Many enterprises have advanced security procedures and technology. The purposes of these security systems are to restrict access to secure/confidential assets to only authorized personnel. The systems provide auditing by logging dates and times that specific individuals gain authorized access to the assets.
However, once an individual obtains authorized access to a designated asset, very few security systems continue to monitor actions taken by the individual with respect to the designated asset or with respect to other assets that are accessible to the individual with that individual's authorized access to the designated asset. That is, other secure assets may be compromised or stolen by the individual when the individual was only permitted to access one of the assets during an authenticated access.
Not only is the above-noted situation problematic to existing security, but discovering how an asset that was compromised or stolen is also problematic for existing auditing systems. This is because the audit trail for an authenticated access to a designated asset is typically focused only on actions taken by the individual with respect to the designated asset. As a result, all individuals that authenticated for access to any of the assets have to be investigated to discover where culpability should be assigned.
Additionally, existing security systems are not generally focused on real-time detection of a potential security breach during an authorized access. That is, most security systems assume that if one has authenticated access, then there is no security breach and no need to continue to monitor the authorized individual during the authenticated access.
Yet, most theft of assets or information occur from employees known the security procedures and security systems well, such that it becomes easier for these nefarious employees to circumvent both the existing security and the existing auditing used to discover how the theft occurred.