Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

New methods for addressing insider threats: A roundtable discussion

John Dix | March 18, 2014
Technology advances have made it easier to detect subtle, anomalous end-user behavior, such as installation of unusual apps on endpoint devices, or suspicious deviations from baseline activity. This roundtable discussion examines methods to build monitoring, control and context into enterprise insider threat protection efforts – both when dealing with privileged users and regular employees.

OK, any closing thoughts?

OGREN: We're still kind of hung up on being able to have open discussions on security, best practices and products. We have this irrational fear that, if we disclose what our security architecture or practices and procedures look like, attackers will just come flying through our organization. In fact they do that anyway. As a community we should do better with security. The culture of silence presents a lost opportunity - an open dialog and conversations with peers can effectively advance our best practices. Because we don't talk about security as an integral part of the business, we lose that opportunity to enlighten ourselves and say, 'Hey, if we change a few things here then that can reflect on the business and everybody comes out ahead.'

AMMON:  In almost all cases the identity and access groups are two separate organizations. As we move towards identity as the new perimeter because of things like mobility and cloud, we, as a vendor, are challenged with bringing those two groups together. Because all of a sudden identity gets connected back to that processing of security data and active policy enforcement, and I think some of the delay in the marketplace has been trying to bring those worlds together. It's early stages of that, but it is starting to change.

That said, we're in a bit of a rut. We've been working harder and harder on treating symptoms, maybe because there was a sense that there wasn't a way to deal with the root cause. So I would hope maybe we're seeing a way forward, a way to deal with root causes because solutions are available to dramatically reduce your risk around those root causes. I think that will have a ripple effect throughout the rest of your security controls.

OGREN: As a security officer you're probably not going to rip out stuff that's already deployed. But as you start moving more into cloud-based services and tablet use from home, as you virtualize new applications and they move around the globe, use that as an opportunity to try out some new ways to analyze traffic, to look at privileged users and insider use and management. Just start with that. You can't do a big bang. But in some of the new projects you have going you can ask, "How are you going to manage insider users? How are you going to account for them? Is there a model that will scale?" And as the company gets good at it you can bring it to the rest of the organization as well. So start putting that stuff into your requests and start dovetailing it with some of the other technology initiatives.

 

Previous Page  1  2  3  4  5  6  Next Page 

Sign up for MIS Asia eNewsletters.