This is, certainly, the most unusual product in this group. SpyForce-AI is touted as “...a counter-espionage security software system that defeats the Insider Security Threat.” That is a bit different from simple extrusion detection. Even more peculiar, however, is the way SpyForce works. Unlike other products that inspect packets, SpyForce evaluates user behavior.
We had no trouble installing and configuring. Once SpyForce-AI is up and working, and you have set up the configuration for the servers, it begins to enroll users. Each user goes through a 15-minute “learning session.” During this session the product queries the user about things that only the user will know how to answer. The process is simple and SpyForce uses the information if it suspects that a user is abusing their rights or if someone is masquerading as the legitimate user.
If the software detects user behavior that is abnormal for the particular user, it stops the activity and conducts an “Interrogation Session.” This session replays the learning session information and expects rapid, correct answers from the user. If it does not get them, it takes appropriate action and reports to the administrator. It takes about five logins over a particular period of “modeling time” to learn a user’s habits.
As the user continues to use the computer that SpyForce is monitoring, the software learns basic behavior and builds, using its AI capability, a profile for the user that it continually updates and refines. When the user departs from the learned pattern, an interrogation session ensues and, if passed, the new behavior can be made part of the user’s profile.
We found, as we expected, several false positives. Until SpyForce began to learn our behavior, when we would purposely behave badly the software would catch us and interrogate us. While this is not traditional extrusion prevention software, it does have several benefits for controlling insider behavior. We found it interesting, but are unsure of its value.
The web site has the usual support options and 24/7 phone support is available Monday through Saturday. At $89.99 per computer, the product can get a bit pricey in larger installations.
We had no trouble installing and configuring. Once SpyForce-AI is up and working, and you have set up the configuration for the servers, it begins to enroll users. Each user goes through a 15-minute “learning session.” During this session the product queries the user about things that only the user will know how to answer. The process is simple and SpyForce uses the information if it suspects that a user is abusing their rights or if someone is masquerading as the legitimate user.
If the software detects user behavior that is abnormal for the particular user, it stops the activity and conducts an “Interrogation Session.” This session replays the learning session information and expects rapid, correct answers from the user. If it does not get them, it takes appropriate action and reports to the administrator. It takes about five logins over a particular period of “modeling time” to learn a user’s habits.
As the user continues to use the computer that SpyForce is monitoring, the software learns basic behavior and builds, using its AI capability, a profile for the user that it continually updates and refines. When the user departs from the learned pattern, an interrogation session ensues and, if passed, the new behavior can be made part of the user’s profile.
We found, as we expected, several false positives. Until SpyForce began to learn our behavior, when we would purposely behave badly the software would catch us and interrogate us. While this is not traditional extrusion prevention software, it does have several benefits for controlling insider behavior. We found it interesting, but are unsure of its value.
The web site has the usual support options and 24/7 phone support is available Monday through Saturday. At $89.99 per computer, the product can get a bit pricey in larger installations.
