Employee Misuse Detection

Companies tend to trust users (employees and contractors) within its borders. However, a certain fraction of them always tend to cross the borders and tend to do things like

• Transfer unusually large amounts of data
• Access sensitive data and copy them from file servers
• Connect unauthorized computers and devices (rogue devices) to the network
• Upload and download huge amounts of data or sensitive information across to the Internet
• Play video and engage in other entertainment activities
• Share illegal files using P2P programs
• Share files through instant messengers
• Use external email servers
• Knowingly or unknowingly become supernodes in P2P networks, causing massive amounts of traffic
• Create tunnels to outside bypassing company firewall
• Connect their own routers and wireless access points inside
• Run separate operating systems and virtual machines beyond company policy
• End up being victims of phishing attacks and malicious web sites, causing their machines to be taken as zombies as parts of botnets
• ...

Misuse by insiders appears in nLive as problems (of various severities), as abnormal traffic as well as in the form of 'high score'. Within minutes of deployment, it is often the case that employee misuse is detected right away. Color coding of the abnormal traffic in graphs and tables makes it easier to spot. It is often the case that most of the misuse is from a small subset of employees. Once these are taken case, the network starts to run cleaner and that can happen within days of installing nLive.

It is also possible to search for specific activities such as "youtube" for online videos or "Entertainment Activities" for Internet activities that are out side of company business.