Detecting Insiders and Outsiders in a Zero Trust World

As IT leaders roll out zero trust initiatives to reduce access to data centers and networks, adversaries will do what they have always done: look for new ways to steal data. With digital transformation, more WFH, shifts from full to app-based VPN, and cloud repository collaboration, more and more employees are storing critical data on their PCs while sitting statically in the same location at the same IP with PCs often on 24 hours a day, making them even easier targets.

While suggested best practices of having all data stored in the cloud and none on the PC is being encouraged, many workers seek an experience that is more familiar and comfortable that replicates their way of working for sometimes decades. They therefore sync their own and often their entire group or org’s files to their local PC. And in some cases, offline work is a must for users. While IT strives to encourage best security practices, they also must attract and retain employees with productivity and outstanding user experience so therefore enable freedom of choice for each worker.

Both malicious insiders and external threat actors with less access to data centers and networks will invest more resources into stealing data on endpoints and moving from endpoint to endpoint. Protecting sensitive files with these evolving dynamics demands new ways to detect attackers and automate the prevention of data theft on endpoints. Most insiders are evading insider threat detection solutions, which are often more focused on gathering evidence to prosecute insiders, not preventing theft.