Responding to an Insider Threat
Awake Labs
The Insider Threat Challenge
To lock out, monitor, and stop an insider while building the right case for the authorities takes deep forensic expertise and the right tools. If done wrong, this can easily escalate as the insider realizes they might be discovered.
Insider Threat Tactics.
Awake Labs uses a variety of techniques to contain and remediate insider threats: from stealth agents on suspect devices to hunting for persistence mechanisms. Awake experts have also worked with law enforcement to ensure strong legal cases and provide expert witness testimony.
Insider Incident Response
If you are the victim of or suspect an insider attack, engage Awake Labs to:
Identify the user accounts and devices associated with the incident
Determine their level of access and persistence
Execute a comprehensive containment plan to lock the perpetrator(s) out of the environment
Provide ongoing monitoring for potential reentry attempts vulnerabilities that may be exploited for this purpose
Deliver comprehensive documentation, chain of custody, expert witness support and assistance to law enforcement / legal counsel
Why Awake Labs
We work as an extension of your team to quickly respond to insider threats, thereby minimizing impact and enabling successful remediation, prosecution / legal proceedings.
Expertise
Awake’s experts have decades of threat hunting, digital forensics and incident response expertise across the network, endpoint and logs including working with the FBI on insider threats.
Proven Methods
Our response processes are designed to be scalable and account for procedures such as chain of custody, the rules of evidence and attorney-client privilege guidelines.
Technology
Our toolset combines Awake’s leading network detection and response technology with lightweight endpoint agents and powerful AI-based analytics for logs and other analysis.
