Subscribe by email
The business risks—financial loss, failed audits, regulatory fines, and brand damage—of insider threats to your corporate data are too devastating to ignore. Here’s how learning from industry best practices can help you prevent these threats, including fraud and information leakage, and protect your business:
Demand 100% visibility so nothing gets missed
Capturing data in logs is a traditional method of understanding system activity but it doesn’t go far enough. Modern business intelligence tools tap into a hidden, information-rich data layer by capturing a complete, real-time, over-the-shoulder view of user activity across multiple data channels. This data should include queries and other read-only transactions that typically do not leave any traces in corporate databases or logs. This way, internal auditors, investigators and line of business managers can visually replay user actions screen by screen, keystroke by keystroke, just as if they were looking over the user’s shoulder. Not only can they see everything, but they can also place it into context.
Leading organizations use this data in a number of ways. Let’s explore a few of them:
Take a pre-emptive approach to eradicate risk
Most solutions address insider threats after the user has already gained access to the target information and is trying to transfer it out of the organization. Network-level solutions work by looking for sensitive data created in outbound messages (e.g., emails and instant messages). Desktop-level solutions look in media created at the desktop (e.g., via printing, writing to USB flash disks, or writing to CDs).
These approaches are highly problematic. Once sensitive data is displayed on a user’s screen, it can be transferred in undetectable ways—e.g., copied down on paper or photographed with a cell phone camera. At this point, it’s already too late.
Leading next generation detection technologies takes a different approach, working at the application level to address threats before they occur. More specifically, these solutions monitor application usage so that you know exactly when sensitive information is being displayed on the user screen. When applications are monitored pro-actively, the fraudulent behavior that occurs prior to a leak can be detected. The leak can then be prevented at the point of data access—regardless of the strategy for leaking the data.
Use real-time alerts to trigger fast action
The powerful analytical engines in the modern detection solutions track user behavior in real time, detecting cross-channel patterns and activities. In this way, it can pinpoint suspicious actions—based on business rules and weighted scores that you’ve defined—and generate real-time alerts related to questionable behavior. For example, here’s how Luminet does it:
A bank clerk who excessively searches for high- profile customer information, by customer name, much more than other clerks.
A user who displays 500 customer accounts on a specific day, spending only a few seconds with each account, while on average he accesses only 100 customer accounts per day.
Alerts can be sent to internal auditors, who can use them to zero in on anomalies, eliminate false positives, and facilitate after-the-fact investigations. When these solutions are integrated with an operational system, the alerts can also trigger automatic actions—for example, the initiation of a “suspend user” process in the operational system.
Faster, Easier Audit Prep
Your auditors expect precise and detailed information about how the thousands of people across your enterprise are accessing sensitive information on hundreds of applications each day. This often amounts to tens of thousands of screens of data and log entries. They also expect to see this information presented in a format that aligns with their unique regulatory requirements. With the next generation of business insight and compliance software, this information can be easily indexed, analyzed and distilled into meaningful reports–often at the click of a button.
——————————————————————————–
Real life examples. Real results.
Tax Collection Agency Cuts Investigation Time by 76%A large tax collection agency, which manages tax collection for more than 110 million citizens, wanted to gain visibility into the nonlogged activities of trusted insiders and respond to new scrutiny around data protection. With Luminet, the agency has reduced fraud and prosecuted violators while cutting investigation time by 76%.
——————————————————————————–
Nonprofit Mutual Insurance Firm Demonstrates Compliance with HIPAA and PCI DSS A nonprofit mutual insurance firm, part of a large consortium of health insurance providers, needed a fraud prevention and compliance solution that would help them uncover privacy violations and demonstrate compliance with HIPAA and PCI DSS.
The firm, which serves well over a million members, chose Luminet because of its comprehensive approach to data collection, reporting, and analysis. Luminet provides 100 percent visibility into user activity across all applications. It also triggers real-time alerts for exceptions. And its interactive tools detect the cross-channel patterns and trends of users across diverse departments and applications.
Armed with Luminet, the firm can help catch privacy violations, facilitate regulatory compliance, and reduce expenses related to audits, compliance reporting, and HIPAA-associated fines.
——————————————————————————–
Credit Card Company Immediately Detects Employee Misuse A credit card company employed the Luminet technology for its ability to see, record, and analyze user activity across internal enterprise applications—thereby providing the intelligence needed to take informed action. Corporate IT used business rules available in Luminet to track user behavior patterns and generate real-time alerts on suspicious activity. And their work paid off. Just weeks after installation, the company identified an employee who was misusing his authorized access.
——————————————————————————–
Government Agency Deters Fraud and Prevents Info Leak A government agency with more than 11,000 employees deployed the Luminet technology to view and record all user interactions with internal business applications. Employees and contractors were given fair warning: From now on their application activity would be recorded in real time—screen by screen, keystroke by keystroke—creating a complete audit trail directly from the network.
By capturing a complete over-the-shoulder view of user activity, the agency was able to deter fraud and prevent sensitive info from leaking into the wrong hands.
——————————————————————————–
International European Insurance Company Tracks Privileged Users A European insurance company deployed the Luminet technology to help detect internal fraud. More specifically, one of the company’s objectives was to track the activity of privileged IT users, including database administrators, system administrators, and programmers. Trusted users, with their technical knowledge and authorized access to internal systems and resources, have the potential to devastate an institution.
Using the Luminet technology, the company implemented business rules that generated real-time alerts on questionable activity patterns; e.g., a privileged user’s attempt to update information in a production database using a utility that could not otherwise be traced.
