Managing the Insider Threat: Why Visibility is Critical

  • Date 05 Jun 2019

Managing the Insider Threat: Why Visibility is Critical

05 Jun 2019, 10:30 - 11:00

Talking Tactics

Ponemon research shows that the average time to spot and contain an insider threat is 72 days - only 16% of incidents are identified and contained within 30 days. This delay can have big ramifications for the organisation, including cost, sensitive data loss and reputational damage. Only with full visibility into all employee or third-party activity across the network can even the earliest indicators of an insider threat be detected, investigated and user intent verified. Real-time alerts play a vital role in detecting unauthorised behaviour, like policy violations or data exfiltration attempts. Sorting the signal from the noise, which can lead to alert fatigue for security teams, however, is key. It can be done.

In this session, you will: 

  • Discover how the key components of full visibility – user activity, data activity, and behaviour analytics – work together to stop insider threats 
  • Learn how to configure alerts that work, from rule structure and syntax to logic and guides 
  • How to use the full activity intelligence gathered to educate users in better data security



  • Lee Duff


    Technical Expert


    Lee Duff, CISSP is a Cyber Security Expert with over 10 years experience in IP Networking, Firewalls, IDS/IPS, Email Security, NAC, VoIP,...

Business Issues covered

  1. What will this session help you to do?
    • Build a robust cyber response and resilience strategy
    • Understand internal and external threats and keep a business secure‎




We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies.