Threats to security from within an organisation are sometimes malicious attacks, but not always. Employees make mistakes – they misuse systems, plug in unauthorised memory sticks, access non-secure websites, and click on email attachments that open the door to a network attack.
Reducing risk involves putting in place measures to block and prevent these unwitting security breaches, as well identifying and responding to cyber attacks from inside the organisation.
QinetiQ’s insider threat management solution includes:
A multi-layered architecture with ingress and egress protection
Active defence monitoring to detect unusual and anomalous activity on systems and networks – using state-of-the-art IDS and IPS devices and signatures together with central monitoring to provide an overall picture of what is happening on the network
Analytics that use big data technology to collect and profile data on the system or network and provide reports
The use of static defences built on best-of-breed SIEM (Security Incident and Event Monitoring) technology
Specialised attack detection and monitoring solutions – including honey pots and honey nets and Remote Forensic Agents (RFAs)
We can also provide an incident response service and forensic handling if required, either on-site or remotely.