BEACON provides automated workflow and case management of risk alerts to detect, assess and secure against the risk of anomalous behavior.
Insider threat audit relies on several key technology platforms to deliver and aggregate the required data for effective detection, analysis and resolution or investigation. Depending on the event, a repeatable workflow process is tailored to the alert and an organization’s normal operating procedures.
Analysts utilize contextual information to help determine if the anomaly is within the scope of expected role behaviors or it if warrants escalation. When escalation is recommended, the analyst creates a package which contains all the relevant data regarding the alert/behavior and all collected contextual information. The Escalation Package is transferred to an appropriate investigative authority.
BEACON tracks and documents all of the analyst’s activities to ensure that chain of custody is maintained for reported data and escalation packages. Whether benign or malicious, all activity is captured and stored for future reference and statistical purposes.