Detecting insider threats is difficult because malicious insiders are frequently legitimate users operating within their privileges. This new method detects insiders who act on information to which they have access, but whose activity is inappropriate or uncharacteristic of them based on their identity, past activity, organizational context, and information context.
Patent Number: 8,707,431
Date Issued: April 22 2014