You Know These Security Threats--You Hired Them - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

You Know These Security Threats--You Hired Them

New products are designed to stop threats that come from the inside

While companies have for years invested in intrusion-detection systems and firewalls to create a shell around their networks, that isn't enough. Internal networks provide fertile ground for attacks on data and systems when threats manage to crack the shell or are introduced by employees or others with access rights. That's a reality that some companies don't want to admit exists.

A number of technologies and services are just hitting the market with the goal of firming up internal network defenses. Some inject intelligence into network security appliances in an attempt to stay a step ahead of security threats, while others aim to limit access to users.

"Most of the focus has incorrectly been on perimeter security," says David Langston, CIO of Allied Home Mortgage Capital Corp. "Anybody who's been involved in security knows that the vast majority of compromise events are generated internally." At Allied Home, internal network threats usually result from poor judgment, such as employees opening spam, Langston says.

INSIDE JOB
U.S. IT pros suspect insiders were behind some security breaches and espionage in the past year

22%
suspect unauthorized users or employees
16%
suspect authorized users or employees
12%
suspect former employees

Data: <i>InformationWeek</i>/Accenture Global Information Security Survey of 1,952 U.S. business-technology and security professionals reporting security breaches

Monitoring Behavior
Allied Home is an early adopter of Alert Logic Inc.'s Invision Security service, which becomes widely available this week. The Invision service relies on an appliance at a customer's site that uses algorithms written into Alert Logic software that search for malicious network traffic, unusual user-behavior patterns, and unauthorized network-configuration changes. Alert Logic staff remotely monitor that appliance from an operations center. When a potential problem is detected, such as a worm that's wriggled past perimeter defenses or a conflict between network access and user privileges, the Invision service can signal to network routers, firewalls, and switches to automatically block or quarantine certain traffic.

Although not all network traffic that Invision flags may be harmful, Allied Home isn't taking any chances. As a financial institution, it's governed by legislation such as the Gramm-Leach-Bliley Act that prohibits the disclosure of nonpublic personal information, including customer financial data.

The availability of Alert Logic's services follows last week's teaming of Lancope Inc., a provider of security technology that also analyzes network behavior, with networking equipment provider Foundry Networks Inc. Lancope has tuned its StealthWatch Xe network appliance so it can use sFlow packet-sampling software found in Foundry's switches to detect mistakes or malicious behavior that internal users initiate. StealthWatch reports abnormal activity to the network administrator and can block certain types of traffic.

Access Control
Juniper Networks Inc. last week debuted two Infranet Controller appliances and Infranet Agent software that evaluates PC, user identity, and network information to ensure users are accessing the network properly and not introducing security threats.

And Phoenix Technologies Ltd. this week will introduce TrustConnector 2 software to help stop attackers who've been given the keys to networks. TrustConnector creates a unique identity for every PC authorized to access a given network. The intention is to stop attackers from using stolen IDs and passwords to navigate networks if they aren't working from authorized PCs. "It's like giving your computer a uniform so it can be identified," Phoenix CEO Al Sisto says.

The goal with these network-security measures is to equip administrators with tools to shore up internal defenses. It's a problem that many companies may not want to face up to having. "When companies protect themselves at the network perimeter, it's because there are bad people out there," Langston says. "When you talk about internal security, companies worry about being seen as inept."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
Slideshows
10 Ways to Prepare Your IT Organization for the Next Crisis
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/20/2020
News
IT Spending Forecast: Unfortunately, It's Going to Hurt
Jessica Davis, Senior Editor, Enterprise Apps,  5/15/2020
Commentary
Helping Developers and Enterprises Answer the Skills Dilemma
Joao-Pierre S. Ruth, Senior Writer,  5/19/2020
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll