Morgan Stanley: Security Analytics for Insider Threat Monitoring

  Morgan Stanley is seeking a data science resource / support to augment its Technology Information Risk Team within the Technology and Data division. The key challenge involves an investigation of the potential value of using different analytical approaches to analyse and derive useful insight from different security log source types. This insight would inform the further development of the company’s existing Insider Threat Monitoring Program.

In the security analytics industry today many security vendors adopt a 'one size fits all' approach to security analytics, offering black box solutions which tell the company little about how the analysis is actually being done. The purpose of this initial project is to investigate the value of using different analytical approaches based on log source types and then extend the analysis to look at analytical approaches for combining multiple log sources from different log source types.

The long-term ambition is to develop a detection and response capability that provides greater insight into internal malicious activity to enable the company to be more pro-active in the area of detection (e.g. user access linked to systems, data and entitlement activity) and shape an intelligent automated response. The key internal driver for such a capability is enhanced risk management.

  • Start Date:

    1 April 2017

  • End Date:

    30 November 2017

  • Activity Type:

    Externally Funded Research

  • Funder:

    Data Lab

  • Value:

    £19974

Project Team