Forcepoint Insider Threat (formerly SureView Insider Threat)

The Visibility and Context You Need to Eliminate Insider Threats

Empower your organization to better protect the information entrusted to it by customers, citizens or other stakeholders by detecting your riskiest users and tracking the insider activities that could damage your organization.

Unrivaled visibility into early activity on users’ computers prevents data theft and loss by hijacked systems, rogue insiders or negligent end users

Forcepoint Insider Threat is a user behavior monitoring tool that’s been protecting the most sensitive government and organization networks on the planet for over 15 years.

Forcepoint Insider Threat detects suspicious activity, whether it is a hijacked system, rogue insider or simply a user making a mistake. It ensures that your intellectual property or regulatory compliant data is not compromised.

It automatically identifies the riskiest users and provides context into unusual behavior, including an “over-the-shoulder” view enabling organizations to proactively and authoritatively address threats from within.

Forcepoint Insider Threat Capabilities

This unique and unrivaled security tool is designed specifically to protect your data from malicious or accidental threats and delivers these unique data protection capabilities:

  • Protects against unintentional insider threats as well as malicious insider behavior
  • Video replay provides full behavioral context to rapidly discern malicious from benign actions, easily reviewed and understood by non-technical personnel—all while respecting employee privacy guidelines through customizable, business-driven policies
  • Behavioral analytics discovers your riskiest users and provides deep visibility into their actions, including past behaviors
  • Integrated, enterprise-wide system – no need to buy or maintain a number of independent software applications
  • Distributed architecture prevents performance impact
  • Lightweight agent with proven stability that is highly scalable
  • Data collection from multiple sources, including Forcepoint DLP (formerly TRITON AP-DATA)
  • Detects risky behavior when users are on or off the corporate network


  • Forcepoint gives you the visibility needed to see early warning signs that users have been hijacked, gone rogue, or are just making mistakes – before sensitive data gets breached or stolen
  • Forcepoint Insider Threat saves you time and effort by automatically scoring and prioritizing your riskiest users, reducing the need to dig through thousands of alerts
  • Our Forcepoint Insider Threat Command Center provides a highly intuitive dashboard that identifies your riskiest users and quickly sees patterns that can uncover broader risks
  • Our video capture and replay gives you unparalleled visibility into suspicious behaviors before they become problems (e.g., creating back doors, stockpiling data)
  • Establishes baselines for both individual and work group behaviors
  • Searches for anomalies in an individual’s behavior to detect potential insider threats (both intentional and unintentional)
  • Provides a consolidated risk score for each user on each day, as well as quickly highlighting 30-day risk trends of your organization
  • Simplifies the investigation process by prioritizing risky users


  • Define specific behaviors that are known to be risky based on a set or sequence of activities
  • Detect a wide range of activity monitoring, from PII and HIPAA compliance requirements to IP protection and limited malware detection
  • Fully customizable policies can automatically weigh how user behavior impacts the overall risk score
  • Customers can also manually adjust policies to change how user behavior impacts the overall risk score


  • For each user on each day, an intuitive chart is generated; allowing an investigator to quickly see what types of activities caused them to receive a high risk score


  • An over-the-shoulder view with screen shot captures and playback gives you unparalleled visibility into suspicious behaviors before they become problems
  • Provides context and the evidence needed to attribute an incident to a user and to determine if they have been hijacked, gone rogue, or are just making mistakes
  • Investigators can easily review the desktop video replay and see the user’s suspicious activity at any time, allowing for attribution that is admissible in a court of law


  • The Forcepoint Insider Threat Command Center automatically scores and prioritizes your riskiest users, reducing the need to dig through thousands of alerts
  • A minute-by-minute timeline quickly shows you the high-risk behavior of the user
  • Record and playback features give you visibility into the user’s intent and simplifies the investigation process