Insider Threat Detection

The threat of information loss and fraud perpetrated by insiders has never been greater. Fortunately, every electronic move made by insiders is captured in log data. The key to leveraging that information to gain insight into potential and actual threats lies in the solution you deploy for collecting, analyzing and managing that data.

Through the use of extended metadata fields that capture such data as quantities, amounts, session, bytes-in/bytes-out, file size, and the ability to collect and analyze database and application-level log data, anomalies that previously would have gone undetected can now provide the foundation for an early warning system.

When metadata is correlated with contextual information (e.g., the asset value of the impacted host or application, the time of day in which an event occurred, the IP range of the originating host, etc.), real-time identification and alerting of anomalies within applications, databases and network activity can occur. For example, LogRhythm can be used to pinpoint specific exceptions such as transactions greater than a certain dollar amount in a financial application, including when it occurred, who was responsible, and which account was modified. Such events can automatically trigger an alert to designated individuals via e-mail, pager, existing management applications and/or the LogRhythm console.

Insider Threat Detection | LogRhythm

Request more information