This article is part 2 of 3 in the “Insider Enterprise Threats” series, outlining effective policies and practices for combating insider cyber security threats to the modern enterprise.
In the first part of this series, we examined the seriously-overlooked threat posed by malicious insiders – employees, contractors, and more – and discussed user monitoring mechanisms that can help identify and detect these threats as they arise.
In this second article, we’ll identify technical solutions for providing situational awareness across the networks, securing files, and other security solutions designed to prevent, detect, and monitor malicious behavior. This time, the focal point is the technology itself.
While monitoring cyber behavior is vital to combating insider threats, it won’t stand on its own; systems, applications, data, devices, and other digital services should be technically secured and monitored against malicious insider activity, as well. This poses a number of challenges.
Insider Enterprise Threats Challenges
Traditional defense mechanisms fail against insiders. Perimeter firewalls, intrusion detection systems, and multifactor authentication standards are meaningless against an adversary who has active and legitimate access to systems and information. They are already “inside” the cyber boundaries laid by conventional security software, which makes them even more likely to slip through the cracks and cause considerable harm.
Further, even if we do monitor the activity on a user’s account, there are challenges in discriminating between normal and abnormal behavior. Change management is critical. The integrity of the files are critical for true network situational awareness.
If an encrypted file is read dozens of times a day by an accounting team, will the system notice if someone outside of accounting decrypts the file? What about a malicious insider within accounting – would they be detected? How do we distinguish between legitimate file transfers and non-legitimate ones? What about using USB (Read more...)
This is a Security Bloggers Network syndicated blog post authored by Tripwire Guest Authors. Read the original post at: The State of Security