Supported platform version:
The Insider Threat App is designed to orchestrate and optimize the detection, investigation and mitigation operations against insider threats by focusing on activities inside the network and identifying any abnormal behavior.
The Insider Threat App detects abnormal and unexpected behavior within the entire network rather than only inspecting signs of intrusions or strict security violations. It identifies indicators that match the behavior of an insider threat such as internal scans, brute force and privilege escalation attempts, inside malware infection, abnormal data transfer and more, by using the platform’s Intrusion Detection System, Network Behavior Analysis and anti-malware services. The Insider Threat App can be used to aggressively mitigate any tries of malicious user activities, using the platform’s mitigation service, or purposed as a tool to indicate the first stages of a more complicated attack.