A common misconception concerning network security is that the enterprise network is at considerable risk from external attackers only. In fact it is the phenomenon of Insider threats, which form the largest security threat to enterprises. With access to a significant portion of the enterprise resources, insiders pose the greatest risk to enterprise data and systems. Insiders, including current and former employees, temporary workers, partners, and customers, may be the unsuspecting threat carriers for external and internal attackers who use them and their lack of security awareness to gain access to enterprise data. IDC research shows that a majority of large enterprises are more concerned about insider threats than external threats.
And as many security architects know, their networks resemble what is known as “Coconut security”: hard on the outside, soft in the inside. All of the protection and security resources are directed towards the perimeter, keeping the bad guy out by disabling access to any of the network using firewalls and network IDP. However, the soft inside is what the attackers are really after and the security solution is ultimately about getting to the crux of it all i.e. knowing the insider threat source for instantaneous action against security breaches
Cases of Insider threat
The well known case of David Lennon launching an e-mail attack on his former employer, Domestic & General Group hogged headlines in IT publications illustrates it well. Lennon caused chaos for Domestic & General by generating millions of hoax e-mails. The insurance company's router and mail server crashed and the cost was in the tens of thousands of pounds.
More recently a system administrator, dissatisfied by his diminished role in a thriving defence manufacturing firm, planted a logic bomb, which detonated, deleting the only remaining copy of a critical software from the company's server. The company estimated the cost of damage in excess of $10 million, which led to the layoff of some 80 employees.
In fact the insider threat proliferation is touching newer heights. Often criminal gangs infiltrate a company by becoming members of staff or by bribing or threatening a member of the company's staff or its security or cleaning service providers.
Cyberoam Identity Based Security Soluion: Revealing the End User Identity
Addressing insider threats requires a combination of incident prevention, detection and response. Since the user is proving to be the weakest link in the security chain today, linking user identity to security is the solution to ensuring high levels of security and to fight against insider threats.
Cyberoam is a third generation of UTM that has weaved identity controls in its solution in timely apprehension of user emerging as the weakest link in today’s threat scenario. It also puts a complete lid on the internal threats by tracing the source of threat right up to the exact user and not just the IP address of a machine.
In fact the very deployment of Cyberoam acts as a deterrent for potential internal threat sources. Thus linking user identity to security is the key to current security, which Cyberoam delivers. Cyberoam is the only UTM that embeds user identity in firewall rule matching criteria, eliminating IP addresses as intermediate components to identify and control the user. This offers instant visibility and proactive controls over security breaches even in dynamic IP environments. User Identity binds the security features: – Firewall-VPN, Anti-virus, Anti-spam, IDP, Content Filtering – to create a single, consolidated Cyberoam security unit enabling the administrator to change security policies dynamically while accounting for user movement- joiner, leaver, rise in hierarchy and more – through easy to configure policies. Ultimately Cyberoam delivers effective security by instant identification and immediate corrective action.
As told to Faiz Askari