Catching data thieves before they get suspicious

Catching data thieves before they get suspicious

A faster, more thorough forensics analysis program from Israel's Mitsy is just the thing companies need to catch Internet miscreants before they abscond with corporate secrets

Avner Sharon, Mitsy CEO (Photo credit: Courtesy)
Avner Sharon, Mitsy CEO (Photo credit: Courtesy)

Data theft, both inside and outside business, has never been more common. With all the protections available for systems and networks, it seems that the bad guys can still figure out a way to get what they want – personal data, corporate data, trade secrets, patent information, etc.

While there is plenty of data theft going on over the Internet, via Trojans and programs that “phone home,” some of the most damaging data theft happens on-site, with disgruntled employees copying data over networks or USB sticks and selling it to competitors. A good thief will know how to outfox security measures and avoid cameras. And once they’re out the door, there’s almost nothing companies can do to save their secrets.

To prevent this kind of theft, some companies require forensic checks of devices brought in from the outside, and there are a number of tools, like FTK and EnCase, that companies rely on for forensic investigations. But an Israeli start-up called Mitsy has both those programs beat, says CEO Avner Sharon. “Other systems require full indexing of a drive before a data search can take place. Our software, ForeSee, automatically analyzes all the data on a drive and presents only the relevant information.”

That approach, he said, makes ForeSee far faster and more practical and useful in real life situations, with ForeSee able to shoot out specific and accurate results without the need to index a drive or build a drive image, as its competitors require. “When you do a forensic check on an employee’s laptop you have to do it and wrap it up in a short period of time. You cannot have them sitting around for the hours it takes to build an image of a disk, unless you have them arrested. With our system, you could get the information you need in a matter of minutes.”

That speed is due to proprietary algorithms ForeSee uses in its searches, which is actually far more than the search for a string of data, using “smart” multilingual pattern recognizing, even in the cases when pattern is stored in some exotic format, or hidden within another file. In addition, said Sharon, ForeSee is a whiz at languages. “ForeSee is the only program that handles non-Unicode languages well, like Sanskrit, Mandarin, and others.” ForeSee includes several built-in data viewers, which allows a user to read office documents, mails and so on without installing any additional software. “Many attorneys we work with in the US require that the files we send them be in a format their office works with. We can quickly write a viewer for any user, as well as add languages quickly to ForeSee,” said Sharon.

The company so far operates mostly in Israel and Asia; it’s in negotiations now to do forensic work for a large Asian data processing company “that will take us to the next level” if Mitsy wins the contract, said Sharon. Meanwhile, ForeSee is in use by several large Israeli corporations and government institutions, including the Ministry of Defense and the Securities Authority, which regulates the Tel Aviv Stock Exchange. In addition, it is in use in several police departments in the US.

The company licenses ForeSee for on-site use, and provides subscription services, in which Mitsy does the analysis on behalf of companies and institutions. According to Sharon, ForeSee can display only the documents associated with the keywords being searched for, ensuring privacy of the individual. “We have been involved in some cases in US courts where our method was ruled legal, because it does not compromise privacy,” he said.

And Sharon has plenty of success stories to share about the effectiveness of ForeSee. In one project the company took on recently, a cellphone service provider asked Sharon to help it uncover a suspected case of fraud. “[There was] an individual working in the purchasing department who was responsible for issuing RFPs for projects. What raised the alarm among company executives was that in tender after tender, one of the same five companies would always win. We analyzed the employee’s laptop and sure enough we found the names of the five companies embedded in numerous documents, proving his complicity.”

Using ForeSee, the company was able to analyze the employee’s laptop quickly, before his suspicions were raised. It turned out, Sharon, said, that the employee had been operating five shell companies and outsourcing the services for each of them, so he essentially controlled all the tenders. Police were informed, and that now former employee is taking a well-deserved break from his hard work — in prison.

Other programs might have detected the evidence on the employee’s laptop — but only Mitsy could have done it quickly enough to prevent a loss of the evidence, Sharon said. “Like for any other forensic or data restore program, a thorough wipe of a drive will more or less eliminate the evidence. That’s why, in many cases of suspected corporate espionage and data theft, speed is of the essence, and speed happens to be one of ForeSee’s greatest strengths.”

read more: