DoControl is named as a Representative Vendor in 2022 Gartner® Market Guide for Insider Risk Management Solutions. Gartner recently published the market guide which assists in understanding and implementing a comprehensive insider high risk management solutions program.
Gartner describes how “the increase in a hybrid or remote workforce, compounded with additional vendor integration, has prioritized insider risk management as a focus area for security and risk management leaders.” The guide also includes mandatory capabilities for enterprise IRM platforms, which are as follows:
- Orchestration with other cybersecurity tooling (including SOAR)
- Monitoring of employee activity and assimilating into a behavior-based risk model
- Dashboarding and alerting of high-risk activity
- Orchestration and initiation of intervention workflows
First and foremost, DoControl is very excited to be listed as a Representative Vendor. We believe this is to be market validation that our solution supports every platform capability that Gartner highlights as necessary for the enterprise to mitigate insider risk.
The DoControl solution sends logs, intervention workflows execution summaries, and custom incidents to SIEM and for SOAR the solution ties external remediation paths to DoControl to trigger SOAR playbooks; all SaaS users and activities are captured by leveraging SaaS metadata sources to monitor and control all activities; end-user behavioral analytics are conducted to establish a baseline and alert security teams of insider threats; and our Security Workflows allow for data access control policies (i.e. intervention workflows) to be applied consistently throughout the SaaS estate – all from a single control point.
A quote pulled from the Market Guide:
“Not every insider risk becomes an insider threat; however, every insider threat started as an insider risk.”
We believe this is a powerful statement. Risk’s need to be addressed prior to what might seem insignificant evolves into a material threat to the business. As organizations attempt to become more agile by adopting tools and technologies to address remote working environments, as well as stitching together all the different vendor integrations, they need to ensure the security aspects are not left as an afterthought.
It is a lofty statement to claim that any technology vendor can fully mitigate the risk of insider threats. It cannot be achieved by any single technology, or individual vendor. It requires more than just technology: people and process are equally as important. Beyond insider risk management, these three core pillars are mostly present to address many other areas within a modern security program.
People are one of an organization’s most critical resources, but we are all prone to error. Making mistakes is a part of human nature. Educating the workforce to be more security minded is one thing, but taking it further to intertwine the core pillars outlined above is the optimal outcome. It's taking the ‘continuous improvement’ methodology of identifying opportunities to streamline work, reduce waste and improve security awareness in an ongoing fashion.
The same concept should be applied to data access security. Ongoing risk assessment and evaluation can be a challenge. Put in place the right controls. Create data access control policies that enable secure access to sensitive data and prevent unauthorized access. User behaviors should be proactively corrected by notifying them on high risk events– of course without being big brother or inundating them (or the IT department) with notifications.
This is a clear example of streamlining work as it enables the individual actor to take matters in their own hands (i.e. revoke access to a specific shared drive with a third party vendor who no longer requires it). And it reduces waste in that this process bypasses security operations involvement, allowing those teams to focus on events that are more serious in nature. This is taking a risk-based approach to security. This approach also stifles potential insider risk before it evolves into a more significant threat. There are many different insider threat profiles (i.e. negligent and intentional) and motivations (i.e. financial gain or business disruption). Regardless of either, it is clear that organization’s need to do everything they can to mitigate these risks in today’s digital landscape.
Security starts within when it comes to managing insider risk. Partnering with DoControl adds a necessary layer of data access controls to enable security teams to more effectively manage insider risk. Find out more.
Gartner, “Market Guide for Insider Risk Management Solutions”, Jonathan Care, Paul Furtado, Brent Predovich, 18 April 2022. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.