SESSION RECORDING / INSIDER THREAT MANAGEMENT
Employees and contractors have a significant advantage over the organization’s primary security mechanisms (e.g. firewalls, access controls, physical access controls) that are built for the untrusted external attacker and not for the trusted insider. Furthermore, people working for or within the organization are aware of the mechanisms in place and can use this knowledge to circumvent defenses. In order to counter this advantage and realistically address insider threats, organizations need better capabilities in such areas as context-based monitoring, advanced behavior anomaly detection, and link-analysis driven investigation.