Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

New methods for addressing insider threats: A roundtable discussion

John Dix | March 18, 2014
Technology advances have made it easier to detect subtle, anomalous end-user behavior, such as installation of unusual apps on endpoint devices, or suspicious deviations from baseline activity. This roundtable discussion examines methods to build monitoring, control and context into enterprise insider threat protection efforts – both when dealing with privileged users and regular employees.

Are some organizations out in front on this, doing it properly using all the latest tools? 

AMMON: I was on a panel about a month ago, and one CSO gave a very thorough presentation about this issue and everything they were doing, and on the other side of the spectrum, the other CSO didn't have a clue there was even a focus in this area and technology available. So I think you've got real peaks and valleys.

RIFAI: I couldn't agree more with that. Some clients have their perimeter under control, their network under control, but they still have this deficiency understanding what's happening to their sensitive information, while others are aware and making the appropriate investments and even driving a lot of the requirements. That's not the majority right now, but it is certainly moving in that direction.

AMMON: When we get a new customer, we typically see they have been attempting to cobble together a solution made up of existing security investments. And inevitably they learn that building and maintaining that is a very expensive endeavor. And it never really satisfies the auditor because it is so distributed and never really worked in the first place. There are many security investments doing exactly what they were supposed to, but don't necessarily expand to some of these other use cases. So there is growing recognition the existing approach is probably never going to quite get you there and you need something new.

OGREN: I've seen some companies doing this, John. Like in industries such as finance, where they need to be able to monitor user behavior and report on that. A lot of that is driven by a sea change in the technology — someone comes in with a tablet or a phone and bypasses the firewall and everything else and the old perimeter model is simply long gone. 

Speaking of new technologies, how does adoption of cloud complicate this picture?

AMMON: I think there is a less than optimal understanding of how your risk plane increases with virtualization and cloud. Many buyers aren't aware of a number of the issues. For example, if you're using a virtualization platform, you now have access to every single host through the virtualization platform as well as through the front door of the application or the platform itself. 

You have to protect these new access points, and you have to be able to create rules and contain and control that access. They're available via web consoles for self-service administration inside the cloud environment, and you also have management APIs where you have automated actions that have privilege. So now your privileged actors aren't just individuals, they're programs and with elastic computing, if that credential is compromised or it's not particularly well controlled, you can incur hard dollar losses. If somebody scales up 10,000 instances in Amazon by mistake, you're getting a bill. That's really elevating attention to this problem and requires that not only do you deal with it from a user perspective, but you also deal with a growing issue of application programming interfaces.

 

Previous Page  1  2  3  4  5  6  Next Page 

Sign up for MIS Asia eNewsletters.