Addressing the Insider Threat is now rightly recognised as playing a crucial element in improving the security posture of organisations and preventing all kinds of embarrassment. Recent years have seen a growth in all manner of vendors promising panaceas to address ordinary user activities, but what exactly are the solutions offered? In a lot of instances, legitimate rootkits. This talk examines the current state of the insider threat marketplace, the technical solutions to the issues presented, and an actual analysis of user activities in RL and how they may well negate the the promises of vendors and the expectations of security minded organisations.