How to Build an Insider Threat Program:
Sometimes just having a SOC isn’t enough to address insider threat issues. Security operations teams are managing massive amounts of data across billions of events from on premises to the cloud. Looking for specific needles like insider threats in this complex haystack has special requirements that encompass both searching historic data and seeing evolving credential behavior changes as they happen.
Whether from downsizing or expanding the business, employees, vendors, contractors, and more are moving in and out of your environment. And often, it is during turbulent times that insider threats go unobserved as everything changes so quickly. Insider threat initiatives require a new, more focused approach.
This presentation will explore:
- The common scenarios that indicate you need an insider threat team, how to build a mission statement, and tools
- Four attributes of a successful insider threat program
- How behavioral analytics baseline “normal” behavior of users and devices – showing risk faster