In addition to providing reactive investigative assistance, our specialists support corporate employee relations and security personnel with proactive internal threat management services. Despite significant technology investments, there are always employees that continue to circumvent security controls, violate company policies and expose confidential or private data. Firewalls, proxies and web content filters are common devices that effectively screen or block undesirable Internet traffic; unfortunately, even the best implementations do not catch everything. Through the analysis of key server and security system logs, we are able to identify and investigate bad employees before they cause critical harm.

Most companies rarely, if ever, review raw device logs for anything other than troubleshooting purposes. Organizations that do engage in log file analysis for security intelligence typically do so using high-level reporting tools. While useful for statistical purposes, these reporting tools are ineffective at identifying undesirable events permitted due to categorization or configuration issues. Periodic log file analysis is a highly recommended best practice to validate the effectiveness of perimeter security systems and uncover "under the radar" violations. Intelligence assessments often uncover issues such as the following:

• access pornography or other inappropriate material
• piracy and abuse of copyrighted material
• operating secondary or personal businesses using company time and resources
• business specific policy violations (such as prohibited use of non-company email)
• rogue computer systems or network devices (unauthorized wireless access point)
• posting of prohibited content on Internet message boards and blogs
• gambling
• theft