Full disclosure: I work for Varonis, but truly and honestly believe that the product I'm about to talk about is very good at specifically addressing insider threats in large file sharing environments.
Varonis is a good option for this. It supports Windows file shares, UNIX/Linix, OneDrive, Exchange, AD, NAS, SharePoint, etc.
It does permissions management (to help enforce least privilege), auditing (so you can see what users are doing) and alerting (so you can detect abnormal insider behavior).
Key permissions functionality:
- Maps permissions so you can see who has access to which file share data
- Scans the contents of files so you can see which folders are sensitive and overexposed
- Let's you model permissions changes in a sandbox so you can see which users will be impacted
- Execute permissions changes directly from Varonis
Key auditing/alerting functionality:
- Captures all file share activity from all users in a searchable audit trail
- Baselines the behavior of users (every file open/move/modify/delete)
- Alerts when abnormal behavior occurs (an insider decides to grab a bunch of files he hasn't touched in a long time, a service account touches user data, etc.)
- Can send alerts to your SIEM for correlation
Here's free video course (not sales-y at all) on insider threats developed by Microsoft Regional Director / MVP Troy Hunt. It's a really good overview of the whole insider threat problem and talks about defensive measures.