Detection of insider threats remains a challenge for organizational security teams. The bad actors have legitimate access to sensitive data. The problem is further compounded by insiders with elevated data access privileges. Organizations can lessen insider risk by adopting an insider risk management solution that can easily identify, detect, and mitigate insider risk in real-time before it harms or breaches critical infrastructure. Therefore, insider risk management remains a key part of any organization’s security strategy. However, evaluation is essential for both vendors and clients. Year-on-year evaluation helps vendors spot any flaws in their strategy and correct course. Here, we will be comparing SPARK Matrix for 2023 and 2024 to gauge the players.
Keeping the crown:
Splunk, Rapid7, Proofpoint, Code42, LogRhythm, Bottomline, LogPoint have kept their positions as leaders in 2023 and 2024. These companies provide a sophisticated and comprehensive technology platform to detect, analyze, protect, remediate, and respond to insider threats in real-time. Their platforms also provide control and visibility over internal data access and data exfiltration by end-users, including employees, remote vendors, and contractors, to provide protection from insider threats like theft and fraud. Splunk and Rapid7’s products combine analytics with deep risk visibility. Code42 and Bottomline’s products maintain unique angles—exfiltration protection and financial insider risk, respectively.
On the other hand, Teramind, SailPoint, and Next moved up from contenders in 2023 to 2024. Next’s Insider Risk Management and Data Loss Prevention solution leverages a combination of policy-free user activity monitoring, machine learning for behavior analysis, and real-time content inspection for proactive threat detection.
SailPoint’s Insider Risk Management solution leverages AI and ML capabilities to assign the required access to the right identities and technology resources at the right time. The solution helps execute risk-based identity access and security lifecycle strategies for diverse non-employee entities.
Teramind’s Insider Risk Management Solution incorporates Optical Character Recognition (OCR) technology that allows it to extract text from screenshots, emails, and documents within applications, providing a more comprehensive view of user behavior. It also offers a productivity analysis feature which provides valuable insights into user work patterns and potential deviations that might indicate malicious intent.
Those who lost the top spots
Gurucul was placed as a leader in 2023. However, the company slipped to strong contender in 2024. The company offers Gurucul Risk Analytics (GRA) to predict, detect, prevent, and deter insider threats in an enterprise and cloud environment. The Gurucul SIEM offers peer-group analytics feature that allows both static and dynamic peer-group definition and analytics. It automatically organizes users to produce baselines based on regular user behavior and detects unexpected changes from peer group baselines. The likely cause of the downgrading is a gap in execution or customer satisfaction.
The strong and steady ones
Microsoft became stronger in 2024 but has not managed to move into the leader quadrant. Microsoft’s Insider Risk Management solution enables policy creation using a machine learning playbooks feature that helps create policies using configurable machine learning templates that do not require the deployment of scripting or endpoint agents. It is also equipped with privacy-by-design architecture that allows organizations to balance user privacy in the context of organizational risks. It enables organizations to configure policies based on industry, geographical, and business groups. Therefore, a likely reason behind staying put as a strong contender is that the product is seen as too broad and less focused specifically on insider threats.
IBM offers Insider threat security through IBM QRadar User Behavior Analytics and IBM Security Verify Privilege. The IBM solutions leverage out-of-the-box behavioral rules and machine learning to discover malicious insiders and compromised credentials with real-time analytics, detect and protect all services, applications, and administrator and root accounts across the enterprise, and effectively assess insider threat processes.
On the other hand, Crisp, Veraato, Aware, Haystax, and CounterCraft were present in the 2023 matrix, but have vanished in the 2024 matrix. Did they refuse to participate?
The new blood
HUMAN, Everfox, Secure Passage, and Cogility have made their entry into the SPARK Matrix in 2024. Human Security offers insider risk management capabilities through its Human Defense Platform, which constantly monitors login attempts and user activity to identify anomalies that could signal malicious insider intent.
Everfox (Forcepoint)’s robust insider risk management solution through its Forcepoint Insider Threat and Risk Adaptive protection. Forcepoint Risk Adaptive Protection’s Autopilot comes with risk assessment that detects suspicious behavior by continuously collecting, enhancing, and connecting events. It gathers user behavior and DLP incidents before calculating the user’s risk with Forcepoint’s Indicator of Behavior (IOB) analytic models. This risk score is actively transmitted to DLP so that policy enforcement can be automated based on the risk level.
Cogility’s Counter-Insider Threat Intelligence solution applies its Expert AI and evolving AI LLM technology within its platform to generate comprehensive risk insights and streamline decision-making processes with full traceability. Cogility has made advancements in applying the Sociotechnical and Organizational Factors for Insider Threat (SOFIT) ontology as a key component in structuring its Insider Threat potential risk indicators. Secure Passage’s Insider Risk Management solution provides comprehensive technological capabilities and is rapidly gaining market traction across industries and geographical regions. Now that 2025 is upon us, it will be interesting to see a similar comparison for 2024 and 2025.