Insider threat the most underestimated threat in corporate arena 29 January, 2007 By Vanessa Ho

PromoPipeline Exclusive Channel Promotions Find Out How You Can Make Money Today! ENROLL FREE! >> Factory Direct Should Not be Cheaper William Vanderbilt - Innovative Learning Channels Cloud Ecosystem II: A Candid Conversation with Oracle Beth Vanni - Amazon Consulting Cloud Ecosystem: A Candid Conversation with Rackspace Hosting Beth Vanni - Amazon Consulting Channel Manager Compensation William Vanderbilt - Innovative Learning Channels Financial Expertise William Vanderbilt - Innovative Learning Channels

"The insider threat is the threat that is the most underestimated in the corporate arena," said Alperovitch.

He added that there has been a lot of focus on inbound threats such as spam and malware but the damage that they cause can be fixed whereas an insider threat can bring the most damage to a corporation.

"Insiders have the most knowledge of an organization and can really cause the most havoc because they have access to resources to cause permanent damage [such as] leaking or disclosing important information or intellectual property," Alperovitch said.

While insider threats aren't new, what is new this year is that corporations are starting to take a serious look at the issue and taking measures to stop data leakage, something that in the past many companies have waved their hands at because of the belief they could do nothing about it.

In the past, Alperovitch said that this belief came from the lack of sophisticated solutions from security companies that focused on analyzing data and traffic in real time but now there are some, which is why companies are more focused on tackling insider threats in 2007.

"There are two sets of solutions companies can deploy and they really should use both," said Alperovitch. One is access control that makes sure insiders in the company only have access to information they should have access to as part of their daily work.

Dan Clark, vice president of marketing with Lockdown Networks, a network access control provider, agreed that network access is essential in the prevention of insider threats but not all companies are using the technology.

"The technology to do [network access control (NAC)] didn't exist two-and-half years ago [but] NAC is going to become a basic part of every major network infrastructure project that will occur over the next couple of years," said Clark.

He added from the perspective of containing insider threats, a good NAC system becomes a key policy control point on a company's network that should allow other security systems like intrusion prevention systems, intrusion detection systems or firewalls to feed information into network access policies so that more powerful and more accurate access decisions can be made.

The other solution, Alperovitch referred to is deploying a monitoring and compliance solution on the gateways of a network for every protocol such as messaging (email and instant) and the Web that will look at what is going out of the network, either maliciously or through negligence, and block those in real time and alert the appropriate department when a particular violation of a policy occurs. No matter what sort of monitoring solutions a company puts in place, Alperovitch said that access control must be part of any company's insider threat solution.

The focus on Web traffic for insider threats is going to be of much greater importance this year with companies looking more carefully at what is going out of the corporation, added Alperovitch.

"A lot of people are posting insider information on various finance forums and [companies] will start monitoring that type of traffic a lot more carefully [and] tying it to which employee."