According to the 2022 Ponemon Institute Cost of Insider Threats: Global Report, insider threat incidents have risen 44% over the past two years, with costs per incident up more than a third to $15.38 million. Among the reasons for this increase is the rise of the “Great Resignation” per SecurityBouldevard.com (https://securityboulevard.com/2022/01/dont-let-the-great-resignation-become-an-insider-threat/)A common thread, and often the most damaging aspect, of insider threat incidents is the exfiltration of company data. Detecting exfiltration activity is elusive since it resembles legitimate business activity and in recent years is even more challenging given the increase of cloud-first networks and users working from home. A variety of analytical methods and observational vantage points must be employed to provide the best detection posture against data exfiltration, from scenario-based rules and behavioral baselining to user and entity scoring. In this session, the LogRhythm Labs team will demonstrate techniques for detection of exfiltration in a variety of network topologies (work-from-home, cloud-only, on-premises) using the LogRhythm product line.