This guide explains how to utilize Teramind’s behavioral based rules to detect insider threats, protect your organization from malicious or accidental security incidents, prevent data loss or to conform with regulatory compliances. The guide explains rule structures, conditions, logic, data types etc. It shows you the steps for creating a rule, their uses cases, best practices and advanced capabilities.
The guide is designed for the managers, administrators and security personnel who are responsible for configuring and maintaining the Teramind solution in your organization.
You can download a PDF version of the guide by clicking the button below, or view the articles from the Quick Links below.
Introduction to Rules
Behavioral rules are a core part of Teramind’s automated insider threats detection and data loss prevention capabilities. They allow you to identify unproductive, harmful or dangerous activity in real-time and optionally, act on your behalf to thwart such threats. The Intelligent Rules Engine is tightly integrated throughout Teramind platform:
- The Rules Engine utilizes Teramind’s granular Activity Monitoring capabilities, such as: apps, websites, emails etc. to determine what activity or content the rule should detect.
- It uses the User Profiles to determine whom the rule should apply to.
- You can use the Configurations settings to supply additional inputs such as employee Schedule, Shared List etc. for use with the Rules Editor to speedup the rule creation process and to share parameters across different rules.
- You can use the Monitoring Settings to control when and how the rule should work, minimizing privacy concerns.
- You can view detailed reports on the rule violation incidents with the Alerts, Risk Report, Dashboard Widgets, Session Player and the Notification Emails.
- Teramind Agent enforces the rules you create from the Teramind Dashboard on the user’s computer.
With hundreds of pre-built rule templates, pre-defined data categories and sample rules, you can get started with Teramind right away. You can create your own rules very easily with an intuitive, visual Rules Editor. The editor allows you to use natural language, regular expressions, shared list and pre-built data classifications to define what makes an activity or data sensitive and use simple conditions that will trigger a rule violation incident. When a rule is violated, you can be notified about the incident and optionally, the system can take actions automatically in different ways, such as: warning the user, blocking the activity etc.
Teramind keeps detailed records of each rule violation incident complete with detailed information and relevant metadata. You can see the rule violations report from the Alerts screen and quickly search for an incident.
Teramind also captures video and optionally, audio for a rule violation incident. You can view the recordings with the Session Player. The player allows you to see what rule notifications the user received and the trail of activities leading up to the incident. You can also export recordings for evidence or forensic investigation purposes. These recordings are automatically analyzed and index by Teramind’s advanced OCR-engine. You can conduct high-speed OCR search for on-screen content or create OCR rules that will activate whenever certain text is detected on the screen, in real-time.
You can conduct risk analysis and identify high risk rules, users or objects from the Risk report. This also gives you ideas on how to adjust your rules’ detection settings to focus on key areas of vulnerabilities or reduce false positives.
Finally, you can get scheduled delivery of rule violation reports or ‘just-in-time’ notifications in your inbox with the Email Notifications feature.
- Teramind User Guide –contains detailed explanation of Teramind’s user interface. It’s also an excellent reference manual that can help you quickly locate information or show you how to use Teramind on a day to day basis.
- How-to-Videos – contains how-to videos and rule examples.
- Guided Tour – Teramind has an interactive tour feature with over a hundred use-cases. You can use this feature to learn how to utilize Teramind features and capabilities and see how some of the common rules work. Click the button at the top-right corner of the Teramind Dashboard to access the Guided Tour feature.