Why don’t I just beaconize all my documents?
While you are fully able to beaconize all the documents in your organization, our research shows that you don’t have to. Only a few strategically beaconized documents are needed to alert you to data exfiltration without an overwhelm of alerts.
Can you encrypt my beaconized data so that if it ever leaves the enterprise it would be inaccessible and protected?
We can encrypt pdfs in this manner. Otherwise decoy documents obfuscate real data with believable fake data.
Could an intruder detect an alert going out and block it?
If an intruder knows what to look for, it’s possible. Alerts are architected to look as if they are part of the document, such as loading a content asset from a CDN.
Could an intruder fake out the IP address spoofer on the Geo Location feature?
An intruder could fake out the geo locater with an IP address spoofer. Even if the geo locator doesn’t work, though, an alert would still provide a real time notification of the loss of a sensitive document.
Does the GeoIP feature work outside of the enterprise network?
Yes. GeoIP works based on IP address — so it’s mapped to the ISP of the IP.
Do you offer a hosted solution?
Yes, we offer both a hosted solution and an installed solution. With our hosted service we do not, however, host any enterprise documents on our servers, we only host the Novo program and fake documents.
How robust is the behavioral profile? What if I get sick or drink too much, will my device still recognize me?
The model does not rely on the sorts of physical behaviors of a user that can be affected by sickness or chemicals. If, for some reason, the user’s behaviors do change drastically and they are locked out, they can re-authenticate using a secondary factor.
Does it work across platforms, i.e. will one password share my behavior profiles across all my devices or will they each have to learn me?
You use each device differently, so each device stores your behavioral profile on its memory. This has privacy benefits; you know that your behavioral data and who you share it with is always under your control.
Does Novo deal with spear-phishing?
Novo was based on DARPA technologies designed to deal with insider threats, so if a masquerader uses a password to gain access to the network they will have different goals and act differently than the person who typically uses that station, meaning that the machine learning sensors will detect their different behavior and the decoy technology will help to both alert and obscure your real data.
Could Novo be used to figure out or track who is the most vulnerable link in your organization?
Novo offers a big picture view of security hygiene and the ability to drill down into a detailed view of users, which means a security pro can see which users are acting negligently or who have the fewest security fail safes in place. The ability to track a user’s history with a document also helps to be able to pinpoint the origin of a problem (e.g. being able to track who emailed out a sensitive document, not just who opened that document). They can also zoom out to a department or network level to see security vulnerabilities within a community.
How does Allure create decoy documents/folders/applications that look like something a masquerader would want to take?
Allure has spent years of research determining the psychology of what makes one file more (forgive the pun) “alluring” than another, both in a sense of how it needs to look to be read as realistic and how it should look to entice unauthorized users of a system. This data, coupled with the ability to make a wide variety of customized corporate documents — documents on corporate letterhead, special internal forms, means that Novo can create decoys indistinguishable from the real thing.