What happens when the call is coming from inside the house? Data exfiltration by insiders is a dangerous threat, but one that often doesn't get the same level of attention as the sexier external ones. We'll start this session with a brief overview of why and how users exfiltrate information, and we'll progress to tactics, such as effective SPL searches, for operationalizing insider threat detection. You'll leave this session better able to catch insider threats in the in the act of exfiltration instead of days, weeks, or months later.

Speaker(s)
David Doyle, Splunk Puncher, Bechtel
Eric Secules, Forensic Investigator, Bechtel

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1179.pdf?podcast=1577146216

Product: Splunk Enterprise

Track: Security, Compliance and Fraud

Level: Good for all skill levels