How does a security officer discover an insider using DLP-system?
10.06.2021
Are you sure that you can trust your employees? Don’t you worry about those who work with sensitive information? Can you be sure that among the employees there isn’t an insider who secretly sends important documents to unknown people? Today we are going to speak about who is a security officer and how they can help in discovering the insider.
A security officer is an expert who watches over business’s interests. They protect important and valuable information of the company. Using different software, they counteract hackers’ attacks and phishing attacks, and discover information security incidents. Let’s see how does the security officer discover insiders within the company’s network with the help of DLP-system SecureTower.
To clarify the meaning of the term “insider”, usually it is a person who causes damage to business by their actions or inactions on purpose or unintentionally.
Each employee is a possible insider. Some of them “mean well”. For example, they print sensitive documents to work with them at home, but then lose them or leave unattended in public place. Some of the employees are too trustful by nature – they often become victims of hackers using social engineering methods. Of course, there are employees who steal data on purpose, send them to third parties or use with their own purposes. For example, they blackmail the company to gain finance benefit.
How can the DLP-system help? SecureTower is equipped with a great number of tools to analyze the employees’ activity and discover data leaks. Here is how it works:
Step 1. The security officer develops security policies that help to track events related to information security such as transmitting of important documents, employees’ working with them. When the security policy triggers, the security officer gets a notification. Now they can move from control of general activity to observing an incident in detail.
Step 2. The security officer investigates the incident. At their disposal, they have tools that can help:
- To analyze the employees’ activity in retrospect. These tools help to reveal all partners in crime. With the help of SecureTower, it is possible to understand the employee’s intentions, whether they work on their own, who are partners in crime, what are the roles of each of them etc. The system shows the whole picture of interactions: the employees’ correspondence with each other and with people from outside the corporate network, transmission of important documents, copying them to external storage devices or printing them.
- To observe the current activity of the employees. It is possible to configure the webcam recording, monitoring or keylogger to track the activity of the employees that require special attention. Also, the system can make screenshots of the employees’ desktop. It helps to observe the employees’ activity in detail and analyze their intentions and incident scale.
Step 3. The security officer creates a case within SecureTower. Here they can store all materials related to the case. They can also make notes with their thoughts about the incident.
Step 4. All collected materials can be exported from the system in digital format or printed to be presented to the chief.
As a result, the chief has all necessary information to make a decision about following actions: what segments of security should be enhanced and what to do with the insider. Depending on the incident consequences, the following measures can be taken: from information security instruction to disciplinary sanction or dismissal. Materials collected by the system can be used in court as the evidence base.