11:51 AM

Insider Threats Get More Difficult To Detect

User diversity and growth in network activity including cloud services are among reasons it's getting harder to guard against insider data breaches, says Fortune 1000 survey.

Iris Scans: Security Technology In Action
Iris Scans: Security Technology In Action
(click image for larger view)
While Edward Snowden's name will forever be linked to his leak of classified National Security Agency data, it might come to stand for something else: The moment in time when insider threats became as important a security issue to government and other enterprises as advanced persistent threats.

A new survey of more than 700 Fortune 1000 IT pros indicates that the job of protecting against insider threats from employees, contractors or partners -- or those posing as authorized users -- is growing more difficult.

The survey findings, released this week by Enterprise Strategy Group, state that more than half (54%) of enterprise IT pros are finding insider threats more difficult to detect or prevent than they were in 2011. One reason is the increasing sophistication of malicious software that lets users gain legitimate internal access privileges to networks, applications and sensitive data.

[ The head of the National Security Agency defends the agency's actions. Read NSA Chief: Don't Dump Essential Security Tools. ]

"The barriers to network breaches are really melting away," said Alan Kessler, CEO of security vendor Vormetric, which sponsored the research. The firewalls that once kept potential intruders at bay "are essentially gone, because the adversaries are working from inside," he said in an interview with InformationWeek.

But there are other factors. Among survey respondents, 17% of whom work for government agencies or in education:

-- 37% point to the fact that there are more people -- employees, contractors and business partners -- with access to the network, making it more difficult to isolate suspicious behavior.

-- 36% say that the growing use of cloud computing at their organizations makes insider threat detection/prevention more difficult, as it increases the attack surface for insiders.

-- 35% say the growing volume of network activity also makes detection and prevention of insider attacks more difficult, as it makes it harder to baseline normal behavior and pinpoint anomalies.

1 of 2
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Apprentice
9/27/2013 | 9:39:19 PM
re: Insider Threats Get More Difficult To Detect
NSA's decision to go to "two-man rule" in handling sensitive data, following Edward Snowden incident, may give a new spin to the notion of two-factor authentication.
Andre Gironda
Andre Gironda,
User Rank: Apprentice
10/15/2013 | 7:03:49 PM
re: Insider Threats Get More Difficult To Detect
Dear Editor,

Great article and comment -- allow to please speak to both.

In your article, only one vendor is mentioned, Vormetric, a classic data security company. However, data security is not the correct control against insider threats using any information security management model, principle, or control set. The gap that exists is primarily due to 3 factors:

First is application security -- the Intranets of yesteryear require the same application security controls as everything "outside the firewalls". Second is threat intelligence -- Vormetric will not help if you are facing AVT (Advanced Volatile Threats, an APT that uses strictly in-memory techniques). Lastly, you must have enough staff to handle and respond to incidents at scale. If you want big data for your cyber security programs, you best use your best data to know when to hire, how many, what specific attributes/skills you need pre-/post- COE, and how you're going to be able to hire and train them in time to respond to all of your incidents (including insider threats) at scale.

The insightful comment you gave coincides with my last point -- that identity and authentication/authorization access controls should be modernized and integrated with people. Google, who has used big data to optimize their ID/AuthN systems, will be adding Universal 2-Factor (U2F) to defend their business and assets come January 2014. This is a bold move away from the hokey biometric systems we're seeing in the media. Google, clearly knowledgeable about technologically-advanced insider threats against sensitive operations, does employ role compartmentalization with separation/rotation of duties.
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-09
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.

Published: 2015-10-09
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Published: 2015-10-09
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.