Security company touts new approach on insider threat

Oakley Networks, which has been selling its technology for information-leakage detection and prevention to government agencies for five years, plans to release this week a product that also can be used by non-government entities.

The product, SureView, takes what the company says is a new approach to blocking insider threats by working at the application-event level, such as when a file is printed or saved. That differs from other companies' products that work at the network level.

SureView, which consists of a tamperproof appliance and agents deployed on desktops, is designed to prevent sensitive or proprietary information leaks through real-time monitoring of end-user activity and collecting event data from applications, says Oakley Networks' CEO Derek Smith.

Those applications include e-mail, Web mail, instant messaging, VoIP programs, browsers, Microsoft Office products, as well as information saved on USB storage devices, CDs and DVDs, or data that is printed or encrypted, he says.

Event data fed to SureView is analyzed against policies, both predefined and those set by an enterprise, to flag any violations. For example, if an employee in the finance department normally works Monday through Friday from 9 a.m. until 5 p.m. unexpectedly comes in on a Sunday morning and starts printing documents, that would likely be a policy violation, Smith says.

If a breach is encountered, SureView sets off alarms; administrators can use the Replay in Context feature that offers a "videolike view" into user activities, including keystrokes, mouse movements, documents opened and Web sites visited.

SureView's agents also let administrators monitor and analyze data before it is encrypted, or hidden, protecting enterprises from an insider's intent to pass sensitive information outside the company network, Smith says.

Oakley has decided to enter the commercial market because of the heightened awareness over the past year among enterprises to insider threats, Smith says. "We think there's really been a mind shift on the part of corporate America that they need to get out in front of this problem," he says.

There are other ways that enterprises can protect against insider threats, such as tightening the controls around identity management and taking advantage of encryption, says Trent Henry, senior analyst with Burton Group. But, as is often true with security, enterprises may want to layer multiple leakage detection and prevention efforts to improve protection.

"The technology is definitely strong and can be effective; it comes down to how enterprises end up deploying this along with a number of other security protections," Henry says.

SureView is priced starting at US$100,000. That covers the cost of the appliance and agents for 100 users, as well as consulting support.

Join the newsletter!

Error: Please check your email address.

More about Burton GroupMicrosoftOakley

Show Comments

Market Place