Malicious Insider Attack



Entry Point:

Insider Attack


Company data theft/revenge

Primary Detection:

Advanced behavioral analytics
• Brute-force attack
• Network scanning

Network visibility
• New device in network

Stolen Credentials Identified by:

Active Directory Integration

In an IT company, a disgruntled employee decided retaliate against his employer. As a developer, he had access into internal company systems, but was unable to access certain sensitive company information which he wanted. He took several suspicious actions within the network in order to hack into the data. He launched a scan for unsecured devices which could access the data he sought, then attempted a brute force attack to access those devices.

MENDEL identified these behaviors, both the network scan, and the brute force attack, as they happened and automatically alerted the security team. This attack was done using a private device and the credentials of another user. MENDEL identified the device as a standard feature, but through MENDEL’s integration with Active Directory – available out of the box – the security team could identify the employee whose credentials were misused. After comparing the network behavior of the attacking device with the behavior of other users during the attack, the list of suspects was narrowed down. After short investigation, the employee was identified and immediately terminated.

Employee attacks can have devastating eff ects on company data, reputation, and revenue. But like advanced threats, employee attacks involve anomalous behavior within the network. This behavior was easily detected by MENDEL, allowing the security team to stop the attack before it could do damage.