutions.  We are protecting over 130k users.  The products need to scale to a very large population.  Tuning to decrease false positives in very large environments are also key or you will drown in alerts and catch nothing.   And depending on the diversity of the types of businesses you have within the company perhaps you don't need the same tools for all divisions.  You may need more protection and highly specialized tools in your Aerospace division, but less stealthy tools in your foam ear plug division.  When possible standardize, but sometimes standardization is an economic mistake to deliver a premier solution to everyone when half the population needs the very basic solution
1 upvotes
Anonymous Author
We have evaluated a few different tools. Zscaler is our current solution, and I'm satisfied with how it performs. As other commenters have mentioned, if you are fully embracing M365 in your environment then Microsoft Advanced Threat Analytics offers some specific protection that is valuable. We are still in the early phases with that, but will be investigating the tool further. Your processes, policies, and training are going to be the areas that provide you the most "bang for your buck" compared to almost any commercial tool. Focus on those areas first and then decide on a tool that helps you identify the outliers.
1 upvotes
Anonymous Author
It will depend on your particular needs, but in my case I have 2 years using Code42 and it's a good solution.
1 upvotes
Anonymous Author
A few other people have already pointed out that an insider risk management solution is a multi-faceted project. I take the approach of setting in place extremely secure backup and recovery systems that allow rapid rollback and whose administration is in the hands of a few trusted people. The next highest priority for me is log alerts for cyber security settings. Delegating cybersecurity responsibility is unavoidable, but having all logs centralised and the logging settings as locked down as possible allows me, and the wider devops team to be notified of all changes to our firewall and server user account settings. For malicious code commits thorough PRs are the best solution. Beyond this keep up staff training sessions and morale building activities while monitoring for potentially disgruntled employees.
1 upvotes
Anonymous Author
The Varonis Data Security Platform is comprehensive and covers most edge cases.
1 upvotes
Anonymous Author
I was more involved in the selection and assessment of the overall Enterprise Risk Management solution. We have selected Resolver, as it met our needs and some end users in the Security community were already familiar with that tool.
1 upvotes
Anonymous Author
Should define the problem and the issue before hunting for a solution. Suggest to start defining what insider risk exist in your domain then craft the proposed solution from there
1 upvotes
Anonymous Author
Our dedication and time was mainly in the definition of responsibilities within the company (several business units, departments, countries, etc.) and then the functional definition: what do you want, policies, risks, flows, etc. and finally have an empowered owner of the project. This is the only important thing. If you have doubts about the tool, do a proof of concept with a couple of them. I'm sure you're doing well, that's what happened to us.
1 upvotes
Anonymous Author
A lot depends on your current infrastructure and what solutions and relationships you currently employ.  I would suggest the following good review of solutions: https://www.trustradius.com/insider-risk-management Hope this helps you narrow down the field and begin to interview vendors to find a solution.
1 upvotes
Anonymous Author
You first need a foundational strategy around IAM (AuthN/AuthX) and then ask this question. If you are looking for an umbrella you are asking the wrong question
1 upvotes
Anonymous Author
Before looking for a solution I would try to quantify and analyze the risk. What are you risk vectors? Can you implement simple internal solutions based on education and internal information? Once you have a clear understanding of your risks, you can put together a plan and at that point on you may be able to better evaluate possible solutions.
0 upvotes