A product that records ‘admissable in a court of law’ quality videos of employees when they break cyber security policy is launching in Australia.
SureView Insider Threat takes an ‘over-the-shoulder view’ of a user’s desktop when they do anything deemed suspicious by their employer.
The company behind the product, Forcepoint, owned by US defence contractor Raytheon, said video from the playback feature had been used in court cases and for a number of out-of-court settlements.
“When there is a dispute about what actually took place, the common case is, it usually ends up getting settled prior to going to court,” said Forcepoint’s director of product management Kelly Harward. “Because you sit down with somebody and there’s some ambiguity about what took place and you watch that video together and say ‘Okay, it’s pretty clear what happened here’. That’s usually the way things go.”
Harward cited one example at an unnamed large engineering firm which was reducing staff numbers. The severance package of engineers was dependent on them not taking intellectual property from the company during the transition period.
“There were a number of engineers that violated the terms and were ultimately, as a result of that, dismissed without the severance,” he said.
A lawsuit was brought against the firm by the group of engineers for wrongful dismissal.
“When our customer was able to present desktop video evidence of what exactly those people had done around theft of IP, the suit was dropped.”
Forcepoint accompanied the product announcement with a survey of 34 leading Australian CISOs. Nearly a third reported that they faced malicious data leakage from within their organisation and nearly all said they definitely or might have been exposed to an insider threat.
Commonly, the product's video feature was used in cases of sales people taking contact dumps from Salesforce before leaving a company, and developers taking code to give them a head start in their next job, Harward said.
“That’s what we see typically, it’s not the criminal mastermind, that typical stock image of the guy with the ski mask sitting at a computer trying to steal the crown jewels. It’s just somebody that’s made a justification that this is okay.”
The product collects data including the desktop video capture, files involved in file transfers, and inbound and outbound emails with attachments, in a hidden cache at the endpoint.
It also collects metadata which is used to create a shortlist of users that are behaving in anomalous or potentially risky ways. The full data of these users is then presented to an analyst for assessment.
The shortlists are determined by algorithms based on anomalous behaviours, Harward said.
“So it gets away from that aspect of profiling and the potential for abuse there among investigators to say 'I’m curious about my colleague or someone I have a connection with'. To say 'I’m going go and dig in and watch what they’re doing'.”
Long established in the US, Forcepoint is now in the process of expanding globally. The company said when launching in Europe it had faced some “pretty stringent regulatory requirements around user privacy”, but they had not impeded its ability to bring the product to market.
"However, Forcepoint have been careful to advise potential customers on how each aspect of the product can be deployed in line with relevant regulations," the company said.
In Australia, only New South Wales and the Australian Capital Territory have specific laws relating to employee surveillance, which only require businesses to notify employees they may be monitored.
The Australian Law Reform Commission recommended that laws in the area be brought up to date for the ‘digital era’ and deemed them ‘inconsistent’.