Teramind for Government

Insider threat detection and data loss prevention for the local, state and federal government

Federal departments and agencies including defense, infrastructure, transportation, utility and intelligence are coveted high value targets. State & local government (SLG) agencies, especially their e-government (E-GOV) services regularly process citizens’ personal information that could be used by malicious parties for identity theft, impersonation, fraud and other crimes. The risk of data exfiltration is compounded by the fact that government data is accessible by a large audience, including government employees, third-party contractors and vendors over multiple channels, making it difficult to control the risk of insider threats, data theft, exfiltration and other crimes.

Teramind is designed to assist the public sector address data loss, cybersecurity and insider threats with its insider threat detection and data loss prevention solutions. With Teramind, government entities can implement effective endpoint monitoring to ensure adherence to regulatory compliance and standards including NIST, FAR/DFARS, FDCC, FedRamp, FISMA, Insider Threat Executive Order and more.

Teramind Government value diagram

Insider-initiated data breaches are prevalent in the public sector:

No. 1

target was government agencies in terms of the number of records lost, stolen or compromised in 2017. Source: Gemalto.

$1.7M

records were stolen by Edward Snowden, a contract systems administrator assigned to the NSA. Source: Data Breach Today.

14M

customer records were exposed in 2018 from GovPayNow, a payment gateway used by many government agencies. Source: SC Media.

48%

greater propensity for government sector to suffer from malicious insider breaches than other sectors. Source: ICMA.

Teramind conforms to the NIST cybersecurity framework:

Teramind utilizes the National Institute of Standards and Technology (NIST) cybersecurity framework to Identify, Protect, Detect, Respond and Recover on data breaches. Combining its powerful user activity monitoring and data loss prevention (DLP) capabilities, Teramind is able to help government organizations prevent insider threats and data breach incidents.

Identify

Leveraging advanced fingerprinting, OCR and tagging technology, Teramind identifies classified, confidential, personal and sensitive data in structured and unstructured repositories across government data stores.

Protect

Teramind leverages its activity monitoring and data loss prevention capabilities to defend confidential and private information from unauthorized access, sharing, attack, tampering and misuse.

Detect

Teramind’s powerful behavior-based policy and rules engine casts a strong detection net over the entire organization, allowing for quick detection of insider threats and data breach incidents before it happens.

Respond

Real-time notification and immediate actions proactively defend against data exfiltration, malicious or accidental insider threats and data breaches. In case of an incident, Teramind lets you pinpoint the exact cause and source of the incident with readily available audit trails and forensic data.

Recover

Conduct recovery planning (RC.RP) after a breach with forensic data derived from Teramind. Improve security perimeter (RC.IM) incorporating lessons learned. Finally, communicate and share (RC.CO) threat intelligence with coordinating centers, CSIRTs, security analysts, CSOs, CISOs, auditors and others.

Teramind delivers visibility, security and compliance:

System-wide visibility and monitoring

Teramind visually records every action that a user makes for over 12 objects including screen, apps, websites, files, emails, etc. Each object can be configured to take into consideration what needs to be monitored and measured and who has access to the monitored records. This allows for both instant administrative viewing and proper capture of forensic evidence to ensure compliance and help facilitate subsequent corrective actions.

Built-in data discovery and classification

Teramind has built-in templates for many classified and unclassified data types. Custom categories can be created for ITAR, EAR, Personal Information (PHI, PII), Military, OGD, GSCP, Special codes etc. using regular expression and natural language detection. Combine OCR and fingerprinting with multiple logic, file origin, file properties and data content to discover classified information in structured/unstructured data or even images ‘on the fly’.

Threat prevention with intelligent behavior engine

Apply advanced behavior-based rules to define what constitutes dangerous or harmful activity and let the system detect when a user violates the rules. Utilize sophisticated anomaly rules to automatically identify user activity outside the normal behavior. Immediately get notified about harmful user activity or lock out user before any malicious or fraudulent attempt.

Privileged user and third-party access control

Teramind allows organizations to create profiles for regular, privileged and contract/external users and then define what information and system resources each profile can access. Further rules can be set up by behavior policies so that access to sensitive information is segregated by the organization’s security policy, or on a need-to-know basis. Rules can also be created to notify the authorities of any suspicious privileged user activity, such as unscheduled and/or unauthorized changes to system configuration and creation of backdoor accounts.

Internal audit and digital forensic

Detailed alerts for all users can be viewed including any security incidents and what actions were taken. Configure custom warning messages to inform the users about nonconformity and influence corrective behavior. Session recordings and history playback can be used to view user’s desktop for audit and evidence gathering purposes.

Risk assessment and treatment

Teramind has a dedicated Risk dashboard where the supervisor can conduct organization-wide risk assessment. Risk can be profiled by users, departments or by system objects. Reports can be derived by severity of risks or by how many times security violations occurred. Unique Risk Scores helps you identify high-risk users or policies so that plans can be developed for treating the risks.

Unified security management and intelligence sharing

Detailed alerts, session logs, anomaly and risk analysis, and incident reports makes your findings and observations tasks easier by identifying where sensitive data is stored, who accessed it and how. Finally, event triggers and logs from Teramind can be send to SIEM and other analytics tools like HP ArcSight, Splunk, IBM QRadar, McAfee Enterprise Security Manager, LogRhythm, NetIQ Sentinel etc. allowing you to share reports and threat intelligence with your security team or other departments.

Compliance management

Government organizations are required to follow several regulatory, cybersecurity, administrative and privacy standards. Teramind has built-in support for many of these compliance standards including HIPAA, GDPR, PCI DSS, ISO 27001 etc. and can be adapted to support special compliance requirements with its powerful Policy & Rules editor and various monitoring and reporting capabilities.

Flexible Deployment Options

On-premise - control the Teramind implementation in its entirety, stay off-cloud if that’s your firm’s operational model, leverage LDAP groups and users to identify which users and groups to apply which policies and rules to.

Teramind Private Cloud - use your own secure, scalable private cloud implementation including AWS, Google Cloud, Azure and more.

Teramind Cloud - trust us the management of the Teramind deployment and infrastructure. Only install Teramind Agents on the machines you want to monitor and set up your users, policies and rules and let us take care of the rest.

Interested? Try it! take a guided tour