Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Insider threats and how they can be mitigated

Grant Hatchimonji | Oct. 16, 2013
Vormetric report identifies widespread concerns and how they can be addressed

"The actual amount of data or records being stolen from these devices is fairly minimal," he said. "They're just a way to get into data centers. But there is a lot of risk on those endpoints."

Employees accessing their company's network or files remotely, said the Vormetric report, is a situation in which businesses need to take user context into consideration. A CEO, for example, should have complete access to all data when he or she is connected via the corporate LAN, but not when accessing the files remotely from an internet café. Current, typical measures for remote access are often not sufficient in this sense, said Cates.

"As it stands now, VPN is not strong enough. Things can be spoofed," said Cates. "You need better monitoring of database access and activity. In the future, there's going to be some innovation where you can get more info about whether where you're coming from is safe."

The report also suggested that a viable approach to fighting insider threats is pervasive coverage. While this may raise concerns about whether or not this creates more work for security teams, Cates argues that this isn't the case.

Cates suggested implementing controls so that access is on a "need to know only" basis. Organizations can take privileged access away and use methods like keystroke tracking and heavy auditing to protect their data. By taking a policy approach to data access and reducing total ownership, he said, Vormetric's idea of pervasive coverage doesn't actually take more time or work since it reduces what teams need to focus on.

"You want to make it so the only way to your information is through the front doors," said Cates. "Now I only have to watch the front doors. My time is more focused."

Kessler also talked about de-perimeterization and, more specifically, situational awareness when approaching security. While there are some solutions that are focused and tactical, he said, they are often expensive and require training. Rather, teams should focus on the prevention and reaction aspect of security and try to reduce reaction times when dealing with a threat.

"Yes, there are expensive options, but you can always start off by just collecting information [about threats] for faster response times," said Kessler. "Boil up your data to discoverable problems and actions, and that way folks can get to the bottom of issues quicker.

"Reduce your attack surface with preventative measures, and then solve problems quicker with your reaction."

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.