Posted on Mar 2, 2017
Is There A Software Solution to Combat Insider Threats?
5.69K
11
9
3
3
0
Many have been working on the insider threat problem for years. Will software be part of the solution?
Is There A Software Solution to Combat Insider Threats?
Posted from incyberdefense.com
Information Assurance
Threat
Intelligence
97B: Counterintelligence Agent
Posted 8 y ago
Responses: 4
3
3
0
Immediately after reading this but before doing any research, I'm wondering about the following:
How could you prevent "geo-spoofing" or someone from connecting a type of GPS/DAGR into the device to falsify long/lat coordinates?
How much attention is paid to securing the Bluetooth RF? The limited distance is usually as far as its security goes.
Google watches their employees. I'd be surprised if larger corporations didn't already have some type of training and system for trying to sniff insider threats.
SSG Derek Scheller, amend?
How could you prevent "geo-spoofing" or someone from connecting a type of GPS/DAGR into the device to falsify long/lat coordinates?
How much attention is paid to securing the Bluetooth RF? The limited distance is usually as far as its security goes.
Google watches their employees. I'd be surprised if larger corporations didn't already have some type of training and system for trying to sniff insider threats.
SSG Derek Scheller, amend?
(3)
(0)
SSgt GG-15 RET Jim Lint
I know this is a big issue for the Fed Gov. I believe Google could coach the federal gov on lessons learned.
(2)
(0)
SGT (Join to see)
SSgt GG-15 RET Jim Lint - I agree.
1. Theft and neglectful loss of Secret+ computers and peripheral devices have been an issue for a long time.
2. Reducing WiFi connections means little if you don't secure and monitor cabling.
3. Google is all about personalized advertising, which means invasive algorithms that could prevent suspicious behavior.
Side question: at what point do you recommend the investment in a physical token an blue-tooth security as a home user?
1. Theft and neglectful loss of Secret+ computers and peripheral devices have been an issue for a long time.
2. Reducing WiFi connections means little if you don't secure and monitor cabling.
3. Google is all about personalized advertising, which means invasive algorithms that could prevent suspicious behavior.
Side question: at what point do you recommend the investment in a physical token an blue-tooth security as a home user?
(1)
(0)
SSG Derek Scheller
SGT (Join to see) I don't believe this article discusses so much the issue of an Insider threat as it does better security against outsiders who utilize social engineering to gain access to a building. There are devices and software available now to help combat insider threats. For instance Arcsight by HP when utilized to its full capabilities is able to monitor who access what files, when they access them, and whether or not they are modified and/or uploaded or downloaded.
The article itself seems to be talking about newer versions of RSA SecurID keys which as we know where also vulnerable to exploitation. I do however like your thinking along the lines of GEO spoofing and other forms of falsifying where you are, though could this be done effectively on these new devices only time will tell.
The article itself seems to be talking about newer versions of RSA SecurID keys which as we know where also vulnerable to exploitation. I do however like your thinking along the lines of GEO spoofing and other forms of falsifying where you are, though could this be done effectively on these new devices only time will tell.
(1)
(0)
3
3
0
this should Have been a priority for more than 20 years... but for some reason has always taken a back seat...
(3)
(0)
0
0
0
Blunt answer - NO.
Thought out answer - Software solution implies that there is a means of solving the problem of 'insider threats'; not necessarily a method of dealing with a difficult situation. Though IF your intent is a method of dealing with or mitigating a difficult situation, then YES software can help. It is another layer, the biggest problem however is with 'accountability.' If no one is held liable and accountable, it then becomes a waste of resources. One other thing, how much pain of use impacts the end user? An example of both combined - An executive or manager does not use the solution and goes unpunished, but then a regular user gets punished for not using the solution. I am sure that you can attest to this as much as I can.
It is like you stated in the most important statement of the article:
Accountability Is Critical to Detecting and Thwarting Insider Threats
Accountability is critical to detect and apprehend insiders who pose a threat to intellectual property, customer privacy and financial information. The use of Bluetooth to remotely authenticate the holder of a controlled device can improve security and auditing. It is also a physical reminder that an inside attacker will be held accountable.
Passwords are often obtained via social engineering or by hacking or theft. A device that does not rely solely on a password decreases its vulnerability. Nothing will completely prevent hacking, but corporations and government organizations must build in-depth security to increase the protection of intellectual property and personal information.
And like you and others have said before, an in-depth defense will help mitigate the problem.
Thought out answer - Software solution implies that there is a means of solving the problem of 'insider threats'; not necessarily a method of dealing with a difficult situation. Though IF your intent is a method of dealing with or mitigating a difficult situation, then YES software can help. It is another layer, the biggest problem however is with 'accountability.' If no one is held liable and accountable, it then becomes a waste of resources. One other thing, how much pain of use impacts the end user? An example of both combined - An executive or manager does not use the solution and goes unpunished, but then a regular user gets punished for not using the solution. I am sure that you can attest to this as much as I can.
It is like you stated in the most important statement of the article:
Accountability Is Critical to Detecting and Thwarting Insider Threats
Accountability is critical to detect and apprehend insiders who pose a threat to intellectual property, customer privacy and financial information. The use of Bluetooth to remotely authenticate the holder of a controlled device can improve security and auditing. It is also a physical reminder that an inside attacker will be held accountable.
Passwords are often obtained via social engineering or by hacking or theft. A device that does not rely solely on a password decreases its vulnerability. Nothing will completely prevent hacking, but corporations and government organizations must build in-depth security to increase the protection of intellectual property and personal information.
And like you and others have said before, an in-depth defense will help mitigate the problem.
(0)
(0)
Read This Next
Continue with Facebook 
Continue with Google