The bad guys aren’t just lurking somewhere across the internet — companies also face security threats from inside their own walls. Employees have access to all kinds of things, and by accident or on purpose, they can cause serious cybersecurity problems. An effective security program must take this into account.

“I started a program that focused on not only keeping the bad guys out — that’s table stakes in any security program — but also a disciplined approach around insider threat,” said Chidi Alams (pictured), head of information technology and security at Heartland Automotive Services Inc. (dba Jiffy Lube).

Alams spoke with John Walls (@JohnWalls21) and Dave Vellante (@dvellante), co-hosts of theCUBE, SiliconANGLE’s mobile livestreaming studio, during Splunk .conf2017 in Washington, D.C. They discussed cybersecurity, Splunk Inc. and a data-driven approach to business. (* Disclosure below.)

Unified security includes people, processes,  and tech

Visibility on risks is vital to security, and as a company, Jiffy Lube found that visibility in Splunk, a data analysis platform. This platform also works well with a risk-based approach that considers the company’s most valuable assets, according to Alams. Through Splunk, Jiffy Lube created a unified solution to protect the company’s data.

Businesses need a holistic approach to cybersecurity, Alams explained. That means a focus on people, processes and technology. While technology is important, the people aspect is always the biggest variable, because it’s hard to predict what people will do. To counter this, Jiffy Lube uses a data-driven system of alerts and responses to help track potential people threats.

“It’s not just employees out in the field. Globally, insider threat is probably the biggest blind spot for organizations,” Alams said. To detect these threats, businesses need to know what activity inside their systems is normal and what might indicate a bad actor. Splunk offers the necessary visibility to spot those trends, Alams stated.

“With that infrastructure in place, we’ve gone from a very reactive situation with analysts and engineers […] having to manually figure out ‘is this an event?’ Now we have a platform […] that gives us data that’s actionable,” Alams said.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of Splunk .conf2017. (* Disclosure: Splunk Inc. sponsored this segment of theCUBE. Neither Splunk nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE