Microsoft Giving Its Insider Risk Management Service an Upgrade
Author: Kurt Mackie of Redmond Channel Partner Magazine
…Insider Risk Management, which uses machine learning to detect data leaks, intellectual property theft, insider trading, compliance violations and fraud, was commercially released in February. Using it requires having Microsoft 365 E5 licensing...
…Microsoft claimed that its signals intelligence, artificial intelligence and "deep learning" capabilities in the agentless Insider Risk Management service represent an easier approach than trying to use separate user activity monitoring and user entity behavior analytics solutions…
• Data leaks by priority users
• Data leaks by disgruntled users
• General security policy violations
• Security policy violations by departing users
• Security policy violations by priority users
• Security policy violations by disgruntled users
The headline got me excited that this new MSFT O365 package might enable my clients to better monitor policy and data management compliance. The reality seems pretty weak. Agentless monitoring of desktop and MS Edge actions such as downloads, forwards to banned domains, etc. We have been able to see those in logs for years and to create custom log based alerts. The new Insider Risk Management alerts and templates sound great to corporate data security, HR and compliance teams. But the ‘policy indicator’ actions are still pretty simplistic. All the better templates require use of the new HR connector configured to track employee status changes (departure, demotions, performance improvement assessments and priority status lists). In the past, my clients have managed these same kinds of rules with role/user groups updated by MIS/HR ticket workflows. So how do you or your clients monitor security/data policy compliance? Do they actively monitor compliance or run periodic checks?