Savvydata countermeasures
Matthew X
profrv at nex.net.au
Tue Aug 27 13:53:52 PDT 2002
As the notoriety of hackers and cyberterrorists grows, there's a tendency
to forget about the threat to computer networks from disgruntled employees
or insiders committing economic espionage or financial crimes.
In recent years, corporations and governments have rushed to construct
network firewalls, add antivirus software and set up intrusion detector
systems, but none of those security tools can stop the determined insider
from stealing company secrets or diverting funds or stock.
Yet more than a third of all corporate computer crime is the result of
unauthorized access by insiders, according to the 2002 survey by the
Computer Security Institute/Federal Bureau of Investigation.
While the percentage of computer crime committed by insiders has fallen as
the attacks from outside hackers via the Internet has grown, the Computer
Security Institute warns "the insider threat is still very real and very
costly."
A Fort Lauderdale firm, Savvydata Inc., has developed a security program,
called RedAlert, specifically designed to thwart that insider with a bad
attitude or a criminal bent.
RedAlert can protect sensitive data in a variety of applications from being
accessed, printed, e-mailed, copied or saved to a disk by unauthorized
employees on the network and provide a secure audit trail. It can block any
unauthorized action and send an immediate alert, either to a company's own
system administrator, or to Savvydata's monitoring service, which is based
in the NAP of the Americas in Miami for added security. It can also lock
down data in laptops that turn up missing.
If a wayward executive with full access does try to steal data, he may not
be blocked, but he could still generate an alert, and will definitely leave
a clear audit trail behind, which may well act as a deterrent. Each company
sets its own policy for each document and each employee and can even set
the hours of authorized access.
Michael Nevins, chief executive officer of Savvydata, called RedAlert a
type of intrusion detector software -- only from the inside out.
Like most of the executives at Savvydata, Nevins comes from a law
enforcement background. In 1991, he headed up Colorado's High Technologies
Crime Unit, which assisted city, county and state law enforcement agencies
in investigating computer crimes. He later started his own company,
Millennium Investigations, which was acquired by Savvydata in 2000.
RedAlert is a new product that is currently being evaluated by 22 companies
around the world, from Norway to Korea, Nevins said. Savvydata recently
signed on with DynTek Inc., an Irvine, Calif.-based systems integrator and
technology consultant for state and local governments, to include RedAlert
in the product mix it offers to customers.
"RedAlert brings to the table a very specific solution at the desktop level
in a market that is wide open," said J. Hansen, DynTek's national director
for security services, who said his company evaluated numerous security
solutions before partnering with Savvydata. "There are not a lot of
competing products that do exactly what they do. It is absolutely prime for
our markets."
While there are other software products aimed at nabbing insiders, most
take a different approach, monitoring network traffic or operating system
logs. RedAlert monitors specific activity related to specific documents or
files.
The product is also going to be featured in a leading trade magazine,
Information Security, as its September Hot Pick, according to associate
editor Christine St. Pierre.
But RedAlert is only one part of Savvydata, which also has an online
database search division, and an investigative computer forensics division.
The searches are often used for pre-employment screenings and legal cases,
and the forensic investigations extract evidence from computers primarily
for use in court.
The company hopes to create some synergy between its RedAlert product and
its data-mining capabilities. The plan is to offer a package that would
investigate employees caught by RedAlert trying to breach network security
policies. The profile might be set up to flag personal activities such as a
recent bankruptcy or an arrest related to substance abuse.
"Employees' activities are influenced by their outside lives," Nevins said.
"This would add an outside perspective to internal computer security."
Nevins admits the concept can be a little scary, but adds that in today's
environment, it is more important than ever to protect inside information.
Such profiles would be generated not across the board, but for employees
whose behavior has taken them "past the point of just being suspicious," he
said.
The database and forensic investigations divisions of Savvydata are
profitable, and are expected to produce $1 million in revenues this year,
Nevins said. But the overall company, which has raised $6.2 million from
angel investors and private placements since it was formed in 1997, is not.
However, Nevins said there are $56 million worth of pending contracts for
RedAlert, and he anticipates sales of the product by the end of the year.
He said he expects Savvydata to be profitable in the fourth quarter.END.
Countermeasures?
More information about the cypherpunks-legacy
mailing list