SA-based information security company Scapecom has come up with a solution that it believes will curtail white-collar crime, which took a marked climb during the economic downturn.
Gareth Phillips, Scapecom CEO says it took the company a total of two years to develop the solution, called Mimic.
“After two years of intense development, Mimic then underwent a further six-month rigorous testing phase, which included the implementation of the application at a number of pilot sites. The application has passed our stringent QA process and is now ready for the market,” says Phillips.
Describing Mimic, Phillips says it is an agent deployment solution for small- to large-scale enterprises. He explains that agents are installed across the enterprise, for instance, business critical servers that require security monitoring.
“The agent records all interactive graphical user sessions. These include local console log-ons, Dameware, VNC, [and] remote desktop, to name a few. All 'visual' logs and data are sent to the Mimic server console for correlation, indexing and storage.”
He adds that being event-driven, Mimic only records events triggered by the logged-in user, thus only recording appropriate data and significantly reducing the need for security administrators to have to scan through endless screens of log file reports.
Security administrators, Phillips adds, will have access to the Mimic server console where they can replay sessions, search for specific incidents or set-up policies and alerts.
“So, essentially, instead of having security administrators read through countless lines of logs to figure out what users are doing on the servers, Mimic will provide visual log-ins a sort of video replay of user sessions,” he explains.
Suspicious user activities
According to Phillips, some of the benefits of deploying Mimic include its ability to monitor suspicious user activity in a particular business area.
He adds that the system also quickly discovers the root cause of a change control configuration error while giving detailed reports on access to business critical servers, providing accountability and service level agreement validation of managed services.
“Mimic is a software-based solution installed on systems. When a user logs into the server running an agent, Mimic will record each and every interaction that the user had with the system, date-stamping and encrypting these interactions.
“These are the things that the majority of log-monitoring systems lack today. Mimic displays all its findings in visual form; it's like having a security camera inside your server,” he notes.
Having worked in various sectors of the information security industry over the years, Phillips says he has seen massive increases in internal fraud as the harsh economic conditions peaked.
He was based within a semi-government institution at the time as a manager of an information security team, and investigated and exposed internal employees who managed to get hundreds of millions of rands out by 'fraudulent' transactions conducted from servers and workstations.
“As security software applications become more sophisticated, fraudsters are turning their attention more towards the softer and easier entry targets, namely the human element.
“Corporate organisations are investing millions in state-of-the-art hardware servers, software applications, and performance monitoring solutions, but choose to ignore the weakest link in their system, namely the 'fleshware', better known as the human component,” says Phillips.
Who last logged on?
He is of the view that although there are a plethora of management tools available, very little attention is paid to the 'human intervention factor', leaving IT administrators in an absolute quandary on how to respond to questions like: 'who last logged onto this server; and what exactly did they do while they were logged in?'
“The question that begs to be asked then is; 'who, at the end of the day, remains accountable for the integrity of our servers?'.
To arrest insider fraud, Phillips advices companies to first start off with implementing a solid foundation with regards to policies and procedures around the monitoring of servers, workstations and, most importantly, their employees.
He also recommends them to implement solid solutions to monitor, detect and protect sensitive information.
“The more information and data companies can gather as evidence relating to a specific incident, the better their chances are of securing a solid case against a 'malicious' employee, and in so doing, send out a clear message to would-be white-collar criminals”.
Share