Insider threat is when legitimate users of a system turn bad and do harm. Because they are legitimate users of a system, whether they are exfiltrating data or causing malfunction, it makes it very difficult to catch them.
Insider Threat Prevention aims to prevent exactly these types of internal attacks, though these preventative measures also prove to be extremely beneficial at impeding external attackers during a breach.
To prevent insider threat activity, we work with you to fine-tune each user's privileges and permissions, ensuring they have just enough to do their job. We also identify information which might attract a rogue user and apply measures to ensure it can only be accessed by authorised staff.
In order for Insider Threat Prevention to be fully effective, a defence in depth strategy is required. This goes beyond the technical measures which prevent sensitive data exiting a network boundary. This includes but is not limited to deterrence and heuristical checks which detect deviations from a user's usual pattern of life.
