SecureWorld News

Breaking Down User Activity Monitoring Tools: Security and HR Perspectives

Written by Alex Vakulov | Thu | Jan 4, 2024 | 12:48 PM Z

A User Activity Monitoring (UAM) tool is a software solution designed to track and record the activities and interactions of users on computers or networks for security, compliance, or management purposes.

UAM systems operate by installing a software agent on each employee's computer. This agent gathers data about the user's actions, such as keystrokes, mouse clicks, application usage, and internet activity. The information is sent to a server for analysis. Managers can access this data through a console, reviewing reports, live feeds from employee screens, screenshots, video recordings of desktop activity, and intercepted files or messages.

This tracking helps determine the start and end times of employees' workdays, detect any delays or overtime, and distinguish between active and idle time. Further, the systems categorize activities into productive and unproductive. Management can infer an employee's intentions by analyzing changes in their online activity and resource usage. This data can be used to gauge turnover risk, assess the need for new positions, and evaluate employee productivity and workplace engagement.

UAM tools also greatly help ensure data security. Information within a company can be categorized into three levels: circulating documents, metadata (such as correspondence, calls, system events, keystrokes), and other data. Some advanced UAM solutions incorporate certain Data Loss Prevention (DLP) functions, monitoring various data transmission channels, and implementing video monitoring and screen photo detection to prevent leaks of confidential information. When integrated with a separate DLP system, employee monitoring tools focus on identifying potentially unauthorized actions, acting as a funnel to highlight areas of concern in employee behavior.

In terms of computer system event monitoring, UAM tools can track software registry changes, hardware usage, port activity, and program and external IP access. These systems allow for the generation of detailed reports and comparisons between departments and individual users.

When and why companies implement UAM solutions

UAM tools are often employed when a company's HR or information security departments identify specific issues that cannot be resolved by other means. There is no fixed threshold, like employee headcount, for when these tools are needed.

Actually, there are two main approaches to implementing UAM solutions. The first is reactive, where management identifies a problem and then deploys these systems to gain a clearer understanding of the situation. The second approach is proactive, where companies install these systems to proactively gather valuable insights, as helpful information is bound to emerge.

What customers seek in employee monitoring tools

Customers look for UAM systems that not only record an employee's actions and analyze their internal and external relations but also provide alerts for potential policy violations, like flagging specific words or phrases in communications.

There is a growing trend of employers focusing on the risks associated with remote employees, leading to requests for tracking the location of corporate devices and their IP address pools. Experts note a shift in the past several years, with companies increasingly prioritizing internal over external threats, thus driving the demand for employee monitoring and efficiency systems.

Some customers seek "Swiss Army knives"—comprehensive solutions encompassing time tracking, monitoring, DLP features, and other related functionalities.

From an information security department's perspective, the more data collected on employee actions, the more effectively potential incidents can be investigated. However, HR departments are interested in different capabilities like analytics, detailed reports for individual employees and the company as a whole, insights on application usage, and changes in employee behavior patterns.

Some potential customers express concerns about system and network loads. Fortunately, UAM system agents typically have a minimal impact on end devices, as most data processing occurs server-side. Significant workstation load occurs primarily when automatic response functions are activated to block unauthorized actions, a feature typically reserved for only the most critical systems.

A modern employee monitoring system needs to be scalable, functioning efficiently for companies with as few as 10 or as many as 10,000 users, and should operate effectively on existing hardware. Integration with a customer's existing infrastructure, including other security tools and various cloud technologies, is also crucial.

Employee view on monitoring tools

When employees have access to their own activity monitoring data, it can empower them to demonstrate their effectiveness and productivity to their employers. This transparency can provide a strong basis for discussions between employees and their managers, showcasing their work performance with solid statistics.

On the flip side, employees often lack access to the data collected by UAM solutions. This is particularly relevant for remote workers. For these workers, being monitored by information security tools can feel intrusive and is often viewed negatively. It is crucial to consider how monitoring tools can be used without infringing on an employee's personal life, maintaining a balance between work monitoring and respecting privacy.

Important aspects of using UAM systems

When introducing a system to monitor employee actions, companies must handle the legal aspects properly. This includes incorporating the use of monitoring tools into employment contracts, which can help avoid future disputes with employees. Additionally, updating the job descriptions of security officers and system operators is needed, as they will have access to sensitive and personal data during the monitoring process.

Databases accumulate a vast amount of sensitive information, including passwords, trade secrets, financial and personal data. To safeguard this data and prevent leaks, a comprehensive approach is necessary. This involves:

•  Choosing UAM solutions from reputable vendors
•  Implementing organizational and technical measures
•  Carefully managing and configuring access rights
•  Hiring security personnel with discretion

Recently, the trend of employee profiling has gained traction. This involves creating profiles of a "typical" employee in a specific department or role and then identifying deviations from this norm. It is important to recognize that deviations in data or behavior do not always stem from harmful intentions. Many legitimate reasons can explain these differences. Monitoring systems can help identify risk groups for further attention and provide valuable data for case-specific analysis. While profiling and psychological methods offer a general view, statistical analysis provides precise and clear information. For example, analyzing an employee's search queries or visited websites can effectively predict their likelihood of leaving the company soon.

Future trends in User Activity Monitoring

Today, the primary challenge in adopting employee monitoring solutions is their high cost, coupled with concerns about employee demotivation due to increased surveillance. In the near future, the demand is expected to shift towards universal solutions that efficiently address 80% of issues using just 20% of their features. These solutions should be lightweight and not incur significant additional ownership costs. Integration with related systems and strategic data analysis will also become key trends.

Classical DLP systems may phase out, as some solutions now offer similar functionalities, like log collection and channel monitoring, along with Endpoint Detection and Response (EDR), Data-Centric Audit and Protection (DCAP), and others.

We will likely see a growth in analytics systems that process different types of incoming data, with agents operating under a distributed architecture. The use of artificial intelligence in employee monitoring tools is anticipated to increase. This advancement aims to minimize human error in personnel monitoring and assessment and provide more profound analytics for correct management decisions.

Conclusion

The topic of user activity monitoring is highly relevant these days. The trend towards remote work poses challenges for employers in overseeing employee activities and managing risks related to potential illicit behavior.
In addition, employees who are in the office often face stress, leading to impulsive actions, abrupt resignations, and other actions that may not align with company interests. It is vital for managers to understand the team's current state, the prevailing mood, and ways to address any negative trends. Monitoring solutions can guide management in choosing effective strategies for individual employees and the workforce as a whole.
UAM tools provide extensive information on employee activities and offer the means to analyze this data. Features like profiling, video and audio analysis, and blocking illicit actions enable companies to not only investigate personnel-related incidents but also to conduct preventative measures and avoid potential violations.