It does this by looking at where the employee is accessing the data, what applications are being opened and even mouse movement and keyboard strokes, said Balabit CTO Balázs Scheidler. The Blindspotter software can then score what activity looks suspicious and even react by terminating an employee's corporate connection.
"We get a very intimate insight into what you are doing," Scheilder said. "Traditional tools aren't capable of looking at this traffic."
That insight may not be to everyone's liking. With real-time monitoring can come concerns about violating employee privacy.
"It's important for the companies to be transparent and communicate to those who are being monitored why this is happening," Scheilder said. The monitoring doesn't have to involve all employees. It can focus on those with high-level access, such as system administrators, who could be the target of hackers or insider threats trying to steal their login credentials.
"The kind of damage that can happen if your account is stolen ... can be communicated very clearly," he said.
Maintaining the right approach
Companies that do suspect an insider threat should contact the professionals, said Eric O'Neill, national security strategist for security firm Carbon Black.
"You shouldn't do it alone," he said. "You don't want to corrupt the investigation. These things can get touchy."
That can be especially true when malicious employees are trying to cover their tracks. Evidence needs to be found and preserved to help determine the full extent of what may have been stolen, O'Neill said.
It's also important not to go too far in catching insider threats. "Certain procedures can make employees feel like they are working in a police state," he said.
However, O'Neill encourages companies to take insider threats seriously. "Many companies and government agencies still have a blind spot with this problem," he said. "It's one of the most difficult issues facing security."
Sign up for CIO Asia eNewsletters.