Overview

Spector 360 Recon is a User Behavior Analytics solution. It detects changes in human behaviors that suggest insider threat, and alerts when those changes are detected. Alerts flow into SIEM solutions, and / or can be sent directly to appropriate company personnel. The software is focused on detecting threats related to data security – identifying behavioral anomalies that suggest data exfiltration potential. It learns what normal behaviors exist within the organization, and watches for deviations from those established patterns across a wide range of methods used to move data out of company control. These include things like use of personal cloud solutions, email, file transfers, all the way down to low tech methods like printing. Unlike DLP solutions which focus on the asset, Recon focuses on the actions and behaviors of the insiders themselves. This means it detects things that solutions that are not specifically tuned to look for insider threats – threats emanating from people with authorized access – simply miss. The software uses machine learning and statistical analysis to baseline behavior and flag anomalies, in contrast to some solutions that use a significantly less effective rules-based approach. Recon is differentiated from other User Behavior Analytics offerings by focusing on both “technical” indicators (for example, changes in the usage of Dropbox) and “psycho-linguistic” indicators. By examining changes in communications patterns – for example, shifts in sentiment, and shifts in pronoun usage that have been shown to indicate insider threat activity – Recon is able to detect insider risk early, and provides invaluable information that can assist security teams with prioritization. With the continued revelations on insider driven data breaches and thefts, organizations must deploy focused insider threat detection programs. Recon is a powerful component of those programs.