The Insider Threat
Posted by: Steve Hamm on January 20, 2006
The idea of companies spying on their employees creeps me out. Yet I realize that businesses have to protect their personal and proprietary information from insiders just as carefully as they protect it from hackers who try to break in from the outside. That’s why I was interested in hearing about anti-theft technology from Vontu, a San Francisco software company. It tracks the location and flow of valuable information in corporate networks rather than looking over the shoulder of individual employees. There are dozens of companies focusing on outsider threats—from break in to viruses to spam. But, so far, only a few target inside threats. “Companies have built walls around themselves, but what if you’re inside the walled city and you’re taking stuff out?” says Joseph Ansanelli, the CEO of the four-year-old company.
It’s no idle threat. Of about 100 corporate breaches or losses of information that were made public in the past year, about half were from the inside—and about half of those were straight-on thefts of information by employees. The most notable case came when personal and account information for about 670,000 New Jersey banking customers was stolen from Bank of America, Wachovia, Commerce Bancorp, and PNC. Police say a man who posed as the head of a collection agency paid senior bank employees to hand over the account information—then he resold it to law firms and collection agencies. Nine people, including seven bank employees, were arrested in the case.
Read on to learn how Vontu’s technology could spot breaches like this while they’re happening:
Ansanelli and his co-founders discovered the insider threat when they were running a previous company, Connectify, which made software for running call centers. In call centers, they realized, companies were making themselves incredibly vulnerable to insider theft. They collected lots of data about customers and gave ready access to it to employees who, in turn, had easy access to the internet. “We were creating a perfect storm says Ansanelli. “Centralized data. Lots of access. Easy Distribution.”
So, after selling Connectivy to Kana, they formed Vontu to come up with answers to the insider threat. The first product, out in 2003, was a monitor that spotted sensitive information on the way out of the organization through e-mail or instant messenger. Last year, Vontu added capabilities for spotting confidential information improperly stored in computer servers or PCs, and for stopping and quarantining information on the way out of a company’s network.
Vontu spots sensitive data in three ways. Described content matching: A set of heuristics that look for patterns in data that would signal, for instance, if it contains social security numbers or computer source code. Exact data matching: A huge database that contains copies of all sensitive documents. A search engine looks for exact matches in documents at rest or in motion within the network. Indexed document matching: For unstructured data, such as source code or a document describing financial info, it creates an index that makes it possible to find pieces of information taken from the documents.
Apparently the technology works pretty well. The privately-held company just announced bookings up nearly 400% for 2005. New customer wins last year included Prudential Financial, Citizen’s Bank, and American National Insurance Co. Venture capitalists are clustering. Vontu raised $10 million last year from Benchmark Capital, Venrock Associates and others.