Posted on by Insider Threatin
This is the second part of a two-part series about considering low-cost tools for starting your insider threat program. In the first part of this series, I discussed the five categories of tools available to insider threat programs to use, as needed, as part of their operations. In this part, I provide examples of low-cost tools that are available in this space.
The following tools may meet one or more needs of your insider threat program. This is not a complete list of tools. CERT hasn't tested them and, as a Federally Funded Research and Development Center (FFRDC), cannot endorse or recommend them specifically, nor can CERT determine their suitability for use in your environment. I encourage you to test these tools prior to acquisition and implementation.
User Activity Monitoring (UAM)
Data Loss Prevention
Security Information and Event Management (SIEM) Systems
Digital Forensics Tools
You can see from this partial list that there are quite a few options available to help you start planning for and implementing the technical aspects of your insider threat program. There are many other tools available that aren't listed, so I encourage you to explore other options. The goal of this blog series was to provide information as a means to get started.
If you have experience with other open source or freely available tools that could be leveraged in an insider threat program, I would like to hear from you. Please get in touch with me using the links provided below.