NextSentry is hoping software partially derived from a pedophile-tracking application can keep corporate insiders on the security straight and narrow.
Security applications vendor NextSentry and its initial product offering were launched May 22, promising to bring sophisticated natural language processing capabilities into the enterprise security content filtering market.
The most intriguing element of the companys new ActiveSentry software: the products roots in public service and law enforcement.
The firms parent company, Next IT, sells a software package of the same name and technology that is used by government agencies for a number of data filtering purposes, including luring sex offenders online.
In that application, the software is used to conduct automated conversations, posing as a teenager, with individuals in Internet chat rooms.
If a person engaged in a chat by the application uses terms that indicate that the person might be a predator, an automated system alerts law enforcement officials who can take over the online conversation and move their investigation forward if necessary.
Leaders at the firm, which is based in Spokane, Wash., say they believe some of the same technologies can also be of great use within private enterprises for identifying sensitive information traveling over IT networks, such as customer account details or product design information.
The key in making such technologies successful, the ability to accurately discern what data is being handled appropriately and what information is being misused, is at the heart of both applications, company officials said.
The growing awareness around the so-called insider threat, or the problem of losing important corporate data through the actions of trusted employees rather than via outside attacks, makes the timing right for NextSentry to launch, said Jim Hereford, the companys chief executive.
The CEO maintains that by putting powerful content filtering tools on corporate networks that record nearly every keystroke landed by an end user, or every Web site they visit, companies can almost immediately determine when someone is circumventing security policies.
Analysts at researchers Gartner have estimated that 70 percent of all corporate security incidents that result in financial loss come from within.
In the example of financial services companies, which represent one of the firms primary target audiences, enterprises can do anything from earmark certain strings of numbers, like customer account information, to trigger alerts, or ascertain if someone has two applications open at the same time, which might indicate inappropriate activity.
“The problem with most security technologies is that there is almost always someone smart enough to find a way around the encryption or the other safeguards, and its often as simple as cut and paste,” Hereford said.
“Our software sits in there on the desktop with a trusted employee and can monitor everything, and prevent them from distributing info by any means.”
Criminal Methods
Hereford pointed out that many high-profile data losses within banks and other institutions have been traced back to criminal methods as simple as someone hitting the print button and walking out with customer information they can sell to others.
ActiveSentry offers the ability to recall screen shots of any data that was accessed by an employee after the fact, and also provides the power to block sensitive documents from being printed on the spot by offering tools that instruct printers to completely black out guarded data.
Allowing companies to set specific policies for any type of information, and promising a low number of false alarms, will convince customers to buy in, said NextSentry officials.
One company already using the software is regional bank Washington Trust, which is also based in Spokane.
Company officials said that they replaced a patchwork of e-mail content filtering with ActiveSentry and immediately discovered activity that disobeyed security policies that they had not found before.
“Many employees were breaching policies without knowing it, and this a nice way to address that with automation,” said Jim Brockett, chief information officer at Washington Trust.
“People were forgetting to encrypt their e-mails, but now those messages are being caught before they leave the network; its true throughout IT that the insider threat is the one area where theres probably the most potential for fraud and breaches, and where business has applied the least amount of technology.”
In addition to blocking unencrypted e-mails, blocking the use of USB drives on computers, and preventing unauthorized print jobs, ActiveSentry automatically informs users when they have broken the rules, and also informs a security administrator.
In the case of Washington Trust, which is one of three firms piloting the software, Brockett said that most workers almost immediately alter their behavior and take a more conservative approach to completing actions on their desktops.
The company has a policy of issuing a friendly reminder over the phone when one of its roughly 100 employees makes a wrong move, and the CIO said that using ActiveSentry has made information security a more high-profile effort across the firm.
“Its too early to tell how engrained in the overall culture the new level of security has become, but we can see that more people are securing their e-mails,” he said.
“Watching people this closely is a little bit uncomfortable, but at the same time its one of those things that we have to do; as management we want to be as unobtrusive as possible, and this allows us to let people do their jobs while we can make sure that the rules are being followed.”