Who - what is user or entity's role or the role they are emulating?
What - are they looking to access?
Where - what location are they accessing systems/data from, and what is the location are they accessing?
When - what time of day, what date, what week, month, etc.?
How -- what means or technology are they using to access the network -- company-issued or personal device, public kiosk, etc.?
Using this contextual knowledge, controlling access to information can be managed via rules-based risk scoring. This intelligence can also be used for predictive risk analysis of insiders' behavior to detect trends and activity that require further investigation.
The JPMC breaches serve as a valuable reminder that identity-based data sources and metrics must be integrated into the threat management cycle of monitoring, detecting, analyzing and responding.
Without visibility into user/entity behaviors, the detection, intervention and remediation of insider threats becomes a game of chance.
Sign up for CIO Asia eNewsletters.