Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

9/6/2019
07:00 AM
Terry Sweeney
Terry Sweeney
Edge Articles
Connect Directly
Facebook
Twitter
RSS
E-Mail
50%
50%

8 Ways to Spot an Insider Threat

The good news is most insider threats derive from negligence, not malicious intent. The bad news is the frequency of negligence is already ahead of where it was in 2018.

When the challenge of battling inside threats arises, it's tempting to dismiss the process as little more than identifying the rogue employee(s), along with reviewing and refining permissions, controls, and authorizations to prevent recurrence. Depending on the industry, some public apologies may need to be made and some regulatory fines may need to be paid.

The good news and the bad news with insider threats? The good news is most insider threats derive from negligence, not malicious intent, as Katie Burnell, global insider threat specialist at security vendor Dtex Systems, explained in a November Dark Reading webinar about the insider threat. The bad news, she said, is the frequency of negligence is already ahead of where it was in 2018.

Compounding the problem is the fact there are more networks, more devices, and, of course, more data to monitor and secure. Organizations understand they can't equally secure it all. One approach has been to prioritize the monitoring of those users with the highest privileges, perhaps aided by the use of privileged access management (PAM) tools.  

Our list of insider threats identifies the "who," but what about the "how" of detection? Log files and SIEM data may offer some forensic footprints to see who accessed which servers, databases, and individual files. But the volumes of monitoring data are too great to do this for all users, security experts agree. This has opened the door to user and entity behavior analytics (UEBA), which flags anomalous behavior by user. Some security vendors are starting to push the idea of "identity as a perimeter," according to ESG analyst Doug Cahill, rather than using the more traditional physical perimeter of the network. "So you monitor who has access and whether they do anything anomalous," Cahill explains.

Vendors are also talking about adding artificial intelligence and machine learning to the security equation. While those implementations remain rather basic, you don't need an algorithm to see this is where security managment is headed. Detecting and stopping malicious insiders will need this extra oomph, which automates tasks otherwise left to humans.

Do you have any experience with the kinds of malicious insiders tagged here? We'd love to hear your war stories in our "Comments" section. 

(Image Source: vivali via Adobe Stock)

Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, ... View Full Bio

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
   OVER THE EDGE
A Virus Walks Into a Bar ...

Source: FORA.tv 

What security-related videos have made you laugh? Let us know! Send them to [email protected].

Cartoon Contest: Bedtime Stories
Flash Poll