murrayhill
Tech Sniffs Employee Offenders
By Michelle Delio / Also by this reporter Page 1 of 1
02:00 AM Dec. 13, 2002 PT
NEW YORK -- There are no bodies, bones or blood to analyze. No pondering over a piece of decaying evidence that was once part of a human being.
But the forensics software on display at this year's Infosecurity 2002 tradeshow is enough to spook corporate employees everywhere.
Computer forensics applications are typically used to investigate computer crimes and to preserve digital evidence so it's usable in court. But these applications aren't just for law enforcement officials anymore. Computer forensics software is helping stop corporate crime before it happens.
The software watches what employees do, and in some cases matches that usage data with employees' personal profiles to pick out the worker who is most likely to turn to a life of crime.
"There's a growing acknowledgement among executives that insiders can do more damage than the smartest outside hacker," said Nicholas Natella, a Manhattan systems administrator.
"And there's also a sense that if you don't protect information from insiders, the company could become embroiled in a really ugly lawsuit."
Some systems administrators at large companies said they are increasingly being asked to quietly collect digital evidence on difficult employees -- those who are in danger of being fired, or who have just been fired.
Companies are also employing snoopy software to make sure their employees aren't stockpiling corporate secrets.
Products like EnCase Enterprise Edition keep a wary eye out for both outside and inside attacks. EnCase scours the network to see if employees possess "unauthorized information" in order to help the company protect itself against fraud, legal problems and other issues.
Savvydata's RedAlert goes a step further, collecting, consolidating and analyzing internal and external employee information to determine an individual's threat to the organization. Savvydata claims RedAlert can predict which employee is most likely to be involved in malicious activities such as theft of sensitive information.
RedAlert 2.0 includes the company's newest security offering, Intelligent Information Dossier plus. IID+ is an optional subscription-based component that allows corporate IT folks to research employees' criminal histories, credit information, financial asset details, friends and associates.
That data can be combined with RedAlert's collection of internal data -- such as what files employees accessed, the contents of their e-mails and what company policies they violated -- to draw what Savvydata reps describe as a "clear picture that can be used in determining an employee's risk to your organization."
"RedAlert totally freaked me out," said Jeff Newhouse, a systems administrator for a Wall Street firm. "I understand why you'd need something like this if you are the CIA, but for standard biz use ... I just don't think I'd work at a company that used these sorts of tools."
"I figure companies are damned if they do and damned if they don't," said Nick Freson, a systems administrator from Brooklyn. "They get blamed if they don't audit their systems for employee fraud, and they get blamed if they do."
Not all the software on display is aimed at detecting employees who are running amok. Some of the applications being demonstrated are simply intended to make a computer forensics investigator's life easier.
WetStone Technologies is demonstrating NEXTWitness, a Web-based forensic data collection tool that captures, timestamps and then seals records of website content that can be used for digital evidence.
WetStone also demonstrated Time Lock Biometric, which uses fingerprint authentication to prove who authored a Microsoft Word document.