Reveal detects and prevents both unintentional and intentional threats to an organization. In this instance of malicious intent, there were several triggers that would have raised an alarm if the solution had been in place.
-
Falsified identity: Reveal would have requested MFA if there was anything unusual about the login activity of the saboteur’s three framed colleagues. This helps prove if the user is actually who they claim to be.
-
Unusual activity: Our machine learning creates a baseline of an individual’s typical behavior, as well as a comparison against their peers and the whole company. If making changes to the MOS was not in the job description of the user, their access would have been identified as abnormal based on the typical behaviors established for that role and peer group. These baselines would have also determined there was suspicious code running in the background of the machines, regardless of the network or physical location.
-
Data exfiltration: Unusual quantities of data – in this case gigabytes – being uploaded from monitored devices would also trigger an alarm within the platform. When connections are made to suspicious-looking locations, MFA is triggered. Machine isolation or lock is also used when risk appears severe.
In Musk’s email to employees, he stated the employee was disgruntled because he was passed up for a promotion. There are many personnel events – such as resignations, team changes, performance improvement plans – that can prompt harmful behavior. Reveal (in particular the power search function enables clear visibility across employees to protect the company, without having to sort through data logs. Even seemingly harmless behavior like copying company documents to a personal drive in preparation for a departure will be captured, as well as the file names affected. In the case of a Personally Identifiable Information (PII) breach, this greatly increases the likelihood of being able to decipher the breach and alert the affected parties within 72 hours, the deadline now imposed by the GDPR.