Deception for Insider Threat Detection

Engage Goals: EGO0001 Expose, EGO0003 Elicit

Engage Approach: EAP0002 Detect

Engage Actions: EAC0010 Peripheral Management, EAC0011 Pocket Litter, EAC0015 Information Manipulation

Name of Element: Deception for Insider Threat Detection

Description of Element:

Goal: To detect and mitigate insider threats using deceptive techniques.

Approach: Detecting malicious activities by insiders using deception.

This element involves deploying deception assets and techniques to detect and deter malicious insiders. It may include creating fake files, documents, or credentials that are designed to attract insider attention.

Technical Context:

This element focuses on monitoring user activity and behavior for anomalies that may indicate malicious intent. It leverages machine learning and user behavior analytics to identify suspicious patterns and alert security teams.

Other:

This element helps organizations to proactively detect and mitigate insider threats, which are often more difficult to identify than external attacks.

Deception for Insider Threat Detection

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense