Monitoring user behavior in SaaS applications provides early indicator of Insider Threat
90% of security threats are from insider risks. These can be due to sloppiness, mistakes or malicious intent.
A sound defense against insider threats is based on reducing the risk of data exfiltration and exposure.
Polymer tracks user access and actions across SaaS Apps allowing in depth analysis of behavior. Suspicious activity analytics around deviations in behavior help guide the investigation.
User Activity Monitoring and Tracking
1. Suspicious Downloads of Documents
A contractor overseas has been downloading bunch of files from OneDrive overnight, is this is a legitimate activity?
2. Masquerading FILE Types
A .xml file type might actually be a pdf containing employee PHI data. Any miscreant changes to file types will still be caught as a violation by deep data inspection of documents using OCR, NLP and ML.
3. Someone about to Resign?
A user might be downloading or accessing documents in folders or buckets en masse recently. This can be an early warning indicator of data exfiltration before resigning.
4. Measuring Risky Behavior
Understanding the contents of datasets can give insights on a ‘riskiness’ of users. A user will deviate from its mean risk score by opening certain files (let’s say financial models) today but has not touched such docs in the last few weeks.
5. File Access Level Changes
A Restricted File containing PHI data that has been made ‘PUBLIC’ in Sharing method can be an easy way to transfer data out of an organization. Auto-expiring or downgrading these links in near real time can restrict exfiltration while timely alerts can notify of serious transgressions.
6. Fat Key Events
Has someone just changed permissions on a folder or shared a document in Slack in #general channel containing sensitive data? Could be in error. Redacting this data and notifying users with inline nudges and training can reduce such occurrences.