The phrase “insider threat” often evokes not only headaches, but the mental image of a disgruntled coworker scheming on how best to bring an organization to a grinding halt. While this is absolutely an example of an insider threat, there is way more to an insider threat program than looking for web searches on “how to steal money from my employer like they did in Office Space and/or Superman 3.”

In this session, engineers from Splunk will review the categories of insider threat, for example: negligent, accidental, intentional insider threats, and more. Additionally, the session will cover strategies for moving beyond monitoring for outright malicious “bad behavior”, to finding malicious instances of “good behavior." No conversation about an insider threat program would be complete without the discussion of anomaly detection, but part of that discussion needs to be about the fact that anomaly detection is not right for every organization. The Splunk team will talk about when anomaly detection delivers and when there are other places to focus on first. The session will contain both concepts and practical advice for all, whether Splunk users or not. However, attendees can expect to see examples illustrated in the Splunk product suite from Splunk Enterprise, and the freely available Security Essentials, to Enterprise Security, and User Behavior Analytics.

Join us for a webinar where we will discuss:

• The benefits from early and timely detection of advanced and insider threats
• Detecting malicious activity within and across the cyber kill chain
• Detecting anomalous activity with advanced statistical analysis and machine learning
• Gaining additional context to investigations by leveraging machine learning
• Optimizing investigations, respond to threats, and increase operational efficiency
• Leveraging 3^rd party tools for threat management

Jason Crotts 703-581-6686 www.carahsoft.com/splunk