How to Build an Insider Threat Program

Tech Theater 1

Starts: September 21, 2023 1:00 pm
Ends: 2:00 pm
Sponsored by
Exabeam logo
More info

Sometimes just having a SOC isn’t enough to address insider threat issues. Security operations teams are managing massive amounts of data across billions of events from on premises to the cloud. Looking for specific needles like insider threats in this complex haystack has special requirements that encompass both searching historic data and seeing evolving credential behavior changes as they happen.

Whether from downsizing or expanding the business, employees, vendors, contractors, and more are moving in and out of your environment. And often, it is during turbulent times that insider threats go unobserved as everything  changes so quickly. Insider threat initiatives require a new, more focused approach.

This presentation will explore:

  • The common scenarios that indicate you need an insider threat team, how to build a mission statement, and tools
  • Four attributes of a successful insider threat program
  • How behavioral analytics baseline “normal” behavior of users and devices – showing risk faster
  • An automated investigation experience that replaces manual routines and effectively guides new insider threat teams

John Nowotny

Senior Engineer - Exabeam

Prior to joining Exabeam, John Nowotny was a Senior Security Engineer at a large oil and gas company, engineering a number of security platforms, including Exabeam. As an early customer of Exabeam, John saw the need for understanding what is normal for users, especially in the digital transformation era. John has a passion for identity protection and cloud security, and uses that passion to help companies execute great security wins with the least end-user impact possible.