As the notoriety of hackers and cyberterrorists grows, there's a tendency to forget about the threat to computer networks from disgruntled employees or insiders committing economic espionage or financial crimes. In recent years, corporations and governments have rushed to construct network firewalls, add antivirus software and set up intrusion detector systems, but none of those security tools can stop the determined insider from stealing company secrets or diverting funds or stock. Yet more than a third of all corporate computer crime is the result of unauthorized access by insiders, according to the 2002 survey by the Computer Security Institute/Federal Bureau of Investigation. While the percentage of computer crime committed by insiders has fallen as the attacks from outside hackers via the Internet has grown, the Computer Security Institute warns "the insider threat is still very real and very costly." A Fort Lauderdale firm, Savvydata Inc., has developed a security program, called RedAlert, specifically designed to thwart that insider with a bad attitude or a criminal bent. RedAlert can protect sensitive data in a variety of applications from being accessed, printed, e-mailed, copied or saved to a disk by unauthorized employees on the network and provide a secure audit trail. It can block any unauthorized action and send an immediate alert, either to a company's own system administrator, or to Savvydata's monitoring service, which is based in the NAP of the Americas in Miami for added security. It can also lock down data in laptops that turn up missing. If a wayward executive with full access does try to steal data, he may not be blocked, but he could still generate an alert, and will definitely leave a clear audit trail behind, which may well act as a deterrent. Each company sets its own policy for each document and each employee and can even set the hours of authorized access. Michael Nevins, chief executive officer of Savvydata, called RedAlert a type of intrusion detector software -- only from the inside out. Like most of the executives at Savvydata, Nevins comes from a law enforcement background. In 1991, he headed up Colorado's High Technologies Crime Unit, which assisted city, county and state law enforcement agencies in investigating computer crimes. He later started his own company, Millennium Investigations, which was acquired by Savvydata in 2000. RedAlert is a new product that is currently being evaluated by 22 companies around the world, from Norway to Korea, Nevins said. Savvydata recently signed on with DynTek Inc., an Irvine, Calif.-based systems integrator and technology consultant for state and local governments, to include RedAlert in the product mix it offers to customers. "RedAlert brings to the table a very specific solution at the desktop level in a market that is wide open," said J. Hansen, DynTek's national director for security services, who said his company evaluated numerous security solutions before partnering with Savvydata. "There are not a lot of competing products that do exactly what they do. It is absolutely prime for our markets." While there are other software products aimed at nabbing insiders, most take a different approach, monitoring network traffic or operating system logs. RedAlert monitors specific activity related to specific documents or files. The product is also going to be featured in a leading trade magazine, Information Security, as its September Hot Pick, according to associate editor Christine St. Pierre. But RedAlert is only one part of Savvydata, which also has an online database search division, and an investigative computer forensics division. The searches are often used for pre-employment screenings and legal cases, and the forensic investigations extract evidence from computers primarily for use in court. The company hopes to create some synergy between its RedAlert product and its data-mining capabilities. The plan is to offer a package that would investigate employees caught by RedAlert trying to breach network security policies. The profile might be set up to flag personal activities such as a recent bankruptcy or an arrest related to substance abuse. "Employees' activities are influenced by their outside lives," Nevins said. "This would add an outside perspective to internal computer security." Nevins admits the concept can be a little scary, but adds that in today's environment, it is more important than ever to protect inside information. Such profiles would be generated not across the board, but for employees whose behavior has taken them "past the point of just being suspicious," he said. The database and forensic investigations divisions of Savvydata are profitable, and are expected to produce $1 million in revenues this year, Nevins said. But the overall company, which has raised $6.2 million from angel investors and private placements since it was formed in 1997, is not. However, Nevins said there are $56 million worth of pending contracts for RedAlert, and he anticipates sales of the product by the end of the year. He said he expects Savvydata to be profitable in the fourth quarter.END. Countermeasures?