Savvydata countermeasures

Matthew X profrv at nex.net.au
Tue Aug 27 13:53:52 PDT 2002


As the notoriety of hackers and cyberterrorists grows, there's a tendency 
to forget about the threat to computer networks from disgruntled employees 
or insiders committing economic espionage or financial crimes.

In recent years, corporations and governments have rushed to construct 
network firewalls, add antivirus software and set up intrusion detector 
systems, but none of those security tools can stop the determined insider 
from stealing company secrets or diverting funds or stock.

Yet more than a third of all corporate computer crime is the result of 
unauthorized access by insiders, according to the 2002 survey by the 
Computer Security Institute/Federal Bureau of Investigation.

While the percentage of computer crime committed by insiders has fallen as 
the attacks from outside hackers via the Internet has grown, the Computer 
Security Institute warns "the insider threat is still very real and very 
costly."

A Fort Lauderdale firm, Savvydata Inc., has developed a security program, 
called RedAlert, specifically designed to thwart that insider with a bad 
attitude or a criminal bent.

RedAlert can protect sensitive data in a variety of applications from being 
accessed, printed, e-mailed, copied or saved to a disk by unauthorized 
employees on the network and provide a secure audit trail. It can block any 
unauthorized action and send an immediate alert, either to a company's own 
system administrator, or to Savvydata's monitoring service, which is based 
in the NAP of the Americas in Miami for added security. It can also lock 
down data in laptops that turn up missing.

If a wayward executive with full access does try to steal data, he may not 
be blocked, but he could still generate an alert, and will definitely leave 
a clear audit trail behind, which may well act as a deterrent. Each company 
sets its own policy for each document and each employee and can even set 
the hours of authorized access.

Michael Nevins, chief executive officer of Savvydata, called RedAlert a 
type of intrusion detector software -- only from the inside out.

Like most of the executives at Savvydata, Nevins comes from a law 
enforcement background. In 1991, he headed up Colorado's High Technologies 
Crime Unit, which assisted city, county and state law enforcement agencies 
in investigating computer crimes. He later started his own company, 
Millennium Investigations, which was acquired by Savvydata in 2000.

RedAlert is a new product that is currently being evaluated by 22 companies 
around the world, from Norway to Korea, Nevins said. Savvydata recently 
signed on with DynTek Inc., an Irvine, Calif.-based systems integrator and 
technology consultant for state and local governments, to include RedAlert 
in the product mix it offers to customers.

"RedAlert brings to the table a very specific solution at the desktop level 
in a market that is wide open," said J. Hansen, DynTek's national director 
for security services, who said his company evaluated numerous security 
solutions before partnering with Savvydata. "There are not a lot of 
competing products that do exactly what they do. It is absolutely prime for 
our markets."

While there are other software products aimed at nabbing insiders, most 
take a different approach, monitoring network traffic or operating system 
logs. RedAlert monitors specific activity related to specific documents or 
files.

The product is also going to be featured in a leading trade magazine, 
Information Security, as its September Hot Pick, according to associate 
editor Christine St. Pierre.

But RedAlert is only one part of Savvydata, which also has an online 
database search division, and an investigative computer forensics division. 
The searches are often used for pre-employment screenings and legal cases, 
and the forensic investigations extract evidence from computers primarily 
for use in court.

The company hopes to create some synergy between its RedAlert product and 
its data-mining capabilities. The plan is to offer a package that would 
investigate employees caught by RedAlert trying to breach network security 
policies. The profile might be set up to flag personal activities such as a 
recent bankruptcy or an arrest related to substance abuse.

"Employees' activities are influenced by their outside lives," Nevins said. 
"This would add an outside perspective to internal computer security."

Nevins admits the concept can be a little scary, but adds that in today's 
environment, it is more important than ever to protect inside information. 
Such profiles would be generated not across the board, but for employees 
whose behavior has taken them "past the point of just being suspicious," he 
said.

The database and forensic investigations divisions of Savvydata are 
profitable, and are expected to produce $1 million in revenues this year, 
Nevins said. But the overall company, which has raised $6.2 million from 
angel investors and private placements since it was formed in 1997, is not.
However, Nevins said there are $56 million worth of pending contracts for 
RedAlert, and he anticipates sales of the product by the end of the year. 
He said he expects Savvydata to be profitable in the fourth quarter.END.
Countermeasures?





More information about the cypherpunks-legacy mailing list