Learn more about insider threat detection
Insider threat detection is a method of monitoring and identifying threats posed from inside an organization. One part of an organization’s overall IT security strategy, the purpose of insider threat detection is to understand and prevent insider threats as much as possible.
Insider threats are a class of cybersecurity threats typically grouped into one of three categories: negligent, compromised and malicious.
A negligent insider is someone unaware of the dangers of opening phishing emails or sharing credentials. This is an individual who has good intentions but is often poorly trained on security best practices or is simply not careful. A compromised insider is someone whose credentials have been compromised already and a malicious actor is able to use their credentials to access secure data or applications without detection.
A malicious insider is someone inside the organization who is actively working to bring harm or cause an incident within the environment.