How often do you hear such a ‘too late’ comment after a data breach, fraud or ransomware attack?
And you'll keep hearing it unless your start involving businesspeople and asking them to evaluate those very anomalous behaviours performed by their employees/contractors are either a business-justifiable exception or the early signal of a downstream security situation.
The solution at a glance
Sharelock detects anomalous user behaviors against the individual behavioral baselines, correlate such set of anomalies against its insider threat models, and then signals to Sailpoint IdentityIQ Security situations (e.g. suspected accountc ompromise, suspected data sabotage) and Recommendations for suggesting «keep/review/revoke» actions on specific applications.
Are you interested?