Security Analytics for Insider Threat Detection
James Young

As the cyber security news is seemingly dominated by external threats such as serious vulnerabilities, malware, ransomware, nation states and criminal actors, it is easy to forget about threats from within. Although insider threats may seem less common, they pose no less risk and can often be much harder to detect and have the potential for significant impact. This challenge is complicated with tactics of external attackers evolving to include recruitment of insiders to help with the compromise of corporate networks.

When we step back and look at the overlap between what is needed to detect external and internal threats, there is often a high level of overlap across the types of data we need for visibility and the detection use cases required. Given this, how should we approach building a holistic security analytics approach that supports detection of both external and internal threats?

In this session we will understand the differences and similarities between external and internal threat detection and how we can build a unified approach using Splunk and Risk Based Analytics (RBA) supported by a combination of rule and behavioural based detections. With this approach we not only improve our security effectiveness through high fidelity security alerts but implement a singular framework for external and internal threats detection.