Address: Keangnam Building – Landmark 72, Pham Hung Rd., Nam Tu Liem Dist., Hanoi, Vietnam
Phone: 0971 360 360
Website: http://viettelcybersecurity.com

Company profile

Viettel Cyber Security Company (Viettel Cyber Security) is a member of Viettel Group, performing in-depth research, development, and consulting on cyber security solutions. Viettel Cyber Security is currently a leading partner in Vietnam in ensuring information security for key national infrastructures, organizations and businesses in diverse industries such as: Banking, Energy, Electricity, Oil and Gas… Viettel Cyber Security has been reaching the international level with prestigious awards from world-renowned organizations, certified as the 2022 Vietnam Cybersecurity Services Company of the Year (by Frost & Sullivan)



Compared to external threats, Insider Threat is difficult to predict and prevent, but when they occur, insider threats cause the strongest impact on the organization’s operations. According to 2022 Cost of Insider Threats Global Report of Ponemon Institute: 44.3% The increase in insider incidents took place between 2020 and 2021
Organizations are facing:

– Objects that unintentionally or intentionally use tools and software that are not regulated (shadow IT)


Viettel Insider Threat Detection (VCS – InT) is a product of Insider Risk Solution series that provides early detection of objects with unintentional or intentional risks of harm (data breach, system sabotage, fraud) for organizations coming from abnormal behavior on workstations inside the organization.


– Collection of data events and user behavior

Collect comprehensive data from sources like: data (documents, systems, accounts) and behaviors, habits of object by agent on workstations: internet, mail, file, app connection, usb, printing, clipboard (or integration with DLP systems)

– Abnormal behavior monitoring and risk assessment

Alert potentially at-risk objects by continuously tracking and assessing risk scores for all sessions of objects with even the smallest abnormal behavior on workstations with AI technology (User & Entity Behavior Analytics).

  • Subjects unintentionally or intentionally illegally view, leak internal data, customers, sourcecode, account information,..
  • Unintentional or intentional objects accessing, unauthorized system impact

The above problems are often caused by 3 groups of subject: careless users, users with bad intentions, account information taken over by attackers.

In addition, traditional Data Loss Protection (DLP) systems are preventing data leakage through known channels. There is no early detection, lack of linguistic information about the violators and not covering all existing and ongoing harm risks in the organization. For organizations using DLR solutions, VCS-InT combines interactive behavior collection capabilities with data and collects human behavior with AI (User & Entity Behavior Analytics) technology to assess risk across all user sessions. Focus on high-risk groups: Those who quit their jobs; Outsource, partners; Privileged accounts (IT admin, DevOps,..); External objects or interactions (Sale, Customer Service,..)

– Risk Management and Classification on Workstation

The level of organization’s risk and the improvement
The group of laws and signs is at high risk
User groups (department, position,..) are accounting for a high proportion of risk
High-risk groups
– Customize the set of laws and signs according to the specifics of the organization


– Early detection of risks with predefined rules and indicators

Assessing the risk level of the user based on historical context and habits.

  • Abnormal access to the system is not in accordance with the location, function
  • Anomalous data viewing, download actions that are not related to work
  • The sensor data is being sent to the outside
  • Actions using software, systems (shadow IT) are not regulated
  • Unusual actions with personal and group history habits such as: login hours, strange connections, data collection, editing/deleting multiple documents, using strange software, preparing tools, etc.

– Enhance alert quality by grouping users’ work activities automatically

Users (Human Resources, Information Technology Administrator, Programmer, Partner, etc.) are grouped automatically according to their behaviors on workstations. Within a group that shares the same characteristics, the abnormality level of a behavior is reduced if other users in the group perform the same behavior


Agent: Software installed on workstations to monitor and detect anomalous behaviors

VCS – InT Server: Server that manages, analyzes, correlates and consolidates related events captured and reported by Agents, and notifies high-risk entities within the organization

VCS – InT Web Portal: Management interface that displays notified entities and generates report screens