ESPROFILER IconESPROFILER
Capability ExchangeCapability Exchange
Platform
How it worksHow you onboardHow you operate
Services
All ServicesSecurity Reality AssessmentStrategic Consolidation
Use Cases
All
Resources
AllArticlesWebinarsEvents & ConferencesProduct Releases
AboutCareersStatus
Log InBook Demo
Back to changelog
2026-05-29
Changelog

ESProfiler now supports the Insider Threat Matrix

Insider threat is the gap most stacks ignore. ESProfiler now maps your software stack against the open-source Insider Threat Matrix in minutes — gaps and overlaps included.

Insider threat is the security gap most stacks quietly pretend doesn't exist. ATT&CK doesn't cover it well, NIST CSF only gestures at it, and every Q1 risk register carries a row for it that nobody knows how to test. As of today, ESProfiler customers can map their security stack against the open community framework that does cover it — the Insider Threat Matrix — in minutes.

What is the Insider Threat Matrix?

Maintained by Forscie and an open contributor community, the Insider Threat Matrix (ITM) is an open framework for computer-enabled insider threat investigations. Think of it as ATT&CK for insiders — built around how real investigations unfold, with explicit detection and prevention guidance attached to every technique.

The Matrix organises insider activity into five categories:

  • Motive — why a subject acts: Coercion, Espionage, Personal Gain, Revenge, Recklessness, the Joiner / Mover / Leaver lifecycle

  • Means — what they need: Privileged Access, Removable Media, BYOD, Web Access, Enterprise-Integrated AI Platforms

  • Preparation — how they set up: Data Staging, Email Collection, Privilege Escalation, AI-Assisted Capability Development

  • Infringement — the harmful act: Data Loss, Exfiltration via email / web / physical media, Misappropriation of Funds, Sharing on AI Chatbot Platforms

  • Anti-Forensics — covering tracks: Log Deletion, Disk Wiping, Timestomping, Steganography

What sets ITM apart from threat frameworks you may already know: every technique is paired with concrete Detections and Preventions — control-level guidance you can map directly to your stack. The framework is open-source on GitHub and currently catalogues 666 knowledge objects, with new ones added regularly to keep up with AI-era insider behaviour.

Why it matters for your defenders

Insider risk has always been the awkward corner of the security programme — half people, half technology, hard to demo, frequently owned by nobody. ITM gives you a way to make it concrete:

  • A shared vocabulary across security, HR, legal, and insider risk teams

  • Explicit detection and prevention paths for every technique — not just "be aware"

  • First-class coverage of AI-era insider behaviour: chatbot leakage, AI agent abuse, AI-assisted preparation

Map your stack in minutes — and see exactly where you stand

Mapping a security stack to a new framework by hand is usually a multi-week spreadsheet exercise. In ESProfiler, it isn't.

The Insider Threat Matrix is now live alongside MITRE ATT&CK, MITRE F3, NIST CSF, the NIST AI RMF, ISO/IEC 27001, and every other framework in the platform. Point ESProfiler at your existing tools and you'll see:

  • Coverage in minutes, not weeks — your stack mapped automatically across all five ITM categories

  • Gaps at a glance — the insider techniques no tool in your environment detects or prevents, surfaced and prioritised

  • Overlaps you're paying for twice — controls duplicated across DLP, UEBA, IAM, and email security vendors, ranked by spend

Insider risk is the one programme where coverage gaps tend to live for years before anyone tests them. Now you don't have to wait.

Get started

If you're an existing customer, the Insider Threat Matrix is already live in your tenant — open the Frameworks view to start mapping.

If you're not, book a demo and we'll show you your insider risk coverage gaps in the time it usually takes to schedule the kickoff meeting.

Ready to Optimize
Your Security Stack?

Talk to our team to see how ESPROFILER can help you gain full visibility and control over your security investments.

Book a Demo

Platform

  • Market Layer
  • Capability Layer
  • Commercial Layer
  • Tribal Layer
  • Architect Layer

Services

  • All Services
  • Security Reality Assessment
  • Strategic Consolidation

Company

  • About Us
  • Jobs
  • Resources
  • Changelog
  • Contact
ESPROFILER IconESPROFILERNCSC For Startups AlumniSupported By GoogletechUK Winner
© 2026 ESPROFILER. All rights reserved.
Policies & Terms