Many organizations focus on keeping bad guys out. But, as the breaches that continue to dominate the headlines demonstrate, there is unintentional and intentional bad behavior happening inside the network as well. You need to be able to identify compromises from within. There are many kinds of insider threats, but they can generally be broken into three different categories:
1. People who accidentally leak data – either by being careless – leaving their smartphone or laptop on a plane, or by being clueless – unintentionally sending information over an unsecured network, or letting confidential information slip to the wrong person.
2. People who intentionally cause harm – by stealing data, destroying systems, and leaking confidential information. This can include the disgruntled employee who wants to wreak havoc on an organization or someone who is trading company secrets for monetary gain.
3. People who have had their credentials or computers compromised – knowingly or unknowingly. This can include the person who clicked on a bad link and unknowingly divulged sensitive data, or someone who is a victim of social engineering.
FlowTraq® learns and understands the changing patterns of behavior inside your network so when any system, mobile device, or server starts behaving outside the normally expected patterns – such as hosts receiving data outside of normal thresholds or sending files at unusual times – you can quickly shut them down. With an infinitely scalable core, a fully parallel database, and a powerful network behavioral intelligence engine, FlowTraq can detect and alert on suspicious insider threat activity in networks of any size. Our state-of-the art solution lets you analyze network traffic flow records to provide an unprecedented level of network situational awareness for fast and easy monitoring, quick security analysis and complete forensic recall of any network traffic.
For instance, you may already spend time and resources searching for viruses on computers, blocking spam, and tracking down abuse. But it’s not only worms and viruses that may be exfiltrating your most sensitive data, it could be anyone within your own walls. By monitoring flow data to detect anomalies, you can immediately recognize undesired uploads and data breaches from your network.
Data loss prevention (DLP) systems are good at identifying structured sensitive data, such as social security numbers or credit card numbers, leaving the organization. But they can’t recognize many other types of data exfiltration – such as encrypted data, confidential intellectual property, or insider information – that can have serious business, ethical, regulatory, and legal repercussions. For that you need a network visibility tool, like FlowTraq.
FlowTraq gives you unprecedented network behavior intelligence. And we’ve partnered with SpectorSoft®, which provides user activity intelligence to enhance the ability to seek out anomalies and detect, alert and respond to insider threats.
With a strong solution in place to analyze both network and user behavior, you have immediate insight into these anomalies – suspicious user behavior, abnormal streams flowing out of your network and unauthorized usage of cloud services – and the intelligence you need to react quickly.
This combined solution gives your network “eyes and ears” – and a long memory to remember what happened. And that knowledge is what will give you the power to anticipate, prepare for and deal with unknown future situations. In short, FlowTraq and SpectorSoft provide a level of depth that allows you to keep the network safe and operational – and free from insider threats – today, tomorrow and beyond.
To learn more, download the SpectorSoft FlowTraq Solution Brief (PDF).