Spectorsoft, a computer monitoring and analysis tools developer announced on Tuesday a connector for Splunk Enterprise – a platform for real-time operational intelligence. The connector will allow Spectorsoft’s employee monitoring tool – Spector 360, to deliver user activity data and alerts to Splunk implementations so that insider threats such as security breaches, data thefts and fraud can be timely detected and thwarted.
“Insider threats are not easy to detect, as they involve individuals that have been granted proper access but use that access improperly. By including user activity data and alerts from Spector 360 in Splunk implementations, our customers can reduce the risk of security breaches, data theft and Fraud,” explains the COO at SpectorSoft, Mike Tierney.
“This adds a dimension of analysis that enables data from computer and network activity to be correlated with employee activity data, providing a level of insight that is unprecedented in the industry and ultimately protects a company‘s valuable assets,” he added.
A recent SpectorSoft 2014 Insider Threat Survey pointed out that almost 65 percent of IT respondents reported witnessing an insider attack, with 75 percent insider crimes going unnoticed. Spector360 helps Splunk users identify nuances of human behaviour that might indicate abuse of authorized access—from phrases used in email to the moving of IP to a personal cloud—and carry out necessary investigation thus providing visibility into user actions performed within applications, behind encryption or on cloud-based solutions, informs a Spectorsoft press release.
In the wake of the recently disclosed insider breach at AT&T and internal threats emerging as the leading cause of data breaches, Spector 360 assures to empower IT security teams to detect insider threat activity as it flows detected indicators to Splunk as event alerts where Splunk administrators can review details on user or group activity and then take appropriate action.
(Image credit: Spectorsoft)