Staying Ahead of the Insider Threat

Snowden. Target. Nordstrom’s. E-bay

High-profile insider and outsider attacks over the past year have made companies and Federal agencies more aware than ever of the risk to networks and data.

That doesn’t mean they’re prepared to stop attacks – it just means that they have a greater understanding of what can happen and what’s at stake.

Outsider threats remain a significant challenge – just look at all the recent news about the Chinese hackers of the PLA who relentlessly attack U.S. corporate networks for trade secrets. But in many ways insider threats represent an even more challenging, insidious problem.

We’ve long known about the PLA. But, insider attacks are launched by employees we don’t view as a threat. In fact, we trust them - until it’s too late.

So, as organizations embrace cloud computing and store greater amounts of data in a converged infrastructure, they need to be even more vigilant about protecting that data from insider threats.

Agencies and other organizations must ensure that they maintain a healthy security program to safeguard the three primary pathways that employees can gain access to networks:

  • From the outside in
  • From the inside
  • And from internal, cross-organization networks. For instance, from a corporate or agency network in one location to that same agency or corporate network in another location

It’s that final pathway that is most vulnerable to insider exploitation.

Agencies must also ensure that their IT shops are putting the most resilient controls possible in place.

That means using a few key solutions:

  • Secure multi-tenancy. Logically separating data to prevent unauthorized access is crucial
  • Encryption. Some data – like HR or financial records – require a greater level of security, and encryption can provide the protection needed
  • Monitoring. Watching the network activity of employees allows organizations to determine what represents standard behavior and when there’s a deviation. Looking for anomalies is important in detecting potential threats
  • Develop a Best Practice for IT security measures

These are all things we are doing here at NetApp, and there’s much more information on our web site.

We will also cover this issue in depth at the June 18 Cyber Security Brainstorm, where I will moderate the Insider Threats panel discussion. The panel will include Michael Buckley, Counterintelligence Chief at the Defense Security Service; Philip Quade, Chief Operating Officer of the Information Assurance Directorate at the National Security Agency and Grant Schneider, Chief Information Officer at the Defense Intelligence Agency.

Agencies need to do all they can to prevent from becoming the next cyber casualty.

Lee Vorthman, Chief Technology Officer, Federal Civilian Agencies, NetApp