© Andrey Burmakin - fotolia

... He mentions user behavior as a means. This involves comparing the normal behavior of employees on the PC - i.e. their usual activities and access patterns - with the potentially deviant activities of an attacker who has stolen an employee's access data. "In order to create a profile with the typical behavior of each user, the behavior defined as normal is monitored and all actions are logged. This allows unusual, anomalous behavior to be identified more quickly," explains Lin. In his opinion, another effective method is ...