Insider Threat

With Palantir, you can protect your organization’s sensitive information and intellectual property from theft, misuse, and abuse. Whether employees are maliciously exfiltrating data or unintentionally violating data use policies, our technology allows you to proactively and efficiently identify and respond to threats.

Who Needs Our Help?

When the threats are already at your enterprise…

At financial institutions, companies driven by R&D, healthcare organizations, government agencies, and beyond, thousands of employees interact with proprietary enterprise data on a daily basis. The costs associated with losing, misusing, or abusing this information make insider threats one of the most dangerous risks facing enterprises today. Protecting your organization from these threats requires knowing exactly what data your people can access, how it’s used, and how it moves around on your network.

…How do you find them?

With Palantir, you get a comprehensive view of how employees use enterprise data. Our software integrates petabyte-scale data from multiple sources to create a complete picture of employee data use and its surrounding context. Potentially suspicious behavior, surfaced according to a flexible set of rules, is sent to a rich investigative environment where human analysts can decide on the proper course of action. With built-in access controls and auditing mechanisms, Palantir also makes it possible to conduct this sensitive analysis while providing rigorous oversight that ensures employee privacy.

Integrate all the relevant data…

With Palantir's data integration capabilities you get a holistic view of employee behavior. Palantir can incorporate data commonly used for information security, including email records, web access, removable media, travel records, badge reader logs, VPN logins, alert streams from traditional data loss prevention (DLP) products, and more, alongside employee activity from proprietary databases, trading systems, customer relationship management (CRM) tools, and other core business data sources. Your existing investments in data required for regulatory compliance or corporate retention policies can now be used to strengthen defenses against insider threats.

…And suspicious patterns surface

Once integrated into the Palantir platform, real-time monitoring of the data begins. Rules, customizable to your needs, flag suspicious patterns of behavior. These rules are not limited to simple keyword searches or to a single stream of data, but can instead include complex, cross-data source operations, such as:

  • Correlating core database queries and USB activity to find exfiltration of database dumps
  • Correlating remote sign-on events to badge logs to find compromised network credentials
  • Analyzing anomalous employee behavior within similar job functions to spot actions that are unusual for that role in the organization
  • Discovering anomalous employee behavior by checking it against historical patterns
  • Correlating alerts from existing DLP and security systems to create key risk indicators (KRIs) that reduce false positives and lighten the burden of follow-on investigations

Alerts are flexible and intuitive. Security analysts don't need to rely on data systems experts to adjust their alerting rules; they can easily define new pattern-matching and correlation strategies that are informed by their domain expertise. Your detection strategies should evolve as new risks are identified. Now they can.

Investigate, manage, and close cases

Not only does Palantir integrate with your data, it also integrates with your workflow. Palantir's open and flexible case management application can be easily adapted to integrate with your organization's unique business processes. Built-in sharing tools make it easy for investigators to collaborate on cases, brief their supervisors, and increase the overall knowledge of their team.

Palantir's Workspace enables analysts to comprehend data hundreds of times faster than any legacy solution. Rather than asking analysts to make sense of raw data in multiple systems, Palantir offers a unified environment for investigators to interact with all the information they need in a language they understand. The result is a system that vastly outperforms traditional approaches and allows security teams to effectively triage, investigate, and respond to insider threats.

Audit system use and apply granular access controls

Information pertaining to employee actions and data use is incredibly sensitive. Though some level of monitoring is expected at work, any data collected must be handled responsibly—not only to comply with law and policy, but also to preserve trust. Palantir's software includes built-in safeguards against misuse or abuse.

All access to Palantir's software is recorded using tamper-proof audit logs. The audit log data itself can be used to make sure that DLP and Security teams are only using this data for sanctioned purposes. Fine-grained access controls can be applied such that investigators are only given access to the particular data they need to do their jobs. Gone are the days of all-or-nothing access. Investigators get access to all—and only—the data they need, thereby preserving as much privacy as possible.

Adaptive technology for an evolving business

Your threat environment is constantly changing, as is the data that supports detection operations. Palantir's systems are built to accommodate any sort of data, even from sources you don't have yet. We don't provide a narrow view of one silo of data; we’ve built a platform that evolves with the enterprise. Palantir's engineers are on standby to help with any new integration challenges that may arise. Our software is under constant development and you're never charged for upgrades for products you already own, making the total cost of ownership simple and straightforward. With Palantir, you have a partner committed to delivering more than just software, we deliver the outcome you care about: security against insider threats.