Combating the Insider Threat
© 2015 Lancope, Inc.
Table of Contents
Chapter One
WHO IS ATTACKING YOUR NETWORK?
Chapter Two
INSIDER THREAT MOTIVES AND METHODS
Chapter Three
DETERRING INSIDER THREATS WITH TECHNOLOGY
Chapter Four
USING NETWORK LOGS TO THWART INSIDER THREATS
Chapter Five
BEYOND TECHNOLOGY
Chapter Six
SUMMARY & TOP 10 WAYS TO COMBAT INSIDER
THREATS
Chapter Six
Summary & Top 10 ways to combat
insider threats
In conclusion, it is critical to recognize that insider threats
come in different forms, and technologies that
stop one type of insider attack may not necessarily be effective
against others. Nonetheless, it is important to adopt a comprehensive range of solutions such as access
control and encryption technologies, which can play a big role in deterring insider attacks.
And don’t forget about the use of network logs, particularly
NetFlow, for continuously monitoring user
activity. Advanced technologies can take the capabilities of
NetFlow even further by providing additional
security context and helping organizations make sense of the
plethora of data available on the network.
In the end, however, insider threat prevention is about more
than just technology. Other key groups
within the organization, including HR, Management and Legal, for
example, also need to join IT in the
fight against insider threats.
Please refer to the following Top 10 List for a
comprehensive recap of insider threat prevention methods.
Top 10 Ways to Combat Insider
Threats
1. First and foremost, it is important that your company conducts
thorough background checks before
hiring employees, contractors or third-party vendors.
2. Once employees are hired and given access to sensitive systems,
establishing appropriate checks
and balances for access to confidential data is key.
3. Thorough measures must also be taken to revoke previous employee and contractor access to
your company’s systems.
4. Understand the different types and characteristics of insider threats – negligent, malicious and
compromised – so that you can better detect and protect against
them.
5. Remember that access controls can serve as a key deterrent for both negligent and malicious
insiders.
6. Additionally, encryption of data at rest is crucial for minimizing the impact should a negligent employee lose his/her laptop or other equipment.
7. Of course, user
education should not be overlooked. It is a
lot easier for employees to abide by best
practices if they are aware of them.
8. The collection, analysis and storage of various types of network logs should be a critical component of any insider threat security program.
9. Remember that some monitoring solutions provide additional security context, such as identity
awareness, which can be invaluable for quickly tracking down the
source of insider attacks.
10. Last but not least, it is important to realize that the IT
department alone cannot adequately protect a
company from its own insiders. Insider threat programs must also
involve Management, HR and Legal.