Detecting Insiders and Outsiders in a Zero Trust World


Tom Ricoy


July 9, 2020

Hard to detect and stop malicious insiders and outsiders

As IT leaders roll out zero trust initiatives to reduce access to data centers and networks, adversaries will do what they have always done: look for new ways to steal data. With digital transformation, more WFH, shifts from full to app-based VPN, and cloud repository collaboration, more and more employees are storing critical data on their PCs while sitting statically in the same location at the same IP with PCs often on 24 hours a day, making them even easier targets.  

While suggested best practices of having all data stored in the cloud and none on the PC is being encouraged, many workers seek an experience that is more familiar and comfortable that replicates their way of working for sometimes decades. They  therefore sync their own and often their entire group or org’s files to their local PC.  And in some cases, offline work is a must for users. While IT strives to encourage best security practices, they also must attract and retain employees with productivity and outstanding user experience so therefore enable freedom of choice for each worker.

Both malicious insiders and external threat actors with less access to data centers and networks will invest more resources into stealing data on endpoints and moving from endpoint to endpoint. Protecting sensitive files with these evolving dynamics demands new ways to detect attackers and automate the prevention of data theft on endpoints. Most insiders are evading insider threat detection solutions, which are often more focused on gathering evidence to prosecute insiders, not preventing theft.

Advanced threat detection/automated prevention

D3E is designed to detect adversaries on endpoints with a comprehensive array of threat sensors that is effective in detecting both malicious insiders and external adversaries. And it automatically prevents  data theft  when a potential threat is detected. D3E threat sensors include:

  • Baselining user behavior and continuously monitoring for anomalies
  • Deception at the file and network layer used to entice and block adversaries
  • Monitoring for untrusted external USB insertion and network access

D3E furthermore integrates with popular AV/NGAV, EDR, and PAM tools to provide the most comprehensive set of threat detection capabilities available.

When any of these sensors are triggered, sensitive data is automatically protected. And the user is informed so they can take preventive actions.

These capabilities help detect external threat actors but also are highly effective at detecting malicious insiders, a growing concern among IT leaders, and often very difficult to detect.

Cigent’s ability to detect and immediately prevent an attack while it is happening catches adversaries in the very act and prevents further damage.

Cigent D3E protects your files in a way that's never been done before.

Learn More

Explore more articles.

Protect your organization's most valuable asset—your data.

Contact Us