Insider Threat Detection

Every employee with access to information stored on the company's computers is a potential insider. The potential harm an insider can cause is classified as an insider threat. The confidential information most frequently stolen by insiders includes passwords, client databases, supplier data, personal information of clients, employee personal information, financial reports, etc.

Insiders have a significant advantage over external enemies: they are very difficult to detect.

DLP system OctoWatch employs real-time monitoring of user actions to detect early signs of internal threats.

The rules system is configured to ensure active protection against all types of insider activities, such as data theft, fraud, industrial espionage, sabotage, and more.

How OctoWatch Protects Against Insiders and Information Leaks

Recording All Employee Actions on the Computer

OctoWatch records every user action. There are 10 observation objects, such as: screen image, running applications, websites, file operations, emails, printed documents, and more. Access to this information can be restricted.

Detection and Mitigation of Threats

Once you identify the most risky operations, such as: copying files to a flash drive, uploading files to Yandex.Disk or Dropbox, or launching unsigned applications, you need to create appropriate rules. You can prohibit operations or configure alerts.

Protection of Confidential Data

In OctoWatch, you can block email sending for specific employees or groups of users outside the company domain. You can set up automatic notifications when a user prints a confidential document from a shared folder in the local network, enters suspicious text, attempts to photograph the screen, or copy a document to a USB drive.

Data Collection for Evidence

Records showing malicious user actions (e.g., correspondence on social networks, history of file copying or deletion, etc.) are always accompanied by screenshots (and audio recordings if a microphone is available). The system will store this data for as long as you need. This data can be used as evidence in court or when filing a case with law enforcement agencies.

Control of System Administrators and Other Privileged Users

In OctoWatch, you can create special rule profiles for system administrators and department heads. There is also the option to disable tracking of some or all observation objects for a particular user or an entire department.

Try for free for 14 days

 

 

 

WhatsApp Logo