Fasoo RiskView is a tool for security administrators that monitor activity related to unstructured data and user activities with confidential data. It gathers information from Fasoo Usage Tracer (the log analysis utility for Fasoo Enterprise DRM) and Fasoo eData Manager. It has APIs that can be configured to import log data from other security technology components, including firewalls, DLP, databases, and even physical security systems (e.g., entry/exit data from keycard or biometric systems) and employee attendance records.
Fasoo RiskView includes a decision making framework that security administrators as well as business managers can use to review suspicious activities and after relevant investigations, in order to decide whether or not to take action to address these concerns with potential insider threats.
Fasoo RiskView applies sophisticated rule-based modeling to the data sources mentioned above, to establish normal patterns of behavior and flag suspicious activities that indicate enough risk to merit concern and potential intervention by business management.
The types of activities that Fasoo RiskView tracks include:
- Event anomalies, such as logins with user IDs of former employees, a given user logging in from multiple locations simultaneously, or unauthorized users retaining an excessive numbers of files containing sensitive data.
- File based risks, such as unauthorized users’ attempts to decrypt classified files.
- User based risks, such as users decrypting files more frequently than usual, printing more files than usual after regular business hours, or sending files to external recipients more than usual.