Alert Banner Text Goes Here Alert Banner Text Goes Here Alert Banner Text Goes Here Alert Banner Text Goes Here
What We Do
Since 1989, Bottomline has been modernizing global business payments with connected solutions for more than 800,000 financial institutions and businesses in 92 countries.
AP Automation AP Automation For Real Estate Payments Hub
Payouts Automation Payments Processing Receivables Automation Payments Hub
Paymode Pay Vendors Receive Payments Partner With Us
Connectivity Services Message Transformation & Enrichment Message Vault Risk Solutions
Connectivity Services Message Transformation & Enrichment Message Vault Payments Verification Payments Verification for Businesses
Global Cash Management Hub Digital Banking
Global Cash Management Hub
Who We Serve
Our Company
With insider threats increasing by 50% over two years, your business is likely taking action to strengthen its detection, investigation, and containment capabilities. However, there may be blind spots. Here is one area I would consider revisiting: if the questions in your request for proposal (RFP) do not take into account the most innovative insider threat management technologies currently available, your RFP may actually prevent you from developing the best insider threat program.
Every RFP tries to ask precise questions to ascertain whether a solution can help address a need. For insider threat management, data that solutions provide is typically derived from post-fact audit logs or agent-based recordings. Today, however, next-generation insider threat management exists, founded upon network-based data capture that enables proactive monitoring, real time alert generation and streamlines incident investigation. The key points about next-generation solutions are provided below, along with my suggested questions to make your next insider threat RFP more robust.
In a non-invasive data capture approach, user activity on business-critical systems and applications can be captured for analysis directly from the corporate network, including mainframes, web-based applications, and SaaS applications. Importantly, this approach enables you to:
Does your solution capture user activity on business-critical systems and applications across the mainframe, web-based applications, and SaaS applications?
Does your solution allow for the selective monitoring of specific systems and applications?
What types of user activities, both event-based and non-event actions, can your solution capture within monitored business systems or applications?
Can your solution capture a screen-by-screen record of user activity? If so, how can that record be viewed or replayed?
Can your solution capture the field values on the screens a user views and import those values into the analytical engine?
How does your solution ensure the privacy of employee communications and activities outside monitored business systems and applications?
A non-invasive data capture approach facilitates reactive responses to data exfiltration events and empowers proactive evaluation of employee behaviors, potentially uncovering nascent fraud or theft attempts.
For example, suppose an employee looks up customer accounts with high balances in preparation for embezzlement. I suspect a log- or agent-based solution would not flag this behavior since no transaction has occurred. However, analytics that include non-event user behavior and field values from the screens accessed can alert investigators to this suspicious activity, giving them time to stop theft and fraud in its tracks.
How does your solution empower proactive evaluation of employee behaviors to detect potential insider threats where no event (e.g., a transaction) has taken place?
Can you provide examples or use cases illustrating instances where your solution has successfully identified suspicious behavior, leading to the prevention of fraud or theft?
Can you explain the analytics capabilities of your solution, especially those related to non-event user behavior?
Investigations into potential insider threat incidents can be dramatically sped up when a platform can facilitate the procurement of data, alert generation all the way to alert disposition:
All of this information can be used as documented evidence for various purposes, including questioning or confronting employees, mitigating vulnerabilities, and pursuing legal or civil action.
Can investigators replay employee actions via a screen-by-screen record to gain a contextual understanding of events?
Does your solution offer link analysis capabilities? If so, explain the breadth of these capabilities.
Does your solution offer investigators a Google-like index search feature to find specific data points and screen activity?
How does your solution support investigators in gathering documentary evidence of insider threat incidents?
As insider threats continue to grow in complexity and frequency, embracing the latest technology advancements is a necessity. By asking these targeted questions in your next RFP, you can identify the best insider threat prevention solution for your business: safeguarding your company, your assets, and your customers.