Join us June 8th to hear first-hand experiences from Bain Capital’s VP and CISO, Mark Sutton, in our webinar “Lessons Learned Building Bain Capital’s Insider Threat Program.” Register Now
Detect Abnormal Behavior Within Core Apps with our Employee Monitoring Software
Applications are the window to our data. While organizations have deployed security infrastructure to protect the backend of these applications, when everyday applications users log in, most companies are completely blind to what they are doing. This lack of visibility provides prime avenues for exposing sensitive or regulated data, representing a major security blind-spot where most of today’s security incidents and data breaches occur. In short, organizations need employee monitoring.
Here are a few examples of common employee activities that put companies at risk:
- Running application reports that export huge amounts of sensitive data
- “Innocently” uploading sensitive data to a third-party cloud application
- Deliberately sharing sensitive data with others via email, cloud application, thumb drive, etc.
- Installing a remote desktop application to work from home, thus opening a remote back door into the network
- Responding to a phishing email, granting network access to a hacker
- Visiting unauthorized websites that could install malware on the network
ACCESSING SENSITIVE CUSTOMER OR PATIENT RECORD
Employees with access to sensitive customer/patient records pose a risk of abusing this data or leaking it to third parties. A call center employee views someone’s social security number. A doctor or nurse views health information of a patient that is not theirs or a high profile (MVP) patient. System logs don’t record user actions within Web applications (e.g., Salesforce, SAP), and most local/VDI applications do not generate logs at all, making it impossible to discover or audit who accessed, copied or modified sensitive data.
‘Examples of core applications our customers are using for employee monitoring:
|Fiserv (Cleartouch)||Guidewire||EPIC||Point-of-Sale (POS)||SAP|
|FX Trading Platform||Stone River||Cerner||Store Management||Supply Chain Management|
|Wealth/Portfolio Management||Claims Processing||Allscripts||Order Management||Billing Management|
|Jack Henry Banking Platform||Quote Generation||Patient Administration||Supply Chain Management||Inventory Management|
UNAUTHORIZED USE OF CLOUD APPS
One of the biggest risks companies face today is the proliferation of SaaS based applications that any user can spin up and use – shadow IT. These applications can store and share huge amounts of data that fly completely under the radar of security teams. Trying to discover these apps, who is using them, and what they are being used for is nearly impossible relying on server logs.
While most applications are necessary for business functions, some have no place in the organization and can lead to data breaches and other damage. Examples of risky applications include consumer cloud storage, screen capture, desktop sharing, file transfer (FTP), and peer-to-peer file sharing (torrents).
|CLOUD STORAGE||SCREEN CAPTURE||DESKTOP SHARING||FILE TRANSFER||OTHER|
ObserveIT provides alerting and reporting for numerous types of behavior anomalies that put your company at risk.
- Any time a user opens a particular file
- Any time a user manually modifies a registry entry
- Any time a user connects remotely outside of regular business hours
- Generating larger-than-usual reports
- Accessing unusual systems, files or others resources
- Performing unusual types of operations or running rarely-used commands
- Executing a larger number of actions than usual within a given time frame
- Logging in outside normal/expected hours of the day or days of the week
- Accessing systems from unusual client machines
- Running unusual applications