User Assessor

User and data risk assessment tool for Cyber-Security Professionals

Download Sample Reports

Helps Cyber Security Professionals measure risk

Risk of human error and malicious insiders 

User assessor monitors how users access, store and move data and highlights risky behaviours. 

Compliance to regulations 

Detects risky handling of PII and Credit card data inline with regulations and standards like NDB, GDPR and PCI  DSS. Helps to assess organisation's conformance to ISO 27001 and ACSC's  Information Security Manual (ISM).  

Loss of intellectual property

User Assessor uses specialised techniques to  target company's Intellectual Property and highlight risky user actions. 

Covers wide range of user behaviours 

Mobirise

Content level detection directs attention 

Content level monitoring helps to focus detection of sensitive PII and company IP. For example knowing the data sent out had credit card information can help to highlight serious non-compliances. Without it IT teams struggle to establish the level of risk from just flow of data. User assessor offers several ways to tag information for detection. These include:

  • Using predefined PII templates
  • By defining sensitive phrases
  • By defining custom regular expressions
  • Using automated tool to create data mapping
  • From Databases

Pre-defined risks assess organisation's environment from various angles.  

USBs are still the most common form of data exchange. Loss of these devices is common form of data loss. High transfer rate over a short duration of time is a typical indicator of deliberate data theft.

Monitors corporate and personal free email activity for risky actions  

In a hybrid work environments users tend to use many different forms of data sharing methods. Use of personal services like cloud, chat and social media are hard to monitor and place company's data at risk of loss 

Loss of hard copy sensitive data is a big source of data leakage. 

  • Corporate data shared using corporate and personal chat applications like whatsapp, wechat and telegram
  • Emails sent to 3rd party and free email addresses having sensitive data 
  • Credit card information transferred in clear text using any corporate and non corporate channels including emails, cloud, web, chat and external storage media.  
  • Detect use of non-corporate applications by users (Shadow IT)
  • Access of sensitive information by unauthorised users 
  • Forgetting to use BCC when sending out circulars to external 3rd parties exposing their contact information. 
  • Detecting the use of unauthorised external storage USB instead of company provided storage devices. 
  • Privilege user monitoring. Monitoring of admin commands and operation and highlight potential risky actions.  

How does it work?

Default settings consist of predefined templates for monitoring data related to privacy regulations and security standards. The default settings can be easily extended to capture company’s IP and specific data sets.

A lightweight scanning agent is deployed to representative end-points and servers. The same agent is used to perform remote data discovery function. 

The agent monitors users' behaviour and how sensitive unstructured data is being used, moved, and stored by users on all corporate and non-corporate channels, including online and offline media.

Generates detailed reports highlighting potential sources of user risk. Reports are highly customisable to focus on specific issues as required by the customer.

Mobirise

Contact Us

Fill this form and we'll get back to you soon.

Mobirise page builder - Check it