Without an insider threat game plan, corporations are leave a gaping hole in their security strategy. The average time it takes for a corporation to detect a data breach is over five months! If you have critical data to protect, having an incomplete insider threat strategy puts your corporation in significant jeopardy.
With up to 60% of breaches coming from insider threats, it’s critical that corporations proactively monitor all endpoints for the rapid detection of internal breaches. Cerebral agents can be deployed on Windows, MAC, Android devices as well as Windows servers (prime targets for attackers posing as insiders, utilizing compromised credentials). Cerebral protects both physical and virtualized endpoints.
Data Breach Response (DBR) is critical to minimizing the impact of a breach. Once the alarm is sounded, how quickly can you react? Cerebral’s Time-Capsule DVR lets you see video of the incident, as it unfolded. This visibility allows you to immediately delineate false alarms from a real threats and take immediate action with 100% confidence.
User Activity Monitoring (UAM) + User and Entity Behavior Analytics (UEBA) + Data Breach Response (DBR)
Cerebral provides an end-to-end integrated Insider Threat detection platform that maximizes both security and efficiency while providing the concrete proof to take legal action.
Cerebral monitors and analyzes all user activity at the endpoint, including:
Significantly more sophisticated than browser history, Cerebral records and maintains information about web activity, including web mail usage, file uploads and how long a user was engaged or active on a site.
Cerebral watches access to workstations and servers for unusual access by IP addresses, geolocation and more.
Capture and analyze communication activity in traditional email clients as well as many popular webmail services. A searchable system of record that can be alerted and reported on.
Capture, scan, alert and report on communications activity occurring on commonly used messaging apps; creates a definitive record for compliance and investigative uses.
Using computational linguistic analysis, Cerebral can identify and categorize opinions expressed in email text or chats to determine the writer's sentiment and sentiment changes that can point towards disgruntled workers and possible security risks.
Autonomously captures connections made by applications, including ports used and bandwidth consumed as well as time and location of connection.
Tracks activities on local, removable, and cloud storage, as well as print operations. See when files are created, edited, deleted or renamed.
When needed, the option to record every keystroke, including “hidden” characters and combinations, insures you have the visibility you need into the activity of highly privileged users.
Captures all application usage to provide true reporting on what applications are being used, by who, and for how long.
Data on the location of a mobile device can be tracked as well as configured to alert security when a user device enters a restricted location or moves outside a specified geographic area.
Produces an accurate record of session time and activity. Tracks log-on and log-off times but does not rely on log-off to identify when session activity ends.
Be alerted when employees access .onion sites.
When Cerebral identifies a possible threat, it immediately notifies the security team. With an extremely low false positive rating (<2%). Cerebral’s alerting maximizes the efficiency of the security team by eliminating the need to have people constantly monitoring employees, hoping to find an issue.
With the average time of a breach detection reaching over five months, it’s obvious that many companies are not receiving breach alerts fast enough. With the ultimate goal of keeping the compromised data securely in house, alerting is critical to rapidly locking down and responding to the breach.
Once an alert is received, Cerebral's Time-Capsule DVR gives you the ability to look directly at a video of the user’s screen.
The ability to see the user move their mouse across the screen as they open files, download data or surf the internet is invaluable in rapidly determining whether the user’s actions are benign, a hazardous mistake or deliberately malicious. You can scroll back and see what the user did 5 minutes, 5 hours or 5 weeks ago, letting you:
Once a breach is identified, Cerebral’s video playback allows you to react immediately and with 100% confidence. There are no more lengthy investigations to determine what a network alert actually means. You can react in minutes, notifying HR, management, operational security and even law enforcement. Additionally, the ability to look at video from days, weeks or months ago allows you to investigate the attack strategy as well as identify accomplices, outside and inside the organization.
Pictures are worth a thousand words, and nowhere is this more true than in the legal system. The Cerebral screen recordings can be exported as timestamped images or video files, creating vital evidence in inter-company disciplinary action as well as in legal proceedings. Veriato's detailed logs, reports, images and video evidence have been used in hundreds of cases worldwide to successfully prosecute malicious insiders.
Humans are always the weakest link in any security strategy, therefore user endpoint monitoring is crucial for insider threat security.
Cerebral agents can be deployed on Windows and Mac workstations, Windows Servers, as well as Android devices. They can be deployed in physical or virtualized environments.
Because it’s the users’ activity that we’re really concerned with (not the device), Cerebral will follow users from device to device, creating a cross platform, network wide analysis of all users.
Cerebral’s endpoint agent is very light weight and will not impact performance of the endpoint device or network traffic. The agent is intelligent and self-aware, slowing its processing and transmissions when it detects heavy workloads on the endpoint or traffic on the network. Additionally, if the agent health monitor encounters any issues on the endpoint, it will report back to the Cerebral management console.