The machine that learns how to stop whistleblowers

INSIDER THREAT John connects via VPN Administrator performs ssh (root) to a file share - finance department John executes remote desktop to a system (administrator) - PCI zone John elevates his privileges root copies the document to another file share - Corporate zone root accesses a sensitive document from the file share root uses a set of Twitter handles to chop and copy the data outside the enterprise USER ACTIVITY

An example of whistleblower behaviour taken from Harry McLaren’s slides

Workplace surveillance is nothing new, but this slide from Harry McLaren’s talk on Machine Learning for Threat Detection illustrates particularly well the challenges facing journalists wishing to protect whistleblowers.

McLaren is talking about malicious threats, and the way that machine learning can be used to identify suspicious patterns of behaviour. But the example given above is equally useful in illustrating the way that similar behaviour might be used to identify an employee intending to whistleblow on illegal, unethical or dangerous behaviour by his or her organisation.

Data Loss Prevention (DLP), network forensics, and content management technologies are already being used to prevent such leaks, but machine learning adds a new dimension to the field.

The point for journalists is that collections of small actions – including those which protect the whistleblower – can be just as compromising as obvious oversights like a lack of information security.

I’ve embedded video of McLaren’s talk (from May 2016) and the full slides below.

1 thought on “The machine that learns how to stop whistleblowers”

Harry McLaren February 7, 2017 at 11:10 pm

Thanks for the shout out Paul! Hope your readers find the talk interesting. Anyone local to Edinburgh and a Splunk User might want to check out our User Group: https://usergroups.splunk.com/group/splunk-user-group-edinburgh.html

Reply ↓