Responding to an Insider Threat

The Insider Threat Challenge

Insider Incident Response

Identify the user accounts and devices associated with the incident

Determine their level of access and persistence

Execute a comprehensive containment plan to lock the perpetrator(s) out of the environment

Provide ongoing monitoring for potential reentry attempts vulnerabilities that may be exploited for this purpose

Deliver comprehensive documentation, chain of custody, expert witness support and assistance to law enforcement / legal counsel

Why Awake Labs


Awake’s experts have decades of threat hunting, digital forensics and incident response expertise across the network, endpoint and logs including working with the FBI on insider threats.

Proven Methods

Our response processes are designed to be scalable and account for procedures such as chain of custody, the rules of evidence and attorney-client privilege guidelines.


Our toolset combines Awake’s leading network detection and response technology with lightweight endpoint agents and powerful AI-based analytics for logs and other analysis.

Learn more about Awake Labs consulting and service offerings