Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/27/2013
11:51 AM
50%
50%

Insider Threats Get More Difficult To Detect

User diversity and growth in network activity including cloud services are among reasons it's getting harder to guard against insider data breaches, says Fortune 1000 survey.

Iris Scans: Security Technology In Action
Iris Scans: Security Technology In Action
(click image for larger view)
While Edward Snowden's name will forever be linked to his leak of classified National Security Agency data, it might come to stand for something else: The moment in time when insider threats became as important a security issue to government and other enterprises as advanced persistent threats.

A new survey of more than 700 Fortune 1000 IT pros indicates that the job of protecting against insider threats from employees, contractors or partners -- or those posing as authorized users -- is growing more difficult.

The survey findings, released this week by Enterprise Strategy Group, state that more than half (54%) of enterprise IT pros are finding insider threats more difficult to detect or prevent than they were in 2011. One reason is the increasing sophistication of malicious software that lets users gain legitimate internal access privileges to networks, applications and sensitive data.

[ The head of the National Security Agency defends the agency's actions. Read NSA Chief: Don't Dump Essential Security Tools. ]

"The barriers to network breaches are really melting away," said Alan Kessler, CEO of security vendor Vormetric, which sponsored the research. The firewalls that once kept potential intruders at bay "are essentially gone, because the adversaries are working from inside," he said in an interview with InformationWeek.

But there are other factors. Among survey respondents, 17% of whom work for government agencies or in education:

-- 37% point to the fact that there are more people -- employees, contractors and business partners -- with access to the network, making it more difficult to isolate suspicious behavior.

-- 36% say that the growing use of cloud computing at their organizations makes insider threat detection/prevention more difficult, as it increases the attack surface for insiders.

-- 35% say the growing volume of network activity also makes detection and prevention of insider attacks more difficult, as it makes it harder to baseline normal behavior and pinpoint anomalies.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Andre Gironda
50%
50%
Andre Gironda,
User Rank: Apprentice
10/15/2013 | 7:03:49 PM
re: Insider Threats Get More Difficult To Detect
Dear Editor,

Great article and comment -- allow to please speak to both.

In your article, only one vendor is mentioned, Vormetric, a classic data security company. However, data security is not the correct control against insider threats using any information security management model, principle, or control set. The gap that exists is primarily due to 3 factors:

First is application security -- the Intranets of yesteryear require the same application security controls as everything "outside the firewalls". Second is threat intelligence -- Vormetric will not help if you are facing AVT (Advanced Volatile Threats, an APT that uses strictly in-memory techniques). Lastly, you must have enough staff to handle and respond to incidents at scale. If you want big data for your cyber security programs, you best use your best data to know when to hire, how many, what specific attributes/skills you need pre-/post- COE, and how you're going to be able to hire and train them in time to respond to all of your incidents (including insider threats) at scale.

The insightful comment you gave coincides with my last point -- that identity and authentication/authorization access controls should be modernized and integrated with people. Google, who has used big data to optimize their ID/AuthN systems, will be adding Universal 2-Factor (U2F) to defend their business and assets come January 2014. This is a bold move away from the hokey biometric systems we're seeing in the media. Google, clearly knowledgeable about technologically-advanced insider threats against sensitive operations, does employ role compartmentalization with separation/rotation of duties.
WKash
50%
50%
WKash,
User Rank: Apprentice
9/27/2013 | 9:39:19 PM
re: Insider Threats Get More Difficult To Detect
NSA's decision to go to "two-man rule" in handling sensitive data, following Edward Snowden incident, may give a new spin to the notion of two-factor authentication.
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...