Express: eBay for the Rest of Us |
| What's Wrong At Marc Andreessen's Ning?
January 20, 2006
The Insider Threat
The idea of companies spying on their employees creeps me out. Yet I realize that businesses have to protect their personal and proprietary information from insiders just as carefully as they protect it from hackers who try to break in from the outside. That’s why I was interested in hearing about anti-theft technology from Vontu, a San Francisco software company. It tracks the location and flow of valuable information in corporate networks rather than looking over the shoulder of individual employees. There are dozens of companies focusing on outsider threats—from break in to viruses to spam. But, so far, only a few target inside threats. “Companies have built walls around themselves, but what if you’re inside the walled city and you’re taking stuff out?” says Joseph Ansanelli, the CEO of the four-year-old company.
It’s no idle threat. Of about 100 corporate breaches or losses of information that were made public in the past year, about half were from the inside—and about half of those were straight-on thefts of information by employees. The most notable case came when personal and account information for about 670,000 New Jersey banking customers was stolen from Bank of America, Wachovia, Commerce Bancorp, and PNC. Police say a man who posed as the head of a collection agency paid senior bank employees to hand over the account information—then he resold it to law firms and collection agencies. Nine people, including seven bank employees, were arrested in the case.
Read on to learn how Vontu’s technology could spot breaches like this while they’re happening:
Ansanelli and his co-founders discovered the insider threat when they were running a previous company, Connectify, which made software for running call centers. In call centers, they realized, companies were making themselves incredibly vulnerable to insider theft. They collected lots of data about customers and gave ready access to it to employees who, in turn, had easy access to the internet. “We were creating a perfect storm says Ansanelli. “Centralized data. Lots of access. Easy Distribution.”
So, after selling Connectivy to Kana, they formed Vontu to come up with answers to the insider threat. The first product, out in 2003, was a monitor that spotted sensitive information on the way out of the organization through e-mail or instant messenger. Last year, Vontu added capabilities for spotting confidential information improperly stored in computer servers or PCs, and for stopping and quarantining information on the way out of a company’s network.
Vontu spots sensitive data in three ways. Described content matching: A set of heuristics that look for patterns in data that would signal, for instance, if it contains social security numbers or computer source code. Exact data matching: A huge database that contains copies of all sensitive documents. A search engine looks for exact matches in documents at rest or in motion within the network. Indexed document matching: For unstructured data, such as source code or a document describing financial info, it creates an index that makes it possible to find pieces of information taken from the documents.
Apparently the technology works pretty well. The privately-held company just announced bookings up nearly 400% for 2005. New customer wins last year included Prudential Financial, Citizen’s Bank, and American National Insurance Co. Venture capitalists are clustering. Vontu raised $10 million last year from Benchmark Capital, Venrock Associates and others.
TrackBack URL for this entry:
Listed below are links to weblogs that reference The Insider Threat:
Views on insider threats from Waterloo Systems
Although we provide services in this domain, we try to maintain an objective view of security monitoring technology, and focus on it as tool that can be used for many purposes. This article on Business Week entitled The Insider Threat takes a deeper ... [Read More]
Tracked on January 20, 2006 10:10 PM
Isn't it funny, that Bank of America suffered data loss in 2005, when Vontu claims it to be one of their flagship customers?
I also find it funny that they claim huge customer counts... how many of those are real?
Many other vendors in the same space also keep their customer lists private, but can prove their customer base.
I find it very interesting that Vontu makes claims like this, which make the entire industry seem like snake oil salesmen.
Thanks for nothing Vontu.
Posted by: Jim Noble at January 22, 2006 07:51 PM
Great article Steve. The industry is starting to see beyond the old paradigm of networks being under seige solely from the outside. With the complexity of modern networks and intranets, the perimeter has
pretty much dissolved by now. The other driver is the financial motivations behind these breaches, which has become the emerging force in the last
few years. Attacks against the infrastructure are now serious attempts at fraud rather than the traditional vandalism done for kicks by script kiddies. CSO's need to look at more than just the perimeter in order to get better situational control of their networks.
Posted by: Todd Hooper at January 26, 2006 02:10 PM
I agree completely with your post on the insider threat. At Reconnex, we have first-hand experience when it comes to the insider threats that enterprises and government agencies are facing today. We have performed over 100 e-Risk Assessments in Fortune 1000 companies to-date that show, in detail, that the insider threat is real. According to our latest Insider Threat Index, Instant Messaging has become a key tool for leaking confidential information. Reconnex's e-Risk Assessments have found that 69 percent of all the Fortune 1000 companies monitored were leaking sensitive information via IM. In the months of September and October, 2005, 78 percent of companies monitored exposed social security numbers and 33 percent exposed credit card numbers. All this is just supporting evidence that Fortune 1000 companies need to understand that the insider threat is real, and that they must take action immediately to better understand -- and mitigate -- their risks.
Posted by: John Peters at January 26, 2006 10:08 PM