January 01, 2007 — CSO —
Every month we get at least one press release citing the latest security survey as evidence that the insider threat is greater than the outsider threat. This is a cue for you, dear CSO, to spend less on your perimeter and more on whatever "insider threat prevention" tool the press release is trumpeting. Amusingly, we also frequently get press releases claiming the opposite, mentioning the ever-growing crescendo of targeted hacks and zero-day exploits.
Insider versus outsider? To me it's a moot argument, and press releases about which is more dangerous make my eyes glaze over. Any security plan worth its salt needs controls to defend against both.
The security plan was actually part of the problem at Hewlett-Packard, as noted in Sarah D. Scalet's examination of HP's investigation fiasco ("5 Things About Corporate Investigations That Won't Change," Page 26). However, while the goof-ups perpetrated in the overzealous investigation rightfully drew much of the attention, at the root of all of the mess you had a very well-placed insider divulging confidential information.
When you're trying to keep your employees on the straight and narrow, obviously you need good internal controls. Segregation of duties, solid auditing procedures, that Sarbanes-Oxley stuff. There's also a whole class of relatively new software products that aim to help prevent company employees from misappropriating confidential data or proprietary plans. Their insider versus outsider press releases may be boring, but I find the products fascinating. In various ways, they all monitor employees' computer activities pertaining to corporate data. If Larry in the call center tries to burn a CD with a bunch of customer credit card numbers, the software can block Larry, warn him, alert the security department or all of the above. Vendors in this space include Verdasys, Vontu, Vericept, Oakley Networks, PortAuthority and Reconnex. Then there are other folks focused narrowly on outbound messaging, such as Orchestria. One challenge is that the vendors use differing terminology to describe what they do: content filtering, intellectual property protection, data leakage (or even "extrusion") prevention. Also, they all have different points of emphasis (messaging leaks, data at rest, USB copying) and different methods (some sit on the network, others put a client on each computer), so choosing the right one requires comparison shopping. The vendor field in fact seems a bit overcrowded, so some consolidation wouldn't shock me. But the premise of this product class makes sense to me, particularly for big-company CSOs with highly sensitive intellectual property and/or lots of regulatory oversight.
Of course, the HP boardroom leak was mostly via cell phone, not e-mail. Sometimes technology only gets you so much.
–Derek Slater, dslater@cxo.com
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.
Other stories by Derek Slater
Understanding malware techniques and the ever-more sophisticated cybercrime ecosystem
Advanced evasion techniques emerge
Organized cybercrime revealed
Inside the global hacker service economy
Anatomy of a DDoS extortion attack
The rise of anti-forensics
The botnet hunters
Timeline: a decade of malware
- Introduction to VMware vCenter Site Recovery Manager 5
- Introduction to Virtualization
- Preventing Unplanned Downtime with Server Virtualization
- Secure Cloud Infrastructure and Next-Generation Data Centers - An Interactive Panel for Decision Makers
- Gartner Next Generation Network IPS Webcast
- Understand Your Data: The Future of Backup and Archiving
- Patch Tuesday preview, February 2012
Microsoft published its Patch Tuesday Preview for February of 2012 a few minutes ago. IT admins can expect nine bulletins to address 21 security vulnerabilities.
It looks like four bulletins will be rated critical while the rest are designated as important.
Affected Microsoft products are:
- M86 report proves water is wet
- Actor, banker, soldier, spy: Suits and Spooks Anti-Conference aims to redefine security
More Salted Hash with Bill Brenner
