Exploring Suspicious Access With Data Flow Explorer
The Data Flow Explorer has multiple uses when it comes to defining insider threats.
In this example, a trusted employee (in this case, a systems administrator) has given two weeks’ notice.

That means there is a potential for data exfiltration, either intentional or not.
In that situation, an organization needs to know what the employee can access. Here, the Data Flow Explorer can be used to determine what databases the user can access and how they were accessed.

Leave a Reply