The Cybersecurity Act of 2015 attracted national attention because it provided limited immunity for companies that share information about cybersecurity threats with the federal government. A lesser-noticed provision of the law, however, could have more impact on corporate cybersecurity activities. The statute significantly broadens the ability of companies to monitor networks for cybersecurity threats and employ defensive measures. This presentation provides a roadmap to the new law and explains how it expands the abilities of companies to engage in monitoring and defensive measures without running afoul of existing laws such as the Stored Communications Act and Wiretap Act. The presentation also examines privacy advocates' concerns with the new law.