Jigsaw Security has updated our Insider Threat word detection library. The library can be custom configured to detect when documents and information leaves organizational boundaries. The library is used and integrated into CDM, NIST and other controls to ensure that insider threats are detected quickly and easily.
How it works
The main thing to keep in mind is that our boundary protection works using embedded tags that are added to documents, spreadsheets and other sensitive content when it is created. The tagging software is a plugin for Windows that tags documents when they are saved to the network, hard drive or online locations. The tagging sets a default identifier that is sent to the Jigsaw Security Enterprise platform which the scours the Internet and other sources (GitHub, Office 365, Azure, Amazon and other locations). If tags are located in publicly accessible documents the system alerts administrators that a document is in the public domain and has left the boundary, if using the JIgsaw IDS sensor the document is detecting when it is uploaded to external sites and SSL encryption is broken to identify encrypted traffic (rule based).
Why document tagging is important
Not only is it important to know when data is leaving your boundary (usually as a result of insider threats and spies) but also it's important to track how and what methods were used to try and move the data without authorization. It is also possible to utilize authorized transfer sites that are not tagged or tracked, such as when sharing secure documents with partners and customers.
NIST Control Compliance
The following NIST 800-53 controls are covered by the boundary protection
SA-18, AC-7, AC-10
Jigsaw Threat Mitigation Model™
The following Jigsaw Threat Mitigation Model™ phases are covered by the plugin
Phase 1, Phase 2, Phase 3, Phase 4, Phase 6