Gloved hand types on a laptop. There is an external hard drive connected to the computer, implying a malicious data theft incident

Detect and Prevent Insider Threats With CurrentWare

Protect sensitive data against negligent and malicious insiders with CurrentWare’s insider threat detection and prevention tools.

  • Stop Data Theft
    Restrict access to cloud storage, apps, and removable media devices
  • Intuitive User Activity Reports
    User-friendly reports make it easy to monitor for high-risk activity
  • Limit User Access
    Apply unique device restriction policies based on risk level

Trusted By:

CW_AXA_logo
CW_AXA_logo
bostoncenterless logo

& many more

Trusted by:

CW_AXA_logo

and more

CurrentWare’s Insider Threat Detection & Prevention Solutions

Detect Suspicious Activity With User Activity Monitoring

The CurrentWare Suite includes several employee monitoring solutions to track employee behavior for potential insider threat indicators.

  • Detect Risky Activity: Monitor user behavior for suspicious activity with built-in alerts, reports, and dashboards
  • Audit Logs: Historical activity logs of login/logout times, internet use, USB activity, and software usage give organizations the data they need to detect insider threats
  • Data Movement: Get alerts of potential data exfiltration to removable media devices by individual users
AccessPatrol USB activity dashboard for a single user. Showcasing a timeline of file activities, top file types, and top device types

Stop Insider Threats Before They Happen

Don’t just detect potential insider threats—prevent malicious activity from happening in the first place. Lock down user accounts with CurrentWare to proactively prevent threats to sensitive data.

  • Cloud DLP: Block websites and apps to prevent insider threats from accessing unauthorized cloud storage providers and other data egress points
  • Block USB: Stop insider threats from transferring company data to unauthorized USB storage devices
  • Restrict Data Transfers: Block file transfers to portable storage devices based on file extension and file name

    Monitor USB Activity for Suspicious and High-Risk Behavior

    Unmanaged portable storage devices are a nightmare for security teams. CurrentWare’s user activity monitoring and USB restriction tools ensure that organizations detect and prevent this common insider threat risk.

    • Detect Malicious Insider Threats: Receive real time email alerts when employees violate your USB security policies
    • Data Monitoring: Audit file operations reports to see what company data has been copied, created, deleted, or renamed on removable media devices
    • Data Breach Investigation: Review user activity reports and dashboards to trace data breaches back to their source
    central management console for AccessPatrol endpoint security solutions

    Central Console For Scalable Insider Threat Management

    Implement insider threat management policies from a central location. Easily monitor and control your entire workforce from the convenience of a web browser. 

    • Remote Management: Monitor & control each managed endpoint device from a central management console
    • Granular Policies: Place users/PCs in their own policy groups to apply a unique security policy to them
    • Active Directory: Integrate with Active Directory to import & sync your existing Organizational Units to the CurrentWare Console

    The Critical Role of Insider Threat Management

    Financial_ServicesBreach_Icon

    70% of intellectual property theft occurs within the 90 days before an employee’s resignation announcement.1

    Without insider threat management measures in place, stealing sensitive files is as simple as a transfer to a  USB flash drive.

    Insider threat incidents that took 90+ days to contain cost organizations an average of $17.19 million per year.2

    User activity data is essential to detect insider threats and solve issues before they can escalate their attacks.

    20% of data breaches from 2020-2021 involved trusted internal actors such as employees and contractors.3

    Insider threat management tools offer the protection and detection features you need to prevent data breaches.

    How to Improve Data Security With CurrentWare

    The CurrentWare Suite provides critical security controls for protecting your network, endpoints, and sensitive data against a variety of high-risk activities.

    Block & Audit Removable Storage Devices

    Control who can use portable storage devices and set USB security policies to limit what devices are allowed. Monitor data transfers and other file operations to removable media to ensure that your data security policies are being followed.

    Device Blocking window Screenshot of CurrentWare's USB device control software AccessPatrol

    Prevent Data Loss to Cloud Platforms

    Use web filtering and application blocking policies to stop unauthorized cloud storage use. Protect sensitive corporate data from being uploaded to unsanctioned file sharing sites.

    Data loss prevention cloud storage DLP security tips

    Audit User Activity for Insider Threat Risks

    Monitor employee computer usage for signs of insider threats. Track removable data storage usage, web browsing, app use, and login/logout times for high-risk, anomalous, or inappropriate activity. Receive automated alerts straight to your inbox when specific events occur.

    accesspatrol USB file operations history activity log

    Block Data Transfers to Removable Media

    Go beyond simply blocking unauthorized USB devices; ensure optimal data protection with your trusted devices, too. Block file transfers to portable storage devices based on file extension and file name.

    Screenshot of AccessPatrol's USB file transfer blocking feature

    Block High-Risk Network Ports

    Block unused TCP/UDP ports to reduce the attack surface of your network. Improve data protection by mitigating the threat of data leakage over FTP, SFTP, IRC, and other high-risk network ports.

    Screenshot of BrowseControl's Port Filter for blocking TCP/UDP ports

    Block Risky Sites

    BrowseControl’s web content category filtering database provides you with a convenient way to block millions of websites across over 100 URL categories. Easily block users from accessing social media, porn, games, known virus-infected websites, and more!

    Screenshot of category filtering window from BrowseControl web filter. Porn and social media categories blocked.
    viking yachts

    Case Study

    Viking Yachts Protects Sensitive Information From a Departing Employee

    “CurrentWare saved us a lot of time and money. If we didn’t have AccessPatrol we would have never known what was going on. I cannot thank all of you enough for this software.”

    A departing employee was caught stealing classified files! If we didn’t have AccessPatrol we would never have known.

    Flexible Deployment Options

    On-Premises | Remote Workers | Self-Managed Cloud Platforms

    When you use CurrentWare products the data you collect remains solely in your control, giving you the flexibility to decide where data is stored and for how long. Your employee’s data cannot be accessed by CurrentWare.

    hp-on-premise

    Download the Free Trial

    Get started today with a free fully-functional 14-day trial of the CurrentWare Suite. No credit card required to sign up!

    hp-private-cloud

    Deploy the Software

    Install the Console & Server on a computer, server, or a cloud platform of your choice. Then deploy the Clients to your users’ computers.

    manage-remote-workers-and-users

    Manage your Users

    Organize your PCs/Users into custom policy groups. Get advanced awareness & control over how technology is used in your organization.

    CurrentWare Suite

    Get all 4 modules for the best value or choose the exact solution you need

    Get Advanced Activity Insights

    BrowseReporter is a versatile employee monitoring software to track productivity and efficiency.

    • Make informed decisions
    • Enforce company policies
    • Improve productivity

    Employee Productivity Dashboard

    Block Dangerous & Unwanted Sites

    BrowseControl is an easy-to-use website blocking software for restricting internet access.

    • Block URLs & categories
    • Block unwanted apps
    • Website allow & block lists

    Screenshot of category filtering window from BrowseControl web filter. Porn and social media categories blocked.

    Stop Data Theft to USB Devices

    AccessPatrol is USB control software to protect sensitive data against theft to portable storage devices.

    • Block USB devices
    • USB file activity alerts
    • Block file transfers

    Device Blocking window Screenshot of CurrentWare's USB device control software AccessPatrol

    Remotely Control PC Power States

    enPowerManager is a remote PC power manager for centrally managing power settings across all endpoints.

    • Track logon and logoff times
    • Log PC power event history
    • Remotely shutdown PCs

    Screenshot of enPowerManager's PC power schedule with weekly boot, restart, and shutdown events scheduled

    Check Out Our Great Reviews on Capterra!

    The reporting feature offers accurate insights on internet activities in order to ensure compliance & organization policies are met. The offsite management feature makes it easy to monitor those working from home.

    Carroline Achieng O., Sales Consultant
    Absa Life Assurance, 10,001+ Employees

    We have experienced data leaks by dishonest employees in the past and AccessPatrol has helped us avoid them and work with greater security and peace of mind for us and our customers.

    Julio V., Head of Information Technology
    Financial Services Industry, 10,001+ employees

    As a 'novice' I was able to set up with help from support in about an hour. Previous software took forever and didn't work as advertised. This software worked right out of the box.

    Dr. Gerard B, Office Manager
    2-10 Employees

    The software actually does what was advertised and the support is great! We were able to have the software up and running on the same day with no issues or even a call/email to their support.

    Ken W, IT Manager
    201-500 Employees

    FREE DOWNLOAD
    How to Keep Data Safe When Offboarding Employees

    70% of intellectual property theft occurs within 90 days of an employee’s resignation.

    Are you concerned about the damage a terminated employee could cause with access to sensitive corporate information, account passwords, and other proprietary data?

    Follow these best practices to protect your data security when offboarding employees. 

    CurrentWare Features

    Internet Off

    Internet ON/OFF

    One click to completely block
    the Internet

    Internet Off

    URL Filter

    Allowed list or Blocked list for
    specific URLs

    Internet Off

    Category Filtering

    Block websites based on
    content categories

    Internet Off

    Internet Scheduler

    Set unique restrictions at specific
    times of the day

    Internet Off

    Internet Monitoring

    Track what websites are being
    visited by employees

    Internet Off

    Web Activity Reports

    15+ different detailed web
    activity reports

    Internet Off

    Track Application Use

    See what applications are being
    used by employees

    Internet Off

    Email Reports

    Automatically email reports of web
    usage to managers

    Internet Off

    Block USB

    Block unauthorized USBs to protect
    against data theft

    Internet Off

    Block External Devices

    Easily block DVDs, external drives
    & other peripherals

    Internet Off

    Device Permissions

    Set full access, read only or no
    access on storage devices

    Internet Off

    Allowed List

    Allow specific storage devices on
    your network

    Internet Off

    Centralized Console

    Manage all your users from the
    centralized console with Active
    Directory import or syncing

    Internet Off

    Platform Security

    Protect your CurrentWare console
    with 2FA, passwords, privilege
    management, and more

    Internet Off

    Offsite Management

    Extend onsite security policies to any remote computer running outside the corporate network

    Internet Off

    SQL Server Supported

    Database scaled for enterprise and
    large business operations using
    Microsoft SQL Server

    CurrentWare

    Get Started Today
    With a Free Trial

    Fully functional. Easy to use. Install in minutes.

    Insider Threat Detection & Prevention Resources

    Insider threat management - top signs of an insider threat - currentware

    The Top 5 Signs of an Insider Threat

    Learn the top indicators of an insider threat so you can identify potential threats before they can cause severe damage to your organization.

    Insider Threats - How to Stop Data Theft - CurrentWare

    Tips for Preventing Insider Data Theft

    Follow these tips to protect your company’s sensitive data against theft, misuse, and loss from malicious and negligent insider threats.

    data theft prevention - a guide to offboarding employees - CurrentWare

    Tips for Offboarding Employees

    Concerned about the damage a soon-to-be-ex-employee could cause with access to sensitive information? Follow these tips.

    Insider threat management: Employee data theft stories

    Examples of Data Theft by Employees

    These notorious examples of employee data theft demonstrate the devastating effects that a data breach can have.

    Corporate espionage: Crushing cases of IP theft

    5 Corporate Espionage Cases

    These corporate espionage cases highlight the lengths that organizations will go to to maintain an advantage over competitors.

    data loss prevention - the top data exfiltration risks

    The Top 7 Data Exfiltration Risks

    This article will teach you how to prevent data exfiltration by addressing the most common techniques used.

    CurrentWare

    Get Started Today
    With a Free Trial

    Fully functional. Easy to use. Install in minutes.

    Insider Threat Detection & Prevention FAQ

    Can I Use Your Insider Threat Prevention Software With Remote Workers?

    Yes. CurrentWare’s insider threat prevention tools support a variety of deployment options that allow you to control USB devices, block websites, and monitor user activity no matter where they are.

    To learn more about using CurrentWare with remote workers, visit this article:

    How to Set Up CurrentWare for Remote Teams

    Are There Any Limits to the Free Trial?

    The free trial of our data loss prevention software is fully functional. You can deploy it on up to 10 computers for 14 days. If you need more time or more computers to properly evaluate the best data loss prevention software for your organization, reach out to our support team.

    Will My Employees Know They Are Being Monitored?

    As with any CurrentWare Suite product, your organization is in control of how visible the data loss prevention software is.

    The CurrentWare software client operates in stealth mode by default.

    In stealth mode, the CurrentWare software client is not visible in the system tray or control panel of the user’s computer. Your users will not be able to uninstall the program or stop it without administrator privileges.

    If you would like your users to be aware that they are being monitored, you can choose to show the CurrentWare software client in their system tray by enabling it in the client software settings.

    AccessPatrol does not disclose when its USB activity monitoring feature is active. When your employees attempt to use an unauthorized USB device they can be presented with an optional warning message.

    When BrowseControl blocks a website you can choose to show a warning message, redirect to another website, or simply have the connection fail.

    When monitoring user activity with BrowseReporter you can choose to enable the End-User Reports feature to provide users with access to their activity data. You can also display optional notifications that periodically remind them that they are being monitored.

    Does CurrentWare Have Access to Employee Data?

    No, CurrentWare cannot access your employee’s computer monitoring data. CurrentWare’s software does not send your user’s computer usage data to CurrentWare. They are installed and managed by your organization.

    All of the data collected by CurrentWare’s software is stored on a database that is installed in your organization’s data center or cloud service provider.

    With CurrentWare’s on-premises & self-managed cloud deployment options, you’re in complete control of your data.

    • Sensitive employee data stays secured to your standards rather than being sent to a third party.
    • Maintain data localization and residency compliance requirements by keeping employee data exactly where it needs to be.
    • Retain auditable records of user activity for as long as you need

    For more information please refer to our Terms of Service.

    Can I Set Unique Device Restrictions for Different Computers or Users?

    Yes. You can assign unique security policies for each computer, user, department, or other organizational unit (OU) in your company.

    To do this, CurrentWare allows you to create group folders with separate policies. This feature is perfect for restricting users while providing greater access for trusted administrators.

    In terms of device control, you can also use the access code generator to temporarily grant access to all peripherals or use the device scheduler to automatically allow/block devices at specific times.

    In terms of internet and application restriction, you can use the internet scheduler and app blocker scheduler to temporarily allow access to blocked websites and applications at specific times.

    Can I Block Specific File Types from Being Transferred?

    Yes. CurrentWare has the ability to prevent your end-users from copying specific files to their storage devices. These file transfer restrictions can be configured based on the file name or file extension.

    The file transfer blocking feature can also be used on devices that are on the Allowed List. This lets you provide access to company-authorized USB devices while still protecting the sensitive data in your network against exfiltration to portable storage hardware.

    Is This a Cloud Product?

    The CurrentWare Suite can be deployed on-premises or on a cloud platform of your choice. Both deployment option are compatible with remote workers with a few configuration changes.

    Learn More:

    How is the CurrentWare Suite Secured?

    CurrentWare is committed to the security of its platform, its users and their data. 

     

    • All of the data collected by CurrentWare’s solutions is stored in your organization’s data center or cloud service provider; the data is not sent to CurrentWare.
    • The web console cannot be accessed without a username and password. For an added layer of authentication security you can enable two-factor authentication.
    • You can selectively enable/disable what data is tracked and delete old records automatically.

     

    For a complete overview of the security measures that CurrentWare has in place, check out the CurrentWare platform security overview page.

    What Peripheral Devices Can CurrentWare Control?

    In addition to USB device control, CurrentWare’s data loss prevention tool AccessPatrol allows you to control the following peripheral devices on your users’ computers.

    Devices You Can Control Device Access Permissions
    USB Full / Read only / No access
    DVD /CD Full / Read only / No access
    Floppy Full / Read only / No access
    Tape Full / Read only / No access
    External Hard drive Full / Read only / No access
    Firewire Full / Read only / No access
    SD Card Full / Read only / No access
    MM Card Full / Read only / No access
    Bluetooth Devices Full / Audio Only/ No access
    Infrared Full / No access
    Wifi Full / No access
    Serial Full / No access
    Parallel Full / No access
    Scanners Full / No access
    Cameras, Webcams & Others Full / No access
    Printers Full / No access
    USB Ethernet Adapter Full / No access
    Sound Cards Full / No access
    Portable Devices (iPhones, Mobile Devices) Full / No access
    Network Share Full / No access

    Learn More: USB control with AccessPatrol

    What is an Insider Threat?

    The Cybersecurity & Infrastructure Security Agency (CISA) defines an insider threat as “the potential for an insider to use their authorized access or understanding of an organization to harm that organization. This harm can include malicious, complacent, or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities.“

    The term insider refers to employees, contractors, and other trusted individuals that have intimate access to and knowledge of an organization’s systems. 

    While external threats such as malware and cybercriminals are a threat to sensitive information, insider attacks are especially devastating due to the level of internal access they have.

    Insider threats belong to one of two core categories: 

    • Malicious insider threats intentionally cause damage through acts such as the theft of sensitive information, sabotage, fraud, and espionage. 
    • Negligent insider threats cause damage non-maliciously through acts such as breaking company policies, falling victim to phishing attacks, or unintentionally sharing sensitive information with unauthorized recipients

    Examples of insider threats

    • A disgruntled ex-employee stealing intellectual property to gain favor with a competitor
    • An employee who transfers sensitive data to an unencrypted USB device
    • An employee sharing login credentials with a coworker
    • A contractor leveraging their internal access to perform privilege escalation in an effort to access sensitive data

    What is Insider Threat Management?

    The term “insider threat management” refers to the practices that security teams put in place to identify, prevent, and remediate potential insider threats. These teams will set up a security operations center with the policies, procedures, and insider threat detection tools needed to mitigate threats. 

    Security teams watch for potential insider threat indicators by:

    • Insider Threat Detection: An insider threat management solution will leverage user behavior analytics to monitor security events for potential threats
    • Employee Monitoring Software: User behavior analytics processes will be bolstered with data from existing tools that monitor user actions, such as data loss prevention and employee monitoring software
    • Security Audits: Using a combination of automated responses and a manual audit, security teams will review security information to distinguish between false positives and suspicious activities
    • Data Protection: A baseline of acceptable behavior is established to help security teams distinguish between suspicious behavior and legitimate activity. 
    • User and Entity Behavior: Security teams will work cooperatively with other departments to watch for non-technical indicators of a potential insider threat such as grievances at work, disengagement, and an abnormally strong interest in duties outside of their scope of work

     

    What Should Be Done To Protect Against Insider Threats?

    • Employee Training: Provide employees with security awareness training that helps them identify insider security threats and avoid becoming victims of the cyber attacks they are most likely to experience, such as phishing.
    • Limit Access to Sensitive Data: Limiting who can access sensitive information is a critical security control against both insider threats and external threats. The fewer accounts that can access sensitive data the lower the attack surface.
    • Encrypt Sensitive Data: In the event of a data breach encryption will provide a critical layer of protection against having the contents exposed to threat actors.
    • Implement & Enforce Policies: Policies and procedures provide a baseline of expectations that employees must follow. With this baseline in place your insider threat management solution can be used to identify both external attacks and insider threats that are acting anomalously. 
    • Monitor Employee Activity: Every insider threat management strategy needs an element of threat detection. Activity monitoring and entity behavior analytics help detect insider attacks before they escalate. 

    Learn More: Tips for Preventing Insider Data Theft

    1 Your Employees are Taking Your Data – Richard Agnew, Infosecurity Magazine. https://www.infosecurity-magazine.com/opinions/employees-taking-data/.
    2 2022 Ponemon Cost of Insider Threats Global Report. https://www.proofpoint.com/us/resources/threat-reports/cost-of-insider-threats
    3 2022 Verizon Data Breach Investigations Report. https://www.verizon.com/business/resources/reports/2022/dbir/2022-data-breach-investigations-report-dbir.pdf