NextSentry Aims to Curb Insider Threats

NextSentry is hoping that software partially derived from a pedophile-tracking application can keep corporate insiders on the security straight and narrow.

NextSentry is hoping that software partially derived from a pedophile-tracking application can keep corporate insiders on the security straight and narrow.

The security applications vendor launched its first product, ActiveSentry, May 22, promising to bring natural language processing capabilities into the enterprise security content filtering market. The most intriguing element of ActiveSentry: the products law enforcement roots.

NextSentrys parent company, Next IT, sells a similar application, ActiveAgent, used by government agencies for several data filtering purposes, including luring sex offenders online. The software is used to conduct automated conversations, posing as a teenager, with individuals in Internet chat rooms.

If a person engaged in a chat by the application uses terms that indicate that the person might be a predator, an automated system alerts law enforcement officials, who can take over the online conversation and investigate.

Jim Hereford, CEO of NextSentry, in Spokane, Wash., said the law enforcement technology also applies to enterprises trying to identify sensitive information such as customer account details or product-design information traveling over a network.

Hereford said that by putting on corporate networks powerful content filtering tools that record nearly every keystroke made by users on every Web site they visit, companies can almost immediately determine when someone is circumventing security policies.

Research company Gartner estimates 70 percent of all corporate security incidents that result in financial loss come from within.

In the example of financial services companies, which represent one of NextSentrys primary target audiences, enterprises can do anything from earmarking certain strings of numbers, such as customer account information, to triggering alerts to ascertaining if someone has two applications open at the same time, which might indicate inappropriate activity.

"Our software sits in there on the desktop with a trusted employee and can monitor everything and prevent them from distributing info by any means," said Hereford.

ActiveSentry offers the ability to recall screen shots of any data that was accessed by an employee after the fact and provides the power to block sensitive documents from being printed. It employs a context-based engine called ContextIQ that uses conceptual meaning and context to trigger alerts.

One company already using the software is Washington Trust Bank, which is also in Spokane. Jim Brockett, CIO at Washington Trust, said the bank replaced a patchwork of e-mail content filtering software with ActiveSentry and discovered activity that violated security policies.

"Many employees were breaching policies without knowing it, and this [is] a nice way to address that with automation," said Brockett. "People were forgetting to encrypt their e-mails, but now those messages are being caught before they leave the network; its true throughout IT that the insider threat is the one area where theres probably the most potential for fraud and breaches, and where business has applied the least amount of technology."

In addition to blocking unencrypted e-mails, blocking the use of USB drives on computers and preventing unauthorized print jobs, Active-Sentry automatically informs users when they have broken the rules, and it also informs a security administrator.