"Two days later, the engineer accessed multiple servers and moved the downloaded files to a NFS (Network File System) location, which he made mountable and attempted to sync the files to prohibited consumer cloud storage service."
She said the user was flagged as soon as he created the NFS mount point, "based on predictive modeling, and his VPN connection was terminated."
But as effective as that sounds, even advocates of UBA warn that, like any security tool, it is a "layer" of protection, not a guarantee.
"Perfection cannot be achieved," Overly said. "If an insider is intent on causing harm to the business, it may be impossible to prevent it."
Sign up for CIO Asia eNewsletters.