15.1 Introduction

As we have discussed in Chapter 7, the effective detection of insider threats requires monitoring mechanisms that are far more fine-grained than for external threat detection. These monitors must be efficiently and reliably deployable in the software environments where actions endemic to malicious insider missions are caught in a timely manner. Such environments typically include user-level applications, such as word processors, email clients, and web browsers for which reliable monitoring of internal events by conventional means is difficult.

To be able to detect the insider threats, we need to capture as accurately as possible not only the attributes of such insiders but also ...

Get Big Data Analytics with Applications in Insider Threat Detection now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.