Red White Wave Banner

Whole Person Counter-Insider Threat

Purple Slope

Challenge

Most counter insider threat (C-InT) programs are reactive – solely monitoring for security violations and anomalies. Organizations need to detect and respond to suspicious and malicious user activity, but a reactive insider risk posture is too late and too costly.

Insider Threats on the Rise

0%

71% of organizations have 21 to 40 insider
threat incidents per year1

Costly Malicious Incidents

0%

25% of organizations had a malicious insider incident costing an average $16M annually/organization1

Delayed Detection & Containment

0%

66% of organizations took more than 62 days to detect and contain insider incidents, 35% took over 90 days1

Solution

Cogility’s Counter-Insider Threat (C-InT) provides a whole person approach to detect, prevent, and mitigate insider threats. Cogility continuously monitors and analyzes both technical and behavioral potential risk indicators (PRIs) at machine-speed to identify insider risk with full traceability. Combined with its advanced case management, Cogility modernizes C-InT programs to help organizations more efficiently and effectively respond to and avoid incidents.

Whole Person
“With the capabilities of data stream processing, model extensibility, advanced analytics for both technical security and behavioral factors, and integrated case management – Cogility offers the right strategic blend for effective whole person risk management. [This] positions the Cogility C-InT solution as a valuable tool for proactive insider threat management – and as a market leader.2
Aiyaz Ahmed Shaik
Lead Analyst, Insider Risk Management
Quadrant Knowledge Solutions

Level-Up Your Insider Threat Management Program

Cogility’s whole person C-InT continuously monitors, analyzes, detects, and scores patterns of high-risk behaviors to let you see the warning signs in advance, before insider threats become high consequence issues. This continuous intelligence is fortified with integrated case management to expedite assessment, evidence, and coordinated response.

Icon Proactive Black
Move to Proactive
Insider Threat Response
Move to Proactive
Insider Threat Response

Move from reactive to faster, proactive response by continuously monitoring for explicit and predictive whole person determination of insider threats.

Icon Modernize Black
Modernize Your
C-InT Program
Modernize Your
C-InT Program

Modernize insider threat management with increased coverage, capacity, assessment, and response coordination capabilities.

Icon Increase Black
Increase
Productivity
Increase
Productivity

Improve analyst case workload productivity with automated scoring, profiling, workflow, and collaboration.

Icon Invest Black
Investment
Protection
Investment
Protection

Leverage existing physical, endpoint, network, and cloud security data and readily incorporate H.R., operational, and other psychosocial data sources.

Icon Fast Black
Accelerated
Results
Accelerated
Results

Gain rapid time-to-value with non-disruptive deployment, extensible C-InT model, customizable dashboards / reports, and case management.

Icon Help Black
Help Those
in Need
Help Those
in Need

Leverage early insider threat warnings to preempt high-consequence incidents and provide to help those personnel in need of support.

Advanced Whole Person C-InT Management

Cogility’s Counter-Insider Threat solution, powered by our Cogynt Unified Real-Time Platform for continuous intelligence, is uniquely designed and proven to meet the immense and dynamic information-processing, complex analytic, and workflow challenges required to modernize counter-insider threat programs.

Extensible Insider Risk Modeling

Cogility C-InT provides our Cogynt Authoring Tool to develop and deploy insider threat detection models within a zero-code design environment.

  • Build models from a pre-defined set of risk profile types
  • Align insider risk patterns to your security and HR policy
  • Incorporate existing security, HR, and behavioral data sources
  • Test, publish and refine models – quickly and easily
Cogility Cogynt URP - Authoring tool
Roundedcorner Screenshot Case Management Cogility

Integrated Case Management

Cogility C-InT provides our Cogynt Analyst Workstation to optimize the day-to-day operations for insider threat analysts.

  • Tailor your investigative and response workflow
  • Custom case viewer, profiles, details, risk history, traceability
  • Progress case assessment with rich tagging, custom fields, and reporting
  • Simplify communications, delegation, and coordination

Insider Threat Program Oversight

Cogility C-InT provides our Cogynt Superset Tool to gain operational insight across your entire counter-insider threat program.

  • Leverage integrated BI functionality
  • Create custom reports and dashboards
  • Track and share program KPIs
  • Adjust parameters for each audience
Roundedcorner Screenshot Superset Cogility
Purple Slope

Advantages

Predictive Intelligence

Continuously monitor and assess insider risk with stateful profiling, scoring, and alerting for effective threat insight, reaction, and prevention.

Whole Person Risk Management

Comprehensive technical and behavioral intelligence to support threat analysts and case assessors to make informed decisions.

Integrated Case Management

Dashboards, workflow tracking, and collaboration help streamline workloads from monitoring and assessment to case file evidence collection and threat response.

Secure, Scalable, Non-disruptive

Securely operates in your private cloud for scalable, real-time data processing and analysis from your existing controls and other sources.

Foundational Threat Models

A base set of insider risk models that can be readily tuned and expanded within a self- documenting, no-code authoring environment.

Rapid Deployment

Flexible data ingestion, predefined analytics, no-code authoring, dynamic scoring, and rich case management to expedite results.

How it Works

Cogilty’s Counter-Insider Threat solution applies our Cogynt Hierarchical Complex Event Processing (HCEP) technology to analyze technical and behavioral risk indicator patterns at scale to determine insider threats, such as data exfiltration, workplace violence, or fraud, that is in progress or imminent – providing your organization the ability to get left harm.

Cogynt Whole Person Behavoral Anlysis 051024b No Title

Case Management Matters

The insider risk management and case management toolset you choose has a massive impact. The wrong choice will increase case file backlog and force your organizations into a reactive posture. But the right choice can improve case manager efficiency and enable a proactive approach. Move from “point solutions” and “daisy-chaining” to a built-for-purpose, integrated approach with Cogility C-InT.

Point Solutions Icon
Point Solutions
Point Solutions
“Point” solutions, such as Microsoft Sharepoint and Microsoft Word, are often used as a starting point for a rudimentary C-InT program. However, over reliance on point solutions and legacy systems results in overburdened case analysts and operations teams, greater delays, and reactive responses to threats.
Daisy Chaining Icon
Daisy Chaining
Daisy Chaining
“Daisy Chaining” attempts to link a variety of tools can initially keep costs low, but the approach is brittle and disjointed. It is typically prone to human error as users attempt to connect related content. As organizations attempt to scale this approach, case tracking, collaboration and operational management become increasingly inconsistent and disorganized.
Integrated Icon
Integrated
Integrated
As an integrated solution, Cogility’s case management features facilitate more effective investigative and mitigation processes. Managers and analysts can more easily assign, assess, and enrich cases, collaborate with decision makers and mitigation participants. As a unified C-InT solution, program managers and stakeholders can easily monitor and report on operational performance for continuous improvement.
Gray Wave Lines
shape-top-1-purple-bg_trans

SOFIT Ontology

Roundedcorner Screenshot Sofit Cogility

Originally designed and implemented using Web Ontology Language (OWL), SOFIT has evolved into the most comprehensive knowledge base of individual factors (both technical/cyber and behavioral/psychosocial) available. The Sociotechnical and Organizational Factors for Insider Threat (SOFIT) ontology is unique in that it specifies the applicable organizational factors associated with insider threats. Cogility has applied SOFIT ontology components within the modeling of our Counter-Insider Threat solution.

1 Ponemon Research, 2023 Cost of Insider Risks Global Report
2 QKS Group, Analyst Market Research, 2023 Insider Risk Management Report