SureView® Insider Threat
BUSINESS ASSURANCE WITHOUT DETERRENCE
Although technology introduces avenues for threats to enter an organization, it is the users, not the technology itself that put organizations' information in jeopardy. SureView® Insider Threat enables safe and effective use of business and mission-critical technologies by capturing technically observable human behaviors which include policy violations, compliance incidents or malicious acts that may be warning signs of an impending breach.
The Visibility and Context You Need To Eliminate Insider Threats
Only Raytheon's Insider Threat can effectively help you monitor your entire enterprise without disrupting business continuity. The policy platform pulls it all together and displays all enterprise activity in an intuitive visual dashboard. If a clear violation is detected, you can target specific events or individual users for investigation. Insider Threat provides all the details, insight, and complete context using video replay to immediately assess the severity of the threat, remediate the problem, and build the policies to prevent it from happening in the future.
Enabling the Discovery of Patterns in Big Data
The SureView Insider Threat data aggregator allows for the ingestion of external data sources to enhance the investigators' situational awareness. The analytics API provides an analysis framework that enables seamless integration with best-of-breed analytical tools including: risk assessment algorithms, anomaly detection, user trend analysis, role-based profiling and threat indicators in support of the insider threat mission.
Targeted Policies to Deter Insider Threats
SureView Insider Threat policy packs are based on business policies and best practices for detecting and deterring insider threats. SureView Insider Threat has many policy packs that target specific business problems such as privileged user abuse, PCI compliance, HIPPA compliance, etc.
Threats Begin at the Endpoint
SureView Insider Threat provides visibility into the many areas that network devices can't, including:
- Deliberate, malicious acts such as IP theft, fraud or sabotage which easily circumvents most data leak solutions.
- Mobile and internal users that "take themselves offline" or use encryption to avoid detection.
- Preventing export violations when intellectual property is inadvertently sent to restricted countries.
- Suspicious activity within applications, including Lotus Notes, custom deployments of Enterprise Risk Management (ERM), and other internal applications.
- "Leading indicator" actions, such as a "screen capture" that has been encrypted and saved to a USB drive.
- Simplified policy management
- Privacy protection
- Universal SIEM Integration
- Log analysis
- DVR-like replay
- Full activity capture
- Role-based access controls (RBAC)
- Provides incident replay including full event endpoint video recording and custom applications
- Reduces dependency on technical expertise
- Enables safe and effective use of business and mission-critical technologies
- Measures the impact of new and existing threats and compliance in real time
- Monitors endpoint user and system activity, including data-at-rest
- Scalable solution with highly stable agent
- Detects policy violations hidden by encryption, including web traffic, e-mail and attachments
- Promotes prompting and remediation for accidental data leak prevention
- Monitors offline activity for mobile and deliberately disconnected users
Webinar: Intelligence-driven Incident Response
3rd Party Reports: