Top Instructors Share Their Expertise ONLINE at SANS - Special Offers Available NOW!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

The SANS 2017 Insider Threat Survey: Mounting an Effective Defense Against Insider Threat

  • Tuesday, August 01, 2017 at 1:00 PM EDT (2017-08-01 17:00:00 UTC)
  • Eric Cole, PhD, Bryan Ware, Matt Hathaway, Pramod Cherukumilli


  • Dtex Systems
  • Haystax Technology
  • Rapid7 Inc.

You can now attend the webcast using your mobile device!



Information security pros consistently rate insider threats as one of their top concerns, but often don't do much about it. According to the results of the 2015 SANS insider threat survey, 74% list insiders as among their top concerns, with 34% admitting to having been a victim of a successful insider breach that is estimated to cost their organization more than $1 million.

Breaches caused by the misuse of insider credentials are so difficult to spot that 70% aren't noticed for months, according to the 2016 Verizon Data Breach Investigations Report. Sixty-three percent of breaches involving privileged access involved weak or stolen passwords, which is why the rapid growth of phishing and other credential-stealing tactics are growing so quickly.

When it comes to preventing insider attacks, "prevention is more a state of mind than reality," according to SANS expert Eric Cole, Ph.D., author of the 2015 report Insider Threats and the Need for Fast and Directed Response. "Many organizations are still not creating and implementing insider threat programs and need to aggressively increase their focus to better protect the organization," Dr. Cole wrote in 2015. "They need to take aggressive steps to implement administrative and technical solutions for controlling the damage an insider can cause."  

This webcast will explore the survey results with emphasis on: 

  • Top concerns related to internal threats
  • What insider threat programs entail
  • Maturity of such programs
  • Tools used to detect and deter insider threats
  • Whether organizations have improved their abilities to stop malicious insiders without interfering with those doing their jobs

Register for this webcast and be among the first to find out the results of this year's survey of the SANS community and Eric Cole's evaluation of their ability to deter insiders.

View the associated white paper here.

Speaker Bios

Eric Cole, PhD

Eric Cole, PhD, is a SANS faculty fellow, course author and instructor who has served as CTO of McAfee and chief scientist at Lockheed Martin. He is credited on more than 20 patents, sits on several executive advisory boards and is a member of the Center for Strategic and International Studies' Commission on Cybersecurity for the 44th Presidency. Eric's books include Advanced Persistent Threat, Hackers Beware, Hiding in Plain Sight, Network Security Bible and Insider Threat. As founder of Secure Anchor Consulting, Eric puts his 20-plus years of hands-on security experience to work helping customers build dynamic defenses against advanced threats.

Bryan Ware

Bryan Ware is a pioneer in the development of artificial intelligence software for enterprise security risk management. He is the CEO of Haystax Technology, whose Constellation Security Analytics Platform powers the largest critical infrastructure risk management program and the largest insider threat detection program in the U.S. Bryan holds multiple patents for advanced analytics and has been featured in several books, including Extreme Risk, Bayesian Networks and The Unfinished Game. Bryan holds a BS in Applied Optics from Rose-Hulman Institute of Technology and has been published in leading journals from IEEE, the Association for Uncertainty in Artificial Intelligence and others.

Matt Hathaway

Matt Hathaway is a senior manager of Solutions Marketing at Rapid7, having recently transitioned after four years in the Rapid7 Products organization. He moved to Northern Ireland to assist with the company's international expansion and drive Rapid7 Belfast office development. He is a frequent blogger about both Rapid7 products and the expatriation experience. He regularly speaks about security challenges at conferences, including Black Hat USA 2014, SOURCE Dublin 2015 and B-Sides SF 2016. Prior to joining Rapid7, Matt was a member of the Office of the CTO (OCTO) and product management teams for RSA. He has been working in fraud prevention, security and IT for 15 years.

Pramod Cherukumilli

Pramod Cherukumilli is the director of product management at Dtex Systems, Inc. At Dtex, he manages the endpoint-based User Behavior Analytics platform focused on Insider Threats. Prior to joining Dtex, he was the head of the cloud-based threat intelligence platform at E8 Security, where he helped define their initial user and behavior analytics solution and determine how to effectively use threat feeds to identify malicious entities in the network. Pramod has over a decade of experience at Cisco Systems managing, leading and architecting the development of enterprise security products, including threat intelligence feeds, web proxy, firewall, VPN and IPS, which are extensively deployed at Fortune 100 companies.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.