Morgan Stanley Meets the Insider Threat

Morgan Stanley Meets the Insider Threat

Morgan Stanley Meets the Insider Threat

January 6, 2015

Earlier today news broke that financial services firm Morgan Stanley had experienced an insider breach, which resulted in customer data being posted online. The breach was initially detected when data related to a portion of the firm’s wealth management clients was observed on Pastebin. Pastebin is a popular site for sharing text-based data, and while it is widely used for sharing code between developers, it has also long been a thriving marketplace for advertising and selling stolen data for everything from compromised user accounts, cracked passwords, credit card numbers, and in this case account data.

Once the data was detected in the wild, Morgan Stanley was able to trace the breach back to a single financial planner who had downloaded data on up to 10% of the firm’s wealth management clients. The responsible employee was quickly terminated and the breach disclosed to the public.

However in spite of the quick action taken by Morgan Stanley, this incident once again confirms one of the troubling trends related to insider threats and data breaches in general. In short, a large number of data breaches are only detected once stolen assets are observed in the wild. Security reporters such as Brian Krebs and other researchers are regularly the first to detect breaches simply by monitoring online forms where stolen data is advertised. Once the breach is detected, an investigation is triggered to determine what happened and to identify those responsible.

While it’s certainly important to monitor these forums, it’s also obvious that far too much of the industry’s approach to data breaches and insider threats is performed in hindsight. At Vectra Networks we are focused on revealing an active breach or insider threat in real-time so that security can take action before data ends up in the wild. By directly monitoring internal network traffic and using data science to reveal the patterns of data theft, Vectra can enable security teams to regain a proactive approach to dealing with breaches.

This can include proactively identifying users or devices that are aggregating large amounts of data, as was the case in the Morgan Stanley breach. Likewise, the recently released Community Threat Analysis automatically learns the normal communities of users based on observing their network traffic, and likewise provides security teams with ability to see users who may be connecting to critical assets or operating outside of the normal communities. Of course, the solution also provides visibility into a wide variety of malicious actions related to targeted attacks such as internal reconnaissance, internal spreading of malware, data accumulation, and hidden exfiltration methods. However the important point is to be able to gain all of this insight and take action while a threat is still active and not after the fact. Ultimately, this allows you to spend your time protecting your customers instead of apologizing to them.

To learn more about how Vectra detects insider threats,register to downloadthis white paper.{{cta('7557d7eb-5c36-4452-9b2d-e3e379554cee','justifycenter')}}

About the author


Vectra® is the world leader in AI-powered network detection and response.

Author profile and blog posts

Most recent blog posts from the same author

Threat detection

How to Track Attackers as They Move to Your Network from the Cloud

December 8, 2020
Read blog post
Security operations

Expertise That Unlocks the Potential within Your Security Operations

July 21, 2020
Read blog post

A Tale of Two Attacks: Shining a Security Spotlight on Microsoft Office 365

October 26, 2020
Read blog post