A visitor to your home automatically becomes authorized. They are given permission to be there. They are inside. Now let’s assume you have valuables scattered all over. How difficult would it be to tell if that visitor walked away with your jewelry? Now let us for a minute transfer this understanding to a network that has employees (authorized), assets (financial data, personally identifiable information, intellectual property), and last but not least, reputation to protect. The scope becomes way bigger but the concept remains the same. The insider is the most dangerous to your home or network environment if not properly managed.
Gartner estimates that 70 percent of security incidents that actually cause loss to enterprises – rather than mere annoyance – involve insiders. This finding should surprise no one.
Again let’s go back to the homeowner. There are things we do to protect our assets and mitigate the probability that they will be lost or compromised.
- The family members are made aware of the assets we have, their value, the impact to the family if they’re lost. Children, for example are trained how to use, activate and deactivate controls.
- There are rules, written and unwritten, about who can be brought to the house.
- There are policies concerning acceptable behavior and repercussions for bad behavior.
- Certain information is not available to certain people- need to know.
- None of the above is news to anybody who has ever owned something.
Today, with the rapid rise of computer breaches, we are finally addressing the most basic and obvious problem in the enterprise, The Unintentional Insider Threat. Finally we are seeing an acceptance of the fact that we cannot relegate cybersecurity to so called “smart devices” if our approach to data security is not smart. It is apparent that for a long time we focused on the attacker outside while completely back seating, the one within.
How pleasant it is to finally see products being released that place emphasis on the insider. Recently I started looking seriously at a few products from Forcepoint (formerly Websense) and concluded that somebody over there got it. I speak of Stonesoft NGFW, Sureview Analytics and the Triton Risk Vision. I am a huge fan of the Next Generation Firewall. This solution amazingly combines intrusion prevention, evasion prevention and application control. It presents a very use friendly interface and a wealth our information tied to a logical layout. Attacks have become more sophisticated so a tool that has proven capability to identify advanced techniques is a no brainer for any organization.