Mitigating Insider Threats with Automation and Data Intelligence

A Federal Civilian Agency encountered mounting risks from insider threats, cyber-related fraud, and misuse of government systems. These threats jeopardized sensitive taxpayer data, potentially causing reputational damage and disruptions to critical operations. High-profile breaches further underscored the need for robust measures to safeguard information. To address these challenges, the agency needed to streamline processes, automate workflows, and implement data and knowledge management solutions while meeting internal and external requirements from stakeholders. Kentro worked to mitigate risks, identify suspicious activities, and bolster cybersecurity defenses. 

Kentro implemented a structured approach to address insider threat challenges, using advanced data and knowledge management techniques to mitigate risks and improve operational efficiencies. Key actions included: 

Data Management | 

• ETL Automation: Advanced Extract, Transform, Load (ETL) frameworks reduced manual tasks and streamlined SQL Server workflows 

• Dashboards: Developed tailored dashboards with customized visualizations for executive leadership and project managers, enabling priority tracking and informed decision-making 

• Enhanced Reporting: Created metrics-tracking dashboards to monitor internal and external requirements, improving visibility into program health 

• Visualization Tools: Designed new Tableau and Power BI dashboards to enhance performance measurements across insider threat “Deter, Detect, and Respond” areas, enabling actionable insights 

• PowerApps Integration: Automated data collection, workflows, and reporting using PowerApps and PowerAutomate, saving time on activities like TIGTA incident tracking 

• Server Upgrades: Partnered with Server Support to implement new Windows servers, expanding capacity and migrating legacy data 

Knowledge Management | 

• Documentation Updates: Maintained and improved insider threat technical documents (e.g., SOPs, desk guides, white papers), addressing gaps through reviews and stakeholder collaboration 

• Gap Analysis: Evaluated documentation deficiencies and aligned updates with agency policy guidance, including the IRM 10.8 series 

• Case Study Library: Created and updated a case study library for insider threat incidents, highlighting key use cases and risk indicators (PRIs) for User Behavior Analytics (UBA) tools. Integrated lessons learned into ongoing improvements for Splunk-based PRIs and Zero-Trust project tracking 

• SharePoint Tools: Developed SharePoint tools to enhance workflow efficiencies and automate internal audit processes and controls 

Kentro’s efforts resulted in significant improvements across insider threat operations, driving operational efficiency and strengthening cybersecurity practices. 

• Workflow Automation: Enhanced SQL Server workflows reduced manual tasks by more than 20%, improving the accuracy and timeliness of data reporting
   

• Dashboard Insights: Tailored, live dashboards provided leadership with real-time insights into insider threat program health, delivery progress, and risks, enabling better prioritization of actions
   

• Visualization Enhancements: New Tableau and Power BI tools improved measurement accuracy, increasing detection rates of potential incidents by 25%
   

• Timely Document Updates: Addressed documentation gaps effectively, aligning agency policies with regulatory requirements and minimizing risks of non-compliance
   

• Improved Collaboration: Facilitated teamwork between insider threat ops, agency stakeholders, and external entities, ensuring seamless integration of new data sources and standards 

• Expertise: Provided skilled personnel with experience in tools like Tableau, Power BI, and PowerApps to streamline workflows and support decision-making 

• Tailored Insights: Custom dashboards improved leadership’s strategic focus and responsiveness