top of page
Security Operations Team

Jigsaw Updates Insider Threat Detection


Jigsaw Security has updated our Insider Threat word detection library. The library can be custom configured to detect when documents and information leaves organizational boundaries. The library is used and integrated into CDM, NIST and other controls to ensure that insider threats are detected quickly and easily.

How it works

The main thing to keep in mind is that our boundary protection works using embedded tags that are added to documents, spreadsheets and other sensitive content when it is created. The tagging software is a plugin for Windows that tags documents when they are saved to the network, hard drive or online locations. The tagging sets a default identifier that is sent to the Jigsaw Security Enterprise platform which the scours the Internet and other sources (GitHub, Office 365, Azure, Amazon and other locations). If tags are located in publicly accessible documents the system alerts administrators that a document is in the public domain and has left the boundary, if using the JIgsaw IDS sensor the document is detecting when it is uploaded to external sites and SSL encryption is broken to identify encrypted traffic (rule based).

Why document tagging is important

Not only is it important to know when data is leaving your boundary (usually as a result of insider threats and spies) but also it's important to track how and what methods were used to try and move the data without authorization. It is also possible to utilize authorized transfer sites that are not tagged or tracked, such as when sharing secure documents with partners and customers.

NIST Control Compliance

The following NIST 800-53 controls are covered by the boundary protection

SA-18, AC-7, AC-10

Jigsaw Threat Mitigation Model™

The following Jigsaw Threat Mitigation Model™ phases are covered by the plugin

Phase 1, Phase 2, Phase 3, Phase 4, Phase 6


8 views0 comments

Recent Posts

See All
bottom of page