Incident Response Masterclass: Investigate a Rogue Insider with Varonis

Join our IR team for a play-by-play of a live attack simulation and investigation of a rogue insider threat using DatAlert’s new DFIR capabilities.

During this training session, our security analysts will execute a new attack scenario in our lab.

Here’s the scenario:

• An insider was paid to exfiltrate sensitive organizational data
• To remain uncovered, he takes control on a service account
• Using the service account, he scans company filers for documents with indicating keywords
• Copies matching documents to his PC
• Creates an encrypted ZIP file
• To remain uncovered, he uses the service account to upload the ZIP file to an external Gmail account