Detect and Prevent Insider Threats With CurrentWare

The free trial of our data loss prevention software is fully functional. You can deploy it on up to 10 computers for 14 days. If you need more time or more computers to properly evaluate the best data loss prevention software for your organization, reach out to our support team.

As with any CurrentWare Suite product, your organization is in control of how visible the data loss prevention software is.

The CurrentWare software client operates in stealth mode by default.

In stealth mode, the CurrentWare software client is not visible in the system tray or control panel of the user’s computer. Your users will not be able to uninstall the program or stop it without administrator privileges.

If you would like your users to be aware that they are being monitored, you can choose to show the CurrentWare software client in their system tray by enabling it in the client software settings.

AccessPatrol does not disclose when its USB activity monitoring feature is active. When your employees attempt to use an unauthorized USB device they can be presented with an optional warning message.

When BrowseControl blocks a website you can choose to show a warning message, redirect to another website, or simply have the connection fail.

When monitoring user activity with BrowseReporter you can choose to enable the End-User Reports feature to provide users with access to their activity data. You can also display optional notifications that periodically remind them that they are being monitored.

No, CurrentWare cannot access your employee’s computer monitoring data. CurrentWare’s software does not send your user’s computer usage data to CurrentWare. They are installed and managed by your organization.

All of the data collected by CurrentWare’s software is stored on a database that is installed in your organization’s data center or cloud service provider.

With CurrentWare’s on-premises & self-managed cloud deployment options, you’re in complete control of your data.

• Sensitive employee data stays secured to your standards rather than being sent to a third party.
• Maintain data localization and residency compliance requirements by keeping employee data exactly where it needs to be.
• Retain auditable records of user activity for as long as you need

For more information please refer to our Terms of Service.

Yes. You can assign unique security policies for each computer, user, department, or other organizational unit (OU) in your company.

To do this, CurrentWare allows you to create group folders with separate policies. This feature is perfect for restricting users while providing greater access for trusted administrators.

In terms of device control, you can also use the access code generator to temporarily grant access to all peripherals or use the device scheduler to automatically allow/block devices at specific times.

In terms of internet and application restriction, you can use the internet scheduler and app blocker scheduler to temporarily allow access to blocked websites and applications at specific times.

Yes. CurrentWare has the ability to prevent your end-users from copying specific files to their storage devices. These file transfer restrictions can be configured based on the file name or file extension.

The file transfer blocking feature can also be used on devices that are on the Allowed List. This lets you provide access to company-authorized USB devices while still protecting the sensitive data in your network against exfiltration to portable storage hardware.

The CurrentWare Suite can be deployed on-premises or on a cloud platform of your choice. Both deployment option are compatible with remote workers with a few configuration changes.

Learn More:

• Deploy CurrentWare to the Cloud
• Articles on Installing CurrentWare

CurrentWare is committed to the security of its platform, its users and their data. 

• All of the data collected by CurrentWare’s solutions is stored in your organization’s data center or cloud service provider; the data is not sent to CurrentWare.
• The web console cannot be accessed without a username and password. For an added layer of authentication security you can enable two-factor authentication.
• You can selectively enable/disable what data is tracked and delete old records automatically.

For a complete overview of the security measures that CurrentWare has in place, check out the CurrentWare platform security overview page.

In addition to USB device control, CurrentWare’s data loss prevention tool AccessPatrol allows you to control the following peripheral devices on your users’ computers.

Learn More: USB control with AccessPatrol

The Cybersecurity & Infrastructure Security Agency (CISA) defines an insider threat as “the potential for an insider to use their authorized access or understanding of an organization to harm that organization. This harm can include malicious, complacent, or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities.“

The term insider refers to employees, contractors, and other trusted individuals that have intimate access to and knowledge of an organization’s systems. 

While external threats such as malware and cybercriminals are a threat to sensitive information, insider attacks are especially devastating due to the level of internal access they have.

Insider threats belong to one of two core categories: 

• Malicious insider threats intentionally cause damage through acts such as the theft of sensitive information, sabotage, fraud, and espionage. 
• Negligent insider threats cause damage non-maliciously through acts such as breaking company policies, falling victim to phishing attacks, or unintentionally sharing sensitive information with unauthorized recipients

Examples of insider threats

• A disgruntled ex-employee stealing intellectual property to gain favor with a competitor
• An employee who transfers sensitive data to an unencrypted USB device
• An employee sharing login credentials with a coworker
• A contractor leveraging their internal access to perform privilege escalation in an effort to access sensitive data

The term “insider threat management” refers to the practices that security teams put in place to identify, prevent, and remediate potential insider threats. These teams will set up a security operations center with the policies, procedures, and insider threat detection tools needed to mitigate threats. 

Security teams watch for potential insider threat indicators by:

• Insider Threat Detection: An insider threat management solution will leverage user behavior analytics to monitor security events for potential threats

• Employee Monitoring Software: User behavior analytics processes will be bolstered with data from existing tools that monitor user actions, such as data loss prevention and employee monitoring software

• Security Audits: Using a combination of automated responses and a manual audit, security teams will review security information to distinguish between false positives and suspicious activities

• Data Protection: A baseline of acceptable behavior is established to help security teams distinguish between suspicious behavior and legitimate activity. 

• User and Entity Behavior: Security teams will work cooperatively with other departments to watch for non-technical indicators of a potential insider threat such as grievances at work, disengagement, and an abnormally strong interest in duties outside of their scope of work

• Employee Training: Provide employees with security awareness training that helps them identify insider security threats and avoid becoming victims of the cyber attacks they are most likely to experience, such as phishing.

• Limit Access to Sensitive Data: Limiting who can access sensitive information is a critical security control against both insider threats and external threats. The fewer accounts that can access sensitive data the lower the attack surface.

• Encrypt Sensitive Data: In the event of a data breach encryption will provide a critical layer of protection against having the contents exposed to threat actors.

• Implement & Enforce Policies: Policies and procedures provide a baseline of expectations that employees must follow. With this baseline in place your insider threat management solution can be used to identify both external attacks and insider threats that are acting anomalously. 
• Monitor Employee Activity: Every insider threat management strategy needs an element of threat detection. Activity monitoring and entity behavior analytics help detect insider attacks before they escalate. 

Learn More: Tips for Preventing Insider Data Theft