The Insider Threat

Posted by: Steve Hamm on January 20, 2006

The idea of companies spying on their employees creeps me out. Yet I realize that businesses have to protect their personal and proprietary information from insiders just as carefully as they protect it from hackers who try to break in from the outside. That’s why I was interested in hearing about anti-theft technology from Vontu, a San Francisco software company. It tracks the location and flow of valuable information in corporate networks rather than looking over the shoulder of individual employees. There are dozens of companies focusing on outsider threats—from break in to viruses to spam. But, so far, only a few target inside threats. “Companies have built walls around themselves, but what if you’re inside the walled city and you’re taking stuff out?” says Joseph Ansanelli, the CEO of the four-year-old company.

It’s no idle threat. Of about 100 corporate breaches or losses of information that were made public in the past year, about half were from the inside—and about half of those were straight-on thefts of information by employees. The most notable case came when personal and account information for about 670,000 New Jersey banking customers was stolen from Bank of America, Wachovia, Commerce Bancorp, and PNC. Police say a man who posed as the head of a collection agency paid senior bank employees to hand over the account information—then he resold it to law firms and collection agencies. Nine people, including seven bank employees, were arrested in the case.

Read on to learn how Vontu’s technology could spot breaches like this while they’re happening:

Ansanelli and his co-founders discovered the insider threat when they were running a previous company, Connectify, which made software for running call centers. In call centers, they realized, companies were making themselves incredibly vulnerable to insider theft. They collected lots of data about customers and gave ready access to it to employees who, in turn, had easy access to the internet. “We were creating a perfect storm says Ansanelli. “Centralized data. Lots of access. Easy Distribution.”

So, after selling Connectivy to Kana, they formed Vontu to come up with answers to the insider threat. The first product, out in 2003, was a monitor that spotted sensitive information on the way out of the organization through e-mail or instant messenger. Last year, Vontu added capabilities for spotting confidential information improperly stored in computer servers or PCs, and for stopping and quarantining information on the way out of a company’s network.

Vontu spots sensitive data in three ways. Described content matching: A set of heuristics that look for patterns in data that would signal, for instance, if it contains social security numbers or computer source code. Exact data matching: A huge database that contains copies of all sensitive documents. A search engine looks for exact matches in documents at rest or in motion within the network. Indexed document matching: For unstructured data, such as source code or a document describing financial info, it creates an index that makes it possible to find pieces of information taken from the documents.

Apparently the technology works pretty well. The privately-held company just announced bookings up nearly 400% for 2005. New customer wins last year included Prudential Financial, Citizen’s Bank, and American National Insurance Co. Venture capitalists are clustering. Vontu raised $10 million last year from Benchmark Capital, Venrock Associates and others.

TrackBack URL for this entry: http://blogs.businessweek.com/mt/mt-tb.cgi/

Reader Comments

Jim Noble

January 22, 2006 07:51 PM

Isn't it funny, that Bank of America suffered data loss in 2005, when Vontu claims it to be one of their flagship customers?

I also find it funny that they claim huge customer counts... how many of those are real?

Many other vendors in the same space also keep their customer lists private, but can prove their customer base.

I find it very interesting that Vontu makes claims like this, which make the entire industry seem like snake oil salesmen.

Thanks for nothing Vontu.

Todd Hooper

January 26, 2006 02:10 PM

Great article Steve. The industry is starting to see beyond the old paradigm of networks being under seige solely from the outside. With the complexity of modern networks and intranets, the perimeter has
pretty much dissolved by now. The other driver is the financial motivations behind these breaches, which has become the emerging force in the last
few years. Attacks against the infrastructure are now serious attempts at fraud rather than the traditional vandalism done for kicks by script kiddies. CSO's need to look at more than just the perimeter in order to get better situational control of their networks.

John Peters

January 26, 2006 10:08 PM

Steve –

I agree completely with your post on the insider threat. At Reconnex, we have first-hand experience when it comes to the insider threats that enterprises and government agencies are facing today. We have performed over 100 e-Risk Assessments in Fortune 1000 companies to-date that show, in detail, that the insider threat is real. According to our latest Insider Threat Index, Instant Messaging has become a key tool for leaking confidential information. Reconnex's e-Risk Assessments have found that 69 percent of all the Fortune 1000 companies monitored were leaking sensitive information via IM. In the months of September and October, 2005, 78 percent of companies monitored exposed social security numbers and 33 percent exposed credit card numbers. All this is just supporting evidence that Fortune 1000 companies need to understand that the insider threat is real, and that they must take action immediately to better understand -- and mitigate -- their risks.

John Peters
CEO
Reconnex

Post a comment

 

About

BusinessWeek writers Peter Burrows, Cliff Edwards, Olga Kharif, Aaron Ricadela, Douglas MacMillan, and Spencer Ante dig behind the headlines to analyze what’s really happening throughout the world of technology. One of the first mainstream media tech blogs, Tech Beat covers everything from tech bellwethers like Apple, Google, and Intel and emerging new leaders such as Facebook to new technologies, trends, and controversies.

Categories

 

BW Mall - Sponsored Links

Buy a link now!