$400 Amazon Gift Card with OnDemand Training through March 10 - Learn More!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Malicious or Negligent? How to Understand User Intent to Stop Data Exfiltration

  • Tuesday, January 22, 2019 at 1:00 PM EST (2019-01-22 18:00:00 UTC)
  • Brad Green, John Pescatore


  • ObserveIT

You can now attend the webcast using your mobile device!



Half of data breaches have a substantial insider threat component, according to a 2018 McKinsey report. Interestingly, negligent and accidental incidents are far more common than malicious insider threats. However, malicious incidents are the most costly threat faced by organizations. Because of these differences in types of threats and outcomes, security teams must be able to accurately decode the intent behind user actions.

In this talk, we will explain how to better protect your organization by differentiating between types of insider threats. We will show you how to detect and respond appropriately to both accidental and intentional insider threats, right in the ObserveIT platform. Youll learn how to decrease your risk of data exfiltration while building a stronger workplace culture around security.

Speaker Bios

Brad Green

Senior Lead Security Engineer, ObserveIT

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, running consulting groups at Trusted Information Systems and Entrust, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and surveillance systems and "the occasional ballistic armor installation." John has testified before Congress about cybersecurity, was named one of the 15 most-influential people in security in 2008 and is an NSA-certified cryptologic engineer.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.