New methods for addressing insider threats: A roundtable discussion

AMMON:  In almost all cases the identity and access groups are two separate organizations. As we move towards identity as the new perimeter because of things like mobility and cloud, we, as a vendor, are challenged with bringing those two groups together. Because all of a sudden identity gets connected back to that processing of security data and active policy enforcement, and I think some of the delay in the marketplace has been trying to bring those worlds together. It's early stages of that, but it is starting to change.

That said, we're in a bit of a rut. We've been working harder and harder on treating symptoms, maybe because there was a sense that there wasn't a way to deal with the root cause. So I would hope maybe we're seeing a way forward, a way to deal with root causes because solutions are available to dramatically reduce your risk around those root causes. I think that will have a ripple effect throughout the rest of your security controls.

OGREN: As a security officer you're probably not going to rip out stuff that's already deployed. But as you start moving more into cloud-based services and tablet use from home, as you virtualize new applications and they move around the globe, use that as an opportunity to try out some new ways to analyze traffic, to look at privileged users and insider use and management. Just start with that. You can't do a big bang. But in some of the new projects you have going you can ask, "How are you going to manage insider users? How are you going to account for them? Is there a model that will scale?" And as the company gets good at it you can bring it to the rest of the organization as well. So start putting that stuff into your requests and start dovetailing it with some of the other technology initiatives.

+ ALSO ON NETWORK WORLD The worst data breaches of 2013 +

RIFAI: I think organizations are asking for finished intelligence at this point. They just want to know what the answer is. They have already made substantial investments and they want to be able to leverage those investments in a way that's meaningful. And I think there are technologies out there, specifically in the analytics layer, that allow you to do just that. You are just simply collecting the information today, but now you can turn it into something that answers fairly complex questions and enables you to make informed decisions.

About Bay Dynamics: Bay Dynamics delivers actionable information risk intelligence to the world's largest enterprises through user-centric monitoring and analysis, as well as context-aware information protection. Its core product, Risk Fabric, federates data from information security silos and IT repositories enterprise-wide to detect and expose deviations from normal employee behaviors and systems/data interaction, and then rates employee behavior and interactions with information and computer systems against other within their department, level and across the company.

About Xceedium: Xceedium provides privileged identity and access management solutions for hybrid-cloud enterprises. Large companies and global government agencies use Xceedium products to reduce the risks that privileged users and unprotected credentials pose to systems and data. The company's Xsuite platform enables customers to implement a zero trust security model. It vaults privileged account credentials, implements role-based access control and monitors and records privileged user sessions. With unified policy management, Xsuite enables the seamless administration of security controls across systems, whether systems reside in a traditional data center, a private cloud, on a public cloud infrastructure or a combination of environments.

Read more about wide area network in Network World's Wide Area Network section.

This story, "New methods for addressing insider threats: A roundtable discussion" was originally published by Network World.

| 1 2 Page 5
ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon