Combating the Insider Threat
© 2015 Lancope, Inc.
Table of Contents
Chapter One
WHO IS ATTACKING YOUR NETWORK?
Chapter Two
INSIDER THREAT MOTIVES AND METHODS
Chapter Three
DETERRING INSIDER THREATS WITH TECHNOLOGY
Chapter Four
USING NETWORK LOGS TO THWART INSIDER THREATS
Chapter Five
BEYOND TECHNOLOGY
Chapter Six
SUMMARY & TOP 10 WAYS TO COMBAT INSIDER THREATS
Chapter Three
Deterring Insider Threats with Technology
Thankfully there are technologies that can help organizations
deter or thwart insider threats.Here’s a look at which types of technologies are effective against each kind
of insider threat.
Negligent Insiders
Various measures can be used to deter negligent activity and “keep
honest people honest.”
Access Controls
Access controls can prevent people from obtaining sensitive data
that they do not need in order to do their jobs. According to a December 2014 report by the Ponemon
Institute, seventy-one percent of end users say that they have access to company data they should not be able to
see.
Encryption of Data at Rest
Encryption of data at rest can also help prevent data loss by
negligent insiders in the event that they lose
their laptops or other equipment.
Malicious Insiders
Access Controls
Access controls can also help prevent damage done by malicious
insiders. Making it harder to access
sensitive data can keep honest people honest, but also put a
wrench in the plans of malicious attackers.
Checks and Balances
Checks and balances are also extremely important in this arena.
There should never be just one individual who has administrative access to a system, as this could
essentially leave the person free to do whatever they want with the data or device – or even hold it hostage
after leaving the company. Shared usernames/ passwords should also be avoided as they do not hold the
individual users accountable, and could still be used by people who have since left the organization.
Logs from Endpoint Systems and Network Devices
Logs from endpoint systems and network devices can also be used
to identify and investigate cases
of insider malice. For example, a case of financial fraud might
be detected by examining database
logs from a credit card processing system, whereas a case of
data theft might be noticed through
monitoring of network traffic.
Compromised Insiders
Compromised insiders are a much more challenging type of insider
threat to combat since the real
attacker is on the outside, with a much lower risk of being
identified. Typically, no amount of deterrence
will discourage them from carrying out their attack.
Furthermore, traditional security solutions that focus on catching malware and exploits cannot identify the unauthorized
use of legitimate accounts. In fact,
studies have shown that advanced attackers are on the network
for a median of 243 days before being
detected. The use of network logs is really the only way to uncover and shut down this type of
threat.
Няма коментари:
Публикуване на коментар