DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NOV 2011

Enterprise Health Financial

Spector360 – Surveillance as a management tool

Sally Pigott – Territory Manager Central & Eastern Europe

Damian Hallmark – Systems Engineer

2

PC and Internet Monitoring Software

Agenda

• About SpectorSoft

• SpectorSoft Channel Model

• Employee Monitoring and Security – Who & Why?

• Insider Threats & Employee Productivity

• Building a case for Employee Monitoring

• Common Objections

• Q&A

3


About SpectorSoft

• Established 1998

• Strong Growth Year After Year

• Inc. 500/5000 List – 7 Times

• Market Leader

• More than 50,000 Businesses

• More than 300,000 Consumers

• Five Star Partner Program Winner

• 24/7 U.S. Based Customer Support

GOLD AWARD!

Rated #1 Product 2007 Monitoring

Software Report

EDITORS’ CHOICE

PC Magazine THREE Time

Award Winner!

1ST PLACE

“The Best of the Best” 2005 & 2008 Monitoring

Software Review

FIVE

5-STAR AWARDS

Gold Star

Partner Program

Best in

Surveillance

Featured In:

http://www.crn.com/crn/;jsessionid=Z5KALQL5NCQBSQSNDLPSKH0CJUNN2JVN

4


Our Customers

Corporate / Government / Education

http://images.google.com/imgres?imgurl=http://www.hfconferences.ca/hscn/archive/2008/images/Cardinal-Health-logo.jpg&imgrefurl=http://www.hfconferences.ca/hscn/archive/2008/cardinal.html&usg=__mWpDKYMGyyh6rNqijOEyDNlkJHc=&h=99&w=300&sz=8&hl=en&start=4&tbnid=zMOINBKddrgh0M:&tbnh=38&tbnw=116&prev=/images?q=cardinal+health+logo&gbv=2&hl=en

http://images.google.com/imgres?imgurl=http://www.pcpcc.net/files/u1/humana_logo.jpg&imgrefurl=http://www.pcpcc.net/content/executive-committee&usg=__A7y-ka3QjIzlmikbBHFwpYWqVik=&h=61&w=180&sz=12&hl=en&start=6&um=1&tbnid=M_O23prd6db3JM:&tbnh=34&tbnw=101&prev=/images?q=humana+logo&gbv=2&hl=en&um=1

http://images.google.com/imgres?imgurl=http://www.northouterbelt.com/MembersIMG/NationalCityLogo.jpg&imgrefurl=http://www.northouterbelt.com/MemberDetails.asp?ID=17&usg=__tddMCCRJ-69VQi2PWL5c9b3E40I=&h=200&w=200&sz=19&hl=en&start=5&tbnid=rplmj8RmeZZ05M:&tbnh=104&tbnw=104&prev=/images?q=national+city+bank+logo&gbv=2&hl=en

http://images.google.com/imgres?imgurl=http://media.monster.com/xmdpsx/joblogo.gif&imgrefurl=http://jobview.monster.com/GetJob.aspx?JobID=80617216&AVSDM=2009-04-22%2016:39:00&WT.mc_n=RSS2005_JSR&usg=__SiI5JW7uQtkAnqq6rprFNbQIXo8=&h=200&w=399&sz=11&hl=en&start=2&tbnid=r1sOeCczAFiHSM:&tbnh=62&tbnw=124&prev=/images?q=Minnesota+Department+of+Human+Services&gbv=2&hl=en

http://images.google.com/imgres?imgurl=http://upload.wikimedia.org/wikipedia/en/thumb/1/1e/Uspsoig.jpg/200px-Uspsoig.jpg&imgrefurl=http://en.wikipedia.org/wiki/USPS_Office_of_Inspector_General&usg=__ryaJnn7P62aSyzSPW0s2aQEdjcc=&h=239&w=200&sz=17&hl=en&start=7&tbnid=kgXOCkX4oCS40M:&tbnh=109&tbnw=91&prev=/images?q=US+Postal+Service+Office+of+Inspector+General&gbv=2&hl=en

http://images.google.com/imgres?imgurl=http://a2c2.org/conferences/acc2009/Boeing_logo-blue.gif&imgrefurl=http://a2c2.org/conferences/acc2009/exhibits.htm&usg=__KkWdgSXB8XSCRtIf10ILWGjnRmM=&h=178&w=702&sz=7&hl=en&start=3&tbnid=IMnc_OLgljGJ5M:&tbnh=35&tbnw=140&prev=/images?q=boeing+logo&gbv=2&hl=en

http://images.google.com/imgres?imgurl=http://www.goletadepot.org/images/MuseumPeople/CoxLogo.jpg&imgrefurl=http://thereadersmedianotes.blogspot.com/2006_10_01_archive.html&usg=__D0yiqk243PNgrsU3-CFSJ4rvP6E=&h=148&w=260&sz=11&hl=en&start=10&tbnid=D2Awha4LMcChLM:&tbnh=64&tbnw=112&prev=/images?q=cox+communications+logo&gbv=2&hl=en

http://images.google.com/imgres?imgurl=http://blogs.wvgazette.com/coaltattoo/files/2009/03/epa_logo.jpg&imgrefurl=http://blogs.wvgazette.com/coaltattoo/2009/03/26/epa-objects-to-another-mountaintop-removal-permit/&usg=__t5IZgXAwrqR83lZuytzmLK7NHZk=&h=366&w=336&sz=46&hl=en&start=1&tbnid=XUmPy1X3_g94eM:&tbnh=122&tbnw=112&prev=/images?q=us+epa+logo&gbv=2&hl=en

5


Channel-Only Sales model

SpectorSoft will not sell Direct

– Two-Tier Distribution model (Head Technology)

• Pricing

• Project registration

• Licensing support

• Technical assistance

• Liaison with SpectorSoft

5

6


What is monitoring?

‘the ability to record, report and be alerted on employee activity’

• Application Usage

• Internet behaviour

• File protection and data movement

• Work patterns

• Identifying the good and the bad behavioral traits.

6

7


Who wants to know this information?

• Business owners

• Executives

• Shareholders

• IT

• Fellow employee’s.

7

8


Who is already doing it and how?

ALL organisations currently perform some form of employee monitoring and security… FACT!

• Privilege and rights Management

• DLP (USB Lock down etc)

• Centralised Anti-Virus / Malware protection / Anti-Spam / Firewall

• Policy driven internet and application restrictions

• Archiving and encryption

• Password protection and Two Factor Authentication

8

9


Insider threats manifest in many different ways…

9

Insider Threats

• IP Theft

• Fraud

• Sabotage

• Cust. Data Theft

Deliberate Misconduct

• Web Surfing

• Chat

• Webmail

• Auctions

• Social Media

Lost Productivity

• Ethnic/Racial slurs

• Sexual harassment

• Bullying

• Discrimination

Hostile Environment

• Ignorance

• Negligence

• Process Failure

• Technical Failure

Accidental Disclosure

Privilege Abuse

• Snooping

• Rights Escalation

• Hacking

•Technical Arrogance

10


Spector 360… Key Features

Why Employee Monitoring…..?

• Increase employee productivity

• Conduct investigations and document violations

• Ensure adherence to Internet Acceptable Use Policies

• Provide “insider” theft protection

• Reduce bandwidth consumption and help desk calls

• Meet compliance requirements

11


SPECTOR 360 – Solution Components

Open Architecture

Fast & easy installation

Scales with network servers & desktop volume

Remote configuration, installation and administration

Centralized data archiving

Supports Citrix XenDesktop / Server

Will record and report on satellite offices and remote -workers

Create multiple Desktops and views for different managers, HR, IT, etc.

12


12

Spector 360

• Enables organizations to visually analyze employee behavior over time

• Alerts internal resources on suspected activity across a comprehensive range of user related activities

• Configurable and adaptable to changing environment

• Permits the extraction of historical event data for external analysis and reporting

13


See what happened……..and how?

• See the details of every event, both simple and complex

• See a time-line for every event

• Discover all information across all systems

• Analyse each event in context • What happened before, during and after an event?

14


14

Active Monitoring approach: • Always on and vigilant to deal with the unpredictability of users

• Provides contextual visibility into user behavior and activities

• Alerting of suspected threat activity across a range of user activity

• Captures intent

• Offloads event data; preserves historical evidence to support subsequent forensic investigations

If you don’t know it happened, how do you prevent it…..?

15


15

Building a Case for Employee Monitoring

• Businesses are still challenged to identify, track and stop insider threats

• Traditional DLP solutions, only identify when the breach actually occurs.

• Almost all insiders give themselves away before the breach by testing their environment for vulnerabilities and access. This early testing is very difficult to identify.

• Traditional DLP solutions generate a wealth of false positives requiring extensive reconciliation.

• When DLP identifies a threat, forensic data must be collected before it is lost.

• DLP solutions often require specialist forensic teams to analyze the pertinent data.

16


16

Non-DLP Threats to business

• Unauthorized access to a systems or data

• Unwanted disruption or denial of service

• Sexual harassment in the work place

• Physical/ Verbal threats via instant messenger or email

• Unauthorized use of a system for the processing, storage of data or personal use

• Unauthorized changes to system hardware, firmware, or software

17


Is it Legal……………..?

It depends…

• Data Protection Act

• Data Privacy laws

• European Employee Councils

• Adequately informing employees

17

18


18

In Summary……….

Active Monitoring enables:

• Near-real time alerting

• Remote rapid deployment of the recorder

• Support for remote-workers, Central-Branch architectures including international sites

• Client recorder: extremely small, untraceable foot print

• Detailed, web and secure document based reports for business managers

• Detailed evidence of violations including supportive video

• Identify how & when and all involved parties

19


19

Questions?

Enterprise Health Financial

Thank You!