Sometimes just having a SOC isn’t enough to address insider threat issues. Security operations teams are managing massive amounts of data across billions of events from on premises to the cloud. Looking for specific needles like insider threats in this complex haystack has special requirements that encompass both searching historic data and seeing evolving credential behavior changes as they happen.
Whether from downsizing or expanding the business, employees, vendors, contractors, and more are moving in and out of your environment. And often, it is during turbulent times that insider threats go unobserved as everything changes so quickly. Insider threat initiatives require a new, more focused approach.
This presentation will explore:
The common scenarios that indicate you need an insider threat team, how to build a mission statement, and tools
Four attributes of a successful insider threat program
How behavioral analytics baseline “normal” behavior of users and devices – showing risk faster
An automated investigation experience that replaces manual routines and effectively guides new insider threat teams.
“Advanced Analytics” – Creating watch lists, using anomalies to guide investigation of internal threats, Identifying compromised credentials vs malicious activity.
A common sense approach to SaaS Management should be comprehensive and address both business value and risk management of the organization. Over the past few years, various tools have emerged to address some aspects of SaaS management or SaaS Security Posture Management, but these approaches still leave companies with gaps in visibility and siloed information.
An effective approach to SaaS management should cover three (3) core concepts to ensure its business value for stakeholders:
In this presentation, we’ll review the core concepts above in detail and discuss how to;