Tool demonstrated at CA World, raises questions on employee monitoring.
Computer Associates International Inc. last week unveiled a product that company executives said they believe will bridge the gap between the electronic and physical security measures deployed in enterprises.
eTrust 20/20 is a visual tool that gives systems administrators a detailed picture of their companys physical and network environments and enables them to see up-to-the-minute activity for employees, applications, buildings or systems. The software collects real-time feeds from numerous sources, including badge readers, e-mail systems, Web servers and other networked devices; aggregates the data; and produces a graphical depiction of the monitored environment.
"We wanted a better way to pick up behavior thats abnormal," said Sanjay Kumar, president and CEO of CA, in Islandia, N.Y. The software will go into a broad beta program this summer with an eye toward general availability by the end of the year.
In a demonstration at the companys CA World show here, Kumar tracked the comings and goings of a fictional CA employee. The left side of the screen showed internal computer systems, including the Web, e-mail and client information repository. The center of the screen displayed a schematic of the companys headquarters and showed each badge reader. A clock took up the bottom of the screen.
Using the software, Kumar was able to click on each system and see when and for how long the employee was using the Web, for example, or the client information system. The program also showed the employees location in the building and which floors he was traveling to at what time of day.
Administrators can play back the activities of a particular employee over a given period of time and view the text logs of that employees activities at any time.
In addition, to prevent employees from maliciously altering the log data, CA has developed an algorithm that takes a fingerprint of the data as it is collected and compares that snapshot with the data as it is played back. Any alteration, therefore, would be easily identifiable.
Such technology clearly raises questions about the level of monitoring that companies can or should perform on their employees, but Kumar said the system is merely aggregating existing data.
In addition to the technological advances the program represents, eTrust 20/20 will be the first CA product to be sold solely by subscription. Customers will pay as they go on a monthly basis, and the fee will be based on the number of employees and physical access points the system will be monitoring.