Speaking of new technologies, how does adoption of cloud complicate this picture?
AMMON: I think there is a less than optimal understanding of how your risk plane increases with virtualization and cloud. Many buyers aren't aware of a number of the issues. For example, if you're using a virtualization platform, you now have access to every single host through the virtualization platform as well as through the front door of the application or the platform itself.
You have to protect these new access points, and you have to be able to create rules and contain and control that access. They're available via web consoles for self-service administration inside the cloud environment, and you also have management APIs where you have automated actions that have privilege. So now your privileged actors aren't just individuals, they're programs and with elastic computing, if that credential is compromised or it's not particularly well controlled, you can incur hard dollar losses. If somebody scales up 10,000 instances in Amazon by mistake, you're getting a bill. That's really elevating attention to this problem and requires that not only do you deal with it from a user perspective, but you also deal with a growing issue of application programming interfaces.
RIFAI: You can imagine a malicious insider potentially exploiting cloud-related vulnerabilities and stealing information from a cloud system, or someone who can use cloud systems to carry out an attack on an employer's local resources, etc. But it all adds up to additional access points that you didn't have before and greater opportunity for exploitation.
So are all the necessary tools to fight insider threats available now or are we still missing some pieces?
RIFAI: It's a people-centric problem and people are multidimensional, so you have to come at it with that mindset; you've got to have a multidisciplinary approach. And there are cutting edge solutions on the market today that can tell you what is normal versus unusual on a user-by-user case and do that at a really large scale. And certainly we have made progress, but it's not necessarily something that has been highly adopted by all companies out there. There are some at the forefront using these technologies, but not everybody in the market is aware.
AMMON: I divide the challenge into two different buckets. One is the insider threat as it relates to your standard user, and the other is the insider threat as it relates to privileged users. What we've found is the problem gets very big when you talk about trying to define what role a standard user has and how to limit their access within the enterprise. It is much easier to target and define the roles for privileged users because the audience is smaller.