Following the news about NSA Contractor Arrest, István Szabó Product Manager of syslog-ng/SSB at Balabit commented below.
István Szabó, Product Manager of Syslog-ng/SSB at Balabit:
Mainly, there is no easy way to characterize insider threats.
Motivation can be political, financial, personal or can simply be attributed to negligence or unawareness of the risks involved. No single tool and no policy can be flexible and powerful enough to capture this variety and complexity and to fully prevent breaches from happening.
A good security arsenal involves an ever-evolving combination of traditional, control-based measures and policies, novel, monitoring and machine learning-based approaches focusing especially on user behavior analytics of high risk users with privileged access. A tool able to associate a risk level to every user based on roles, access rights and peer groups can be very handy.
Another key observation is the importance of monitoring access of third party contractors. Third party contractors accessing IT systems from outside can very easily be directed through a transparent, proxy based privileged user monitoring solution, which offers real time monitoring of ongoing sessions, can offer video like playback of the activities should an investigation be required, can provide evidence for forensics and the data recorded can be used to feed a user behavior analytics solution improving significantly the breach detection and breach prevention capabilities of an organization.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.