24/7 SOC




You are here:


Protect your business from the insider Threat

The success of any modern organisation is directly related to how their people efficiently use information technology.
But the most severe cyber security threat faced by any organisation will come from the accidental or malicious involvement of members of its staff or related stakeholders. This also includes guests and third-party contractors who are given access to the IT system to complete their assignments.

While complex technically advanced cyber attacks may be fully automated, most successful attacks involve one or more ‘insider actors’. The Verizon DBIR Report (2016) confirmed that 60% of security incidents involved insiders. Of these incidents, 29% were due to deliberate malicious actions, with the remainder resulting from a simple mistake by well-intentioned people.

Most security tools only analyse computer, network, or system data. To stop insider threats, every organisation must continuously and automatically monitor all user activity. Raising security awareness and preventing further action at the point of violation has been proven to reduce insider risk by up to 50%.

Managed Insider Threat Detection and Prevention

CYBERSHIELD MDR-INSIDER is a fully managed service that combines cutting-edge technology, experienced security analysts and latest global threat intelligence needed to educate, deter, block and investigate suspicious insider threat activity.
Functioning as your company’s own cyber security operations centre (SOC), our leading insider threat detection and prevention service includes:

● Real-time user monitoring and surveillance
● Automated alerts based on violation of Insider Threat Rules
● Notification and blocking of unauthorised access
● Reporting to support incident investigation and compliance
● 24/7 Security Operations Centre

This complete package of advanced security capabilities is deployed in minutes and is continually monitored by our analysts who report on and mitigate any potential attacks immediately.
For a full list of package features, see the MDR-MATRIX product comparison.

Immediately Reduce Cyber Attack Insider Risk by 50%


Insider Threat Detection

Monitor user risk activity by identifying anomalous behaviour in real-time. Get started immediately with carefully calibrated, ready-made Insider Threat Rules. Trigger rule violation alerts that include typing keywords, website visits and data exfiltration. Investigate and create comprehensive reports about any user’s activities.

Insider Threat Detection 1
Incident Investigation 1

Incident Investigation

Use session recording for visual playback of exactly what happened, when, where, and why. Precise activity trails show every user action and rich metadata provides full context of any user session.

Insider Threat Prevention

Reduce risk with real-time user notifications and blocking. Directly enforce company security policies to promote security awareness and prevent insider threats. Immediately block out-of-policy actions and deliver real-time user notification. Stop incidents before they can progress.

Insider Threat Prevention 1
Monitoring Privileged Users 1

Monitoring Privileged Users

Privileged high risk users include senior managers and administrators who have complete access to the network, applications and all organisational data. Monitor and record privileged direct and remote user activity on Windows, Unix, virtual servers and AWS/Azure systems.

Regulation & Compliance

Help to satisfy the requirements of standards that include PCI DSS, ISO 27001, the Data Protection Act and the EU General Data Protection Regulation (GDPR). Quickly produce audit reports and instant analysis of the actions related to a compliance violation by an employee, privileged user or contractor.

Regulation & Compliance 1
User Privacy Protection 1

User Privacy Protection

Anonymize user data to protect employee and contractor privacy, meet regulations, and maintain trust with your users. In anonymization mode, information remains hidden unless specifically requested and approved by an authorised administrator. Meet the requirements of new strict privacy laws, including the EU General Data Protection Regulation.


The CYBERSHIELD Portal is the central hub of this service and provides a full overview of all information that can be viewed both by you and our cyber security management team. Multiple dashboards are used to view ticket information and events, change control, status reports and a full overview of all assets and their status.

Request more information about our Managed Detection & Response range of services and see how they can help your business.