Data Rich & Intelligence Poor

Insider Threats and the Pharmaceutical Industry

This week I traveled to New Jersey to lead discussions with security leaders in the pharmaceutical industry. Our conversations were focused on insider threats and what pharmaceutical companies are doing to better protect themselves.

The pharmaceutical industry generates a vast amount of valuable intellectual property that has been targeted by malicious insiders for years. The most recent headline-making example came from Philadelphia where Federal prosecutors indicted two research scientists on charges of stealing trade secrets about drugs to treat cancer and other diseases from GlaxoSmithKline, the British drug giant.

According to The New York Times, “The two scientists, Yu Xue and Lucy Xi, worked at Glaxo’s research facility in Upper Merion, PA, and emailed and downloaded confidential data about a dozen or more company products to associates who planned to sell and market the trade secrets through a company they set up in China, called Renopharma.”

This is the latest example of the kind industrial espionage that has always plagued pharmaceutical companies, but has skyrocketed in recent years as the Chinese escalate efforts to recruit or hack insiders with access to valuable information.

Many pharmaceutical companies are taking advantage of advances in user and entity behavior analytics (UEBA) to combat data theft by insiders. UEBA has proven effective at preventing, detecting and even predicting insider attacks that have traditionally been impossible to catch because insiders access intellectual property and other critical data with legitimate credentials.

Interestingly, each of the companies I spoke with this week are already generating the data that’s needed to produce holistic risk intelligence. But without UEBA-based security analytics, they aren’t extracting any value from the volumes of data they store: data rich and intelligence poor.

Security leaders can use UEBA to tune out the noise generated by products like DLP, endpoint and gateway solutions, reduce the volume of alerts and false positives they produce, and detect malicious activity more precisely and efficiently.

Fewer false positives and more exacting logs results in less data being stored in SIEM, log managers and big data lakes. Many companies pay for storage based on volume indexing, so a reduction in log data can greatly impact the bottom line.

UEBA also reduces the number of analysts needed for the tactical operations tied to analysis and insider threats thus allowing these resources to be deployed in other areas without a loss to effectiveness.

Securonix pioneered the use of UEBA for security and is now the market leading enterprise security analytics provider across industries, including the pharmaceutical sector. Some of the areas where the pharmaceuticals have seen immediate value from Securonix include:

  • UEBA-based threat detection that automatically and accurately detects critical threats to your organization in real-time
  • Detection of insider threats that are invisible to traditional security solutions
  • Extraction of actionable security intelligence from existing data sources
  • Reduction of false positives generated by SEIM and DLP solutions by an average of 95 percent
  • Greater visibility across users, assets and data instead of the basic network telemetry often gleaned from more traditional security solutions
  • User and entity correlation to more quickly derive attribution
  • Bi-directional integration between UEBA with SIEM, case management systems and IR for improved incident response
  • Fewer false positives, reduced workload and greater ROI on existing security solutions

I’m really looking forward to the next event. There is nothing better than vertical “birds of a feather” events to start an open dialog between likeminded customers and prospects.

For more information around being “data rich and intelligence poor” or DRIP, please check out this blog by Axendia and this article “An Anti-DRIP Campaign.” I would also like to personally tank Daniel Matlis, President of Axendia, for sharing his ideas behind DRIP with me during the pharmaceutical breakfast.

A Practitioner’s Perspective of DevOps: Keeping Systems Updated
Securonix Hackathon: Building the Future of Security, Together
70% of Organizations Feel Unprepared and How Advanced Technologies Can Help
Understanding the State of Insider Threats in 2024