Bottomline’s Kletter calls SPARK Matrix report a ‘call to action’ for insider threats

In fraud and financial crime, there are no real winners. If you’re a criminal you always want to find more innovative ways to steal, whether it’s data, money, or something else that you’re after. And eventually you’re likely to get caught. If you’re in the business of preventing fraud, your job is never really done until financial fraud no longer exists. And that hasn’t happened yet. But in the meantime, you can certainly lead the charge in preventing fraudulent transactions and behavior. 

So, what are the elements of fraud prevention that need consideration?

Quadrant Knowledge Solutions recently released its SPARK Matrix™ report on Insider Risk Management. It rates what matters most and ranks the parameters of technology excellence and customer impact from providers with comprehensive fraud prevention technology, of which Bottomline was one.

As Quadrant Knowledge analyst Aiyaz Ahmed Shaik said, "Bottomline offers insider risk management across diverse infrastructures, encompassing on-premises data centers, SaaS applications, private/public clouds, and hybrid setups. The company's insider risk solution provides real-time user-activity monitoring, profiling, anomaly detection, alerts, and case management. The solution also integrates the recorded screen data into an analytics engine for advanced threat detection. This strategic blend of monitoring, behavior analysis, and analytics underscores their ability to combat insider threats effectively."

I sat down with our editorial team to discuss some of the report’s findings. This interview highlights the clarity that the report brings to the relatively nascent category of Insider Threat Management. 

Q: Omri, you’ve been an advocate for managing and mitigating insider threats for years, but even more so since the pandemic increased awareness of the problem. This SPARK Matrix report we’re discussing today goes a long way toward reinforcing the dangers that unchecked insider threats can pose for companies that ignore their existence. “Data breach, theft, and loss are just one part of the risk,” states the report. “Insider threats may also end up damaging critical infrastructure and the affected organization’s overall productivity.” Do you think executives are finally seeing the critical nature of insider threat management? 

Kletter: Absolutely, and I also credit this report for bringing clarity to the problem, which you can see is becoming more and more clearly articulated. We're definitely seeing an evolution in maturity both in understanding the problem and its taxonomy. For example, we're starting to have more clarity around how data theft compares to actual data leakage. And we’re seeing the difference between the internal fraud that touches money and the kind of fraud that touches data. So, there is a level of maturity that I should, as a reader of the report, find reassuring. However, on the technology side, this is now a problem that has clearly evolved, and the solutions to mitigate it need to evolve with it. I’m happy that we’re recognized as a leader in the report and can provide real undoubtable value for customers in solving this problem. It’s encouraging, but it’s also a call to action. 

Q: Perhaps more than other analyst reports in this category, this one focused a lot on data. It encourages its audience to evaluate an insider risk management solution at least partially by its capability to allow organizations to “identify, classify, as well as gather information on privileged data and block any unauthorized users or malicious insiders if they attempt to access the privileged data.” Did this surprise you? Is data theft reaching parity with financial theft as an insider threat concern? 

Kletter: Every company mentioned in this report is on a journey toward solving many problems, and data theft is certainly one of them. Years ago, data was the prime concern in the insider threats, but it now sits alongside fears of financial theft and reputational damage. Going back to my point around maturity, we see more emphasis on data. This concern also comes with the future of complex SaaS-based environments where data is more complicated. We need to evolve with the challenges of the market. Data is challenging because of the regulations around its use and access, but it’s also harder to understand internal data access and behavior, even in a mainframe environment. 

Q: The report also stresses the importance of integration and interoperability. Bottomline has a solution called record-and-replay that gives companies evidence of potential insider threats by integrating at the application level. Integration probably has many definitions depending on the client, but how does a company evaluate integration and interoperability in the context of insider threats? 

Kletter: It means you take an ecosystem approach. We understand that our users are interconnected to many applications. We understand employee activity across different lifecycles, different platforms and applications. We’re moving from a solution-based approach to an ecosystem approach. 

Q: How does data fit into the integration conversation?

Kletter: By asking the right questions. Do we have the right data in the right place? Do we store it properly? Are we then making it available for complex searches? Is it stored so that it is easy to access for auditing purposes? Data is a big part of integration, especially within the ecosystem approach. 

Q: I’d like to read a quote from the report for you to react to. The section on evaluating vendors states “The vendor’s vision must incorporate predictive and advanced analytics in the platform to anticipate the probability of events.” How can insider threat management accomplish that? 

Kletter: See, one of the strengths of this report is that it is not confined to a laboratory. The people at SPARK Matrix have met with vendors and engaged with their customers, and they have an intimate knowledge of their technology roadmaps and investment plans. This kind of insight comes from that very thorough approach. We not only work very closely with our customers to identify their problems and challenges, but we also have the advantage of being a global company where our data ecosystem translates to applying advanced logic and analysis to empower predictive analytics. At the end of the day, we’re creating a very smart network that analyzes the connections between employees, their devices and their interactions. 

Q: The report commends Bottomline for providing “profiling and anomaly detection through employee monitored data for detailed insights on internal fraud or data leakage.” Can you tell us more about that capability and what it does for companies that use it?

Kletter: Again, this comes from working with our customers and understanding their challenges. Our philosophy says that your platform, capabilities and toolbox should produce best practices from which customers will derive value. We've invested heavily in understanding common attack scenarios that will help us to identify irregularities. For example, we all understand some scenarios of account takeover. What we’ll do is scan events to define and create alerts for internal threats. By way of another example, when we see irregular activity by an employee under economic or job-related stress going into dormant accounts or trying to do something in the back office, this will raise an early warning flag. 

Q: As you’ve said earlier, this report articulates the problem of insider threats very well. I know you won’t rest on your laurels here, but how does Bottomline take insider threat management to the next level?

Kletter: I tie this back to one of our guiding principles, which says we delight our customers. Expect us to continuously work with our customers to define their challenges beyond the moment of implementation. I should also point out that we’re heavily committed to subscription-based business models. This model allows us to continually engage with our customers, scale where they need to and develop our data ecosystem. We have the lab to develop products, and we have our philosophy of staying very connected outside of the lab. Expect us to work hard in both cases.