4/10
  • Pages
  • Editions
01 Homepage
02 How to start?
03 Types of Insider Threats
04 How to Detect an Insider Threat
05 How to Protect Against Insider Attacks
06 Protect your Source Code
07 Build the Right Program
08 Learn from Real-life Successes
09 Conclusion
10 About ArcSight & Galaxy

How to Detect an Insider Threat

Most threat intelligence tools focus on the analysis of network, computer and application data while giving scant attention to the actions of authorized persons who could misuse their privileged access.


Compromised account


Infected host


Account misuse


Data staging


Low and slow attack


Unauthorized print job


Fileless malware


Zero-day attack

For secure cyber defense against an insider threat, you have to keep an eye on anomalous behavioral and digital activity.

Behavioral Indicators

There are a few different indicators of an insider threat that should be looked out for, including:

  • A dissatisfied or disgruntled employee, contractor, vendor or partner.
  • Attempts to circumvent security.
  • Regularly working off-hours.
  • Displays resentment toward co-workers.
  • Routine violation of organizational policies.
  • Contemplating resignation or discussing new opportunities.

Digital Indicators

  • Signing into enterprise applications and networks at unusual times. For instance, an employee who, without prompting, signs into the network at 3am may be cause for concern.
  • Surge in volume of network traffic. If someone is trying to copy large quantities of data across the network, you will see unusual spikes in network traffic.
  • Accessing resources that they usually don’t or that they are not permitted to.
  • Accessing data that is not relevant for their job function.
  • Repeated requests for access to system resources not relevant for their job function.
  • Using unauthorized devices such as USB drives.
  • Network crawling and deliberate search for sensitive information.
  • Emailing sensitive information outside the organization.

Up next:

How to Protect Against Insider Attacks