SpectorSoft introduced a security solution that monitors user behavior to detect and prevent insider threats.
Spector 360 Recon 8.3 is aimed at small- to medium-size businesses (SMBs), and includes user behavior analytics (UBA) to help organizations detect insider threats, targeted attacks and financial fraud.
The software does this by looking at patterns of human behavior and then applying algorithms and statistical analysis to detect meaningful anomalies from those patterns.
The updated anomaly detection identifies when user behavior deviates from a baseline, and can be tailored to meet customers’ specific needs through the ability to refine the type and number of alerts sent by the system based on the company’s business requirements and personal level of acceptable risk.
The software detects and alerts anomalous behavior related to file interactions and movement, printing, cloud storage usage, removable media usage, and email– paths that insiders often employ to steal intellectual property.
It collects and logs the underlying user activity data for up to 30 days, and creates a log of what documents are moving through the network, including when they printed or transferred to removable storage or personal cloud solutions like Dropbox.
The platform does this by monitoring and recording every file transferred by HTTP, FTP, cloud services, and P2P, and will also log all application usage including, application name, activity, focus and total time of use.
In addition, events such as login and logout, mouse and keyboard activity, and active versus inactive time are all recorded.
In essence, the software serves as both an early warning system and insurance policy, giving businesses the ability to proactively detect and respond to insider threats while serving as a deterrent against them.
The update comes on the heels of a survey of 772 IT security professionals, sponsored by SpectorSoft and conducted by the SANS Institute, which found that almost three-fourths of respondents (74 percent) are concerned primarily with employees, whether malicious or merely negligent.
However, 44 percent of respondents said they don’t know how much they currently spend on solutions that mitigate insider threats and 45 percent don’t know how much they plan to spend on insider threat technology in the next 12 months.
In addition, nearly a third (32 percent) admitted they have no ability to prevent an insider attack.
In August 2014, Gartner released a report identifying user behavior analytics as an augmentation of current security information and event management solutions. It noted that user behavior analytics enables more effective exception monitoring due to its advanced profiling and anomaly detection that is not dependent on identity and access management (IAM) policy definitions for roles and authorization rights.