Catelas Insider Threat Monitoring and Investigations solution allowed our client to catch employees that were stealing valuable information – in minutes!

Background

Companies are at risk when existing employees or contractors steal valuable IP or commercial information. Departing employees, who have yet to resign, have access to sensitive information or intellectual property. As part of their termination policy, our client (a leading technology services company), required that certain key employee laptops be analyzed prior to their exit interview. With limited resources available, however, our client only had the time and resources to review e-mails for the previous 30 days…too short a time to properly determine if there were any nefarious activities taking place.

Our client did have a keyword based DLP system in place to monitor for information theft. This system was very good at detecting Personally Identifiable Information (PII) such as social security numbers and credit card numbers. It performed poorly, however, when used to detect confidential information in email using keyword terms such as ‘Confidential’. It was discovered, that amongst the thousands of false positives that were reviewed per week, many emails contained the words ‘confidential’ in every email. While better rules were built, the false positive count remained high, with little idea as to what may have been missed.

Solution

the Catelas Insider Threat Monitoring solution was deployed and went live within 24 hours. Deployed on a single server, few IT resource were required to deploy Catelas and since only the log files were analyzed, no email server integrations were required. Non-keyword behavioral rules were deployed and immediately begin to uncover many areas where employees moved sensitive information freely between corporate and webmail accounts. Additionally, instances were identified where confidential information was being shared with partners who also worked with competitors.

The Catelas Monitoring solution also automatically identified employees before they resigned because it was able to detect a behavioral change. When employees did resign, exit security reports were conducted in 20 minutes and covered the previous 6 months – a 90% reduction in effort while covering 6 x times more data.

Value

Catelas plugged the gaps left by traditional keyword based solutions, allowing our client to greatly decrease the Insider threat and protect its valuable IP & commercial assets. Because the monitoring solution produced few hits, it consumed considerably less resource than the keyword based monitoring solution did. The Investigative solution was fast, which allowed more investigations to be conducted, more thoroughly and in less time than the traditional keyword search based investigative solutions.