Tackling the insider threat

Yevhen Zhurer, Head of Business Development at Ekran System and  Anna Chernyavskaya, Partner Manager at Ekran System discuss the company’s focus on insider threat management

Discuss the focus of your solutions on insider threat management

Yevhen: We provide a solution that helps organizations address insider risks by enabling identity and access management, user activity monitoring, and incident detection features. We focus specifically on the user activity monitoring user entity behavior and user behavior. We report what the user is doing or how they performed.  Using AI-based analytics in real-time, we detect any anomalies in user behavior vis-a-vis the baseline behavior.

What are the deployment options for your solution?

Yevhen: We have an agent-based solution, meaning that for every workstation agent, or for example, terminal server, and so on, there should be an agent installed to reach full functionality and total control over the code. Ekran System has the flexibility to deploy as SaaS, on-premises, or in hybrid environments. Azure and AWS deployment options are available.

In this region, most of our customers, require on-prem solutions due to the sensitive data they’ve got and they need to store data securely on their premises.

Anna Chernyavskaya, Partner Manager at Ekran System

Discuss your partner focus for the region.

Anna: We work through partners and have been witnessing steady growth. We have several ongoing projects being executed through partners in the region. We assist our partners with POC and other related technical queries from customers. We work with distributors such as Bulwark in the region.

How significant is the demand for these solutions in the region?

Anna: We see a growing demand. We started out during the pandemic in the region when the users were largely working on a remote basis. From that point, our business started to really grow here.

Yevhen: The demand continues because the pandemic has shown that users can work remotely not only in this region but globally. And the fact that the users are working remotely, they need to be controlled because they are using sometimes their own devices for work. And if they’re using their own devices, they can switch them for example, just Facebook or something and it can be hacked or social engineered. So, the user can be affected by specific actors and do forbidden actions which need to be monitored and alerted.

How do the alerts work?

Yevhen: Alerts are based on the rules which we set up. Just for example, continuously monitors keystrokes, meaning that a particular keyword can be used to initiate recording or to trigger an alert, providing a great way to limit the scope of data you gather and let you react to incidents in a timely fashion.

For instance, a common use case is job search, and the user is not allowed to make a job search during his working hours for the employer, and as soon as the user starts typing or opens specific websites can either start monitoring or if we did not do this, we can notify the system administrator. Our solution can be also utilized as a learning tool. When the user is trying to perform a forbidden action, we can notify the user itself with a popup message not to do it. Otherwise, the application will be killed.

Anna: Artificial intelligence helps detect activity in unusual working hours. And once the user logging into the system in unusual working hours, this system will assign a risk for him. And it will be highlighted and the administrator can pay attention to that.

How are the privacy concerns addressed?

Yevhen:We have implemented the pseudonymization functionalities. User logins and device names are substitutes with aliases. Unique aliases are assigned randomly, making it impossible to discover a pattern and link an alias back to a user. In case of a security incident, you will need to de-anonymize, a user for this, a security officer and a data protection officer (DPO) have to work together. However, users’ private data is protected from anyone who has access to the Ekran System Management Tool.

Which are the verticals of significant interest for you in the region?

Yevhen: Banking, financial services, and insurance companies still are the key verticals. The government sector, Education and Telecom are also among the major focus areas. SMBs are also a key segment since they want to monitor employee productivity.