Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to identify and thwart insider threats

David Geer | Oct. 2, 2015
It is often cited that an enterprise’s employees are its biggest vulnerability. What are company’s doing about it? In a significant number of cases, companies are perhaps doing nothing.

As everyone knows, experts often recommend that the actual response include dropping connections and closing holes. But taking mass actions such as dropping connections is severe because it adversely affects business activities at scale, according to Gupta. “These systems are not granular enough to drop only a single workload but rather they disrupt the business and many workloads,” says Gupta; “it’s better to use workflow detection techniques that allow for selective intervention.”

Finally, keeping detailed accounts of insiders actions in a format that C-levels, attorneys, and others who must become involved will find accessible is vital to remediation whether legal or administrative, according to Tierney.

Though insider threats continue to be a grievous issue, adopting a solution as though it was a catch-all balm without thoroughly vetting it is not the answer. The enterprise should know what it’s getting and whether it is enough when teamed with other security resources.

 

Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.