NIST SP 800-137

Data generated by applications and servers, inside or outside a department or agency, can play a significant role in determining anomalous employee behaviors. In some cases, the motivational context for those behaviors can signify an insider threat. Knowing the difference between willful acts and innocent mistakes requires understanding when user activity is abnormal in the broader context of employee behavior.

Register now and see a live demo of how agencies can use Splunk to gain a holistic view of insider activity and investigate abnormal usage patterns in the enterprise. Splunk makes the monitoring and investigation of insider threats a seamless process across time and data types.

This presentation and demo will cover:

• Methods for understanding what’s normal and what’s not using statistical analysis
• Data types and analysis needed to discover the malicious insider
• Examples of context in identifying insider threats