Journal article

Insider-threat detection: Lessons from deploying the CITD tool in three multinational organisations

Abstract:: Insider threat is a persistent concern for organisations and business alike that has attracted the interest of the research community, resulting in numerous behavioural models and tools to tackle it. However, the effectiveness of detection of these tools has scarcely been demonstrated in real environments. In order to fill this gap, we collaborated with three multinational commercial organisations who trialled our anomaly detection system, and worked with us to understand performance constraints for insider threat detection deployment and innate weaknesses in their operational contexts. During a period longer than a year, we were provided access to real data in their premises and interacted with their cybersecurity analysts to understand their systems, validate the results and identify best practices for mitigating insider threat. In this paper, we provide details on the architecture used in our tool, the methodology followed to validate its performance and we elaborate on our experiences in implementing the tool in the three corporate environments. We present the results obtained from deploying the detection system in real network infrastructure over a period of six months, the lessons learned, issues experienced, and potential limitations.

Publication status:: Published

Peer review status:: Peer reviewed

Actions

Email

Email this record

Send the bibliographic details of this record to your email address.

Your Email
Please enter the email address that the record information will be sent to.

-
Your message (optional)
Please add any additional information to be included within the email.
Cite

Cite this record

APA Style

Erola, A., Agrafiotis, I., Goldsmith, M., & Creese, S. (2022). Insider-threat detection: Lessons from deploying the CITD tool in three multinational organisations. Journal of Information Security and Applications, 67.

MLA Style

Erola, A., et al. “Insider-Threat Detection: Lessons from Deploying the CITD Tool in Three Multinational Organisations.” Journal of Information Security and Applications, vol. 67, Elsevier, 2022.

Chicago Style

Erola, A, I Agrafiotis, M Goldsmith, and S Creese. 2022. “Insider-Threat Detection: Lessons from Deploying the CITD Tool in Three Multinational Organisations.” Journal of Information Security and Applications 67.
Share
Print

Access Document

Files:: Erola_et_al_2022_insider-threat_detection_lessons.pdf

(Preview, Version of record, 2.9MB, Terms of use)

Publisher copy:: 10.1016/j.jisa.2022.103167

Authors

+ Erola, A More by this author

Institution:: University of Oxford
Division:: MPLS
Department:: Computer Science
Oxford college:: Magdalen College
Role:: Author
ORCID:: 0000-0002-3049-4430

+ Agrafiotis, I More by this author

Role:: Author

+ Goldsmith, M More by this author

Role:: Author
ORCID:: 0000-0001-7808-0600

+ Creese, S More by this author

Role:: Author

Publisher:: Elsevier
Journal:: Journal of Information Security and Applications More from this journal
Volume:: 67
Article number:: 103167
Publication date:: 2022-04-19
Acceptance date:: 2022-03-04
DOI:: 10.1016/j.jisa.2022.103167
EISSN:: 2214-2126

Language:: English
Keywords:: FFR
Pubs id:: 1251428
Local pid:: pubs:1251428
Deposit date:: 2022-04-22

Terms of use

Copyright holder:: Erola et al.
Copyright date:: 2022
Rights statement:: © 2022 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).

Licence:: CC Attribution (CC BY)

Views and Downloads

About views and downloads

If you are the owner of this record, you can report an update to it here: Report update to this record

TO TOP