You've no doubt heard the horror stories about how insiders are responsible for an awful lot of security breaches and miscellaneous other computer-related mischief. Although the numbers are declining, at least according to the latest Computer Security Institute/FBI study, clearly you still need to be concerned about employees who are up to no good.
With that in mind, Tally Systems has released a new version of its Census line of PC inventory and auditing software that can now detect the tools that malicious hackers use to ply their trade. Tally has added more than 400 fingerprints to Census, enabling it to detect various categories of tools, including those used to launch Trojans and denial-of-service attacks, crack passwords, break into networks and write viruses.
There are four versions of the Census line: TS.Census, for enterprise use; QuickCensus, a subscription-based version of TS; WebCensus, which runs on demand after users click on a URL; and PowerCensus, a plug-in for Microsoft System Management Server.
"This is our first foray into the suspicious tools area," says Sarah Clerkin, TS.Census product manager. She notes, however, that the products can also detect computer games such as Doom along with bandwidth- and time-wasters such as Napster.
TS.Census includes an agent that runs on the user's machine, scanning for various kinds of software at user-defined intervals. Data is sent to a central inventory database, against which users can run queries and create a variety of reports. Users can also scan a particular PC or network segment at will.
Given that WebCensus runs only on demand, it is unlikely that a user with something to hide will click on the URL and potentially do himself in. But it still acts as a deterrent, given that users know they may be exposed if they use their work computers to fool with illicit tools.
Such deterrents are clearly needed. In the 2001 CSI/FBI Computer Crime and Security Survey, 49% of respondents said they detected unauthorized access by insiders in the last 12 months, down from 71% a year earlier. But 91% reported insider abuse of Internet access, up from 79% in the 2000 survey.
Pricing for the Census products is $21 per seat in quantities of 1,000, which includes a monthly update that can be downloaded from the Web or applied automatically. The products work with all Windows machines, including NT and Windows 2000, as well as some DOS and OS/2 machines. A Unix version will be out in the fall.