Two British companies have come up with a new system that will monitor company PCs for abuse, including criminal activity.
Security company 3ami and storage specialist BridgeHead Software Ltd. claim the Monitoring, Auditing & Security (MAS) system is able to track and store details of every action performed at a PC over time, including taking screenshots of open applications. This information could be retrieved at a later point and would be time-stamped to be legally admissible if a situation went to court.
Examples of abuse are detection of conventional issues such as time wasting and the installation of unapproved software, but the system would also track more sophisticated problems such use of derogatory language in emails, copying of confidential files, and attempts by criminals to subvert organizations from within.
It will also track when users try to hide their tracks by saving files with new file names, copying them to any attached drives or using external applications such as Webmail to send them out of the network.
The monitoring system and management console had been developed by 3ami and released as a stand-alone product several months ago but adding Bridgehead Software’s storage management component had increased its attractiveness and power, said 3ami managing director Tim Ellsmore. Organizations needed the ability to study records of PC activity going back months or even years.
“We are aiming at the sector where it is a requirement to know where files have gone,” he said, indicating the system had been trailed by unnamed U.K. police forces, local government authorities and financial services companies who had been interested in its mix of compliance and security capabilities. Captured data could be backed up continuously or daily, depending on what suited the customer, with storage requirements for a typical PC being approximately 16.4MB per month. The administration console allowed this data to be retrieved at a later point under a number of time, user and random search parameters.
The system requires a PC or laptop to be loaded with a piece of client software, raising the obvious point that attackers might try and compromise a network using a device — a laptop brought into the company premises for instance — that didn’t have the software. According to Ellsmore, companies would still need to have separate monitoring systems to counter this threat.
Similarly, ensuring that a particular individual could be tied to the use of a particular PC at a particular moment in time would require companies to introduce secure working methods. Ideally, people leaving PCs unattended would use a security procedure, such as logging out, for the period of time they were absent to avoid someone else “borrowing” their computer.
“It isn’t about putting in a wonderful application. The organization has to take responsibility,” added Ellsmore.
Big Brother software monitors are ten-a-penny but MAS is unusual in its comprehensiveness. It will literally tell you everything that has been done at a particular PC and, moreover, give you a searchable record of this activity over almost any period of time.
The system does come at a price however. Storage requirements can obviously be very high, depending on how long a period of time a company wants to track PC usage. Up front, it is not particularly cheap either, with a quoted price (based on 1,000 clients) of