Editor’s note: I have tracked the team and technologies of ICG Solutions for several years and reached out to ask that they provide CTOvision readers with an update. I believe their approaches are unique and worth investigating for multiple use cases, including use cases around protecting enterprises from damaging activity perpetrated by people in positions of trust. -bg
Imagine an outgoing, self-confident teenage boy who begins to go through a rough patch typical of early adolescence. Maybe he’s getting bullied, or ignored by a pretty girl, or is self-conscious about his looks and complexion; perhaps it’s all of these issues and others. He’s irritable and has emotional outbursts; he withdraws, spends less time with his friends, and shuts himself away in his room. His grades suffer, he won’t talk to his parents, and the tension within the family builds.
His parents worry and wonder: is this normal? Should they intervene? Should they get outside help? Could this get out of hand and lead to depression, self-harm, or violence toward others? Is it a false alarm? The parents try hard to identify and understand the stressors. They talk to other parents, teachers, counselors, coaches, even their son’s friends. They scrutinize his social media activity and mobile phone use, maybe even look at his journal, drawings, books, or music for insight into what’s going on in his life. Once they realize what is bothering their son, they are able to provide the help and support he needs to get through this period in his life without hurting himself or anyone else.
Managing insider threat is similar. Employers want to know as early as possible when changes in an employee’s circumstances give rise to a range of potentially counterproductive, disruptive, or dangerous outcomes. If discovered early, the organization can help the employee get back on track. At a minimum, however, the organization can prevent something terrible from happening in the future.
But large organizations with thousands of employees don’t have the management resources or time to assess directly each person’s situation in any meaningful depth, as a parent can with a teenager.
Conventional insider threat solutions, which monitor people mostly while at work through their network activity and movements throughout the office, provide only a limited glimpse of the risk. That glimmer usually comes at a later stage on the threat pathway: the point when the bad act is happening, often after it’s too late to stop it. Government agencies and contractors, and large commercial enterprises, such as banks and pharmaceutical companies, are increasingly frustrated with existing insider threat tools because they struggle to discern between intentional and incidental acts and produce a large number of false positives.
Because these solutions watch mostly tangible assets, and not people, they miss other threat vectors: toxic workplace behaviors (e.g., discrimination and harassment of various types), corrupt business practices (e.g., fraud and theft), and workplace violence (e.g., assaults, battery, shootings, etc.).
Illumina Consulting Group, Inc., (ICG), and Valutare, LLC, Washington, two DC-based companies, have co-developed a new, early-warning insider threat detection solution called Clairvoyance™. It focuses on people and the changing circumstances in their lives that can lead to threat activity later. Clairvoyance™ applies the same basic principles of parenting – or any other human relationship based on careful observation and empathy – to broad-based employee engagement and threat prevention.
Clairvoyance™ evaluates people through a vast array of information from the office and through publicly available sources outside of work. It does not rely solely on computer keystrokes, network logs, and end-point data collection. It is tuned to changes in a person’s circumstances that increase risk and, if left unaddressed, have the potential to lead to malicious activity down the road. Clairvoyance™ is an early warning system that gives risk managers time to understand the nature of the risk, triage it, and respond accordingly.
The underlying analytical model is based on an indirect assessment methodology used in the intelligence community to recruit foreign agents. Instead of relying on close visual observation to understand a person’s motivations, Clairvoyance™ reverse-engineered the methodology to apply its analytics to many sources of data across dozens of factors.
ICG’s LUX™ real-time streaming data analytics platform powers the model. It continuously:
- Learns about each person and work group through large volumes of data from a variety of observables (e.g., internal organizational sources, public information, and social media).
- Integrates Workforce PulseTM results (i.e., its unique flash questions to all workers, presented as part of an employee engagement program, designed to solicit insightful information to help drive the model).
- Evaluates context and motivations for each person; models activators (impulses to do something wrong) and inhibitors (counterpoints that prevent a person from doing so); and identifies triggers (points when activators overpower inhibitors).
- Detects changes in context and motivations based on more than 30 risk factors and produces an Individual Threat Indicator (ITI) for each person and work group.
- Alerts risk managers in real time to significant changes in risk and helps them triage cases and responses effectively.
Because Clairvoyance™ is focused on pre-cursors and early indications, it enables flexible organizational responses much earlier in the risk management process than other solutions. Given the extensive level of investment most employers make in their people, not all incidents need to end in firings or handcuffs. Not unlike parenting, sometimes the right approach is to identify the stressors, listen, and figure out how to support the person. In a work context, this could be a light-touch conversation with a supervisor, a temporary change in assignment, or time off to resolve the issue and rehabilitate a productive employee. Clairvoyance™ makes the range of responses possible.
For more information about Clairvoyance™, please contact: www.icgsolutions.com