Low Cost Technical Solutions to Jump Start an Insider Threat Program

George J. Silowash
George J. Silowash, Carnegie Mellon University
Derrick Spooner, Carnegie Mellon University
Daniel L. Costa, Carnegie Mellon University
Michael Albrethsen, Carnegie Mellon University

CMU/SEI-2016-TN-004

Abstract or Description

This technical note explores free and low cost technical solutions to help organizations prevent, detect, and respond to malicious insiders. The tools presented address the needs of organizations to have, at a minimum, user activity monitoring, data loss prevention, security information and event management, analytics, and a digital forensics and investigation capability. Implementing tools in all of these categories will help an organization have a successful insider threat program.