Share This

Thursday, 9 June 2011

U.S. Military, Businesses Seek Better Defenses on the Inside

Credit: Technology Review
By Robert Lemos

Research projects at the Pentagon highlight the need to prevent data theft that happens within an organization's walls.

For most of the history of the Internet, companies and government agencies have split networks into two categories: internal, trusted systems and external, untrusted ones. The most common approach to security has been to erect a wall that treats data and communications as potentially dangerous if they come from outside and safe if they come from within.

Yet some of the most serious breaches, such as the massive handover of U.S. State Department cables to WikiLeaks late last year, come from corporate and government insiders. Even if they mean no harm, insiders can present security risks: several major data breaches have occurred after attackers tricked employees into downloading malicious software that took hold inside the organization's firewall.

"In the early 2000s, you would see a lot of organizations focus on outsiders exclusively," says Joji Montelibano, who leads the insider-threat technical team at the Software Engineering Institute's CERT program at Carnegie Mellon University. "With the prevalence of information technology everywhere now, the ways an insider can harm an organization have increased dramatically."

In hopes of counteracting the trend, the Defense Advanced Research Projects Agency (DARPA)—the research arm of the U.S. military—has called for research that would improve the government's ability to identify threats from within. DARPA is taking a two-pronged approach: last August, an agency project named Cyber Insider Threat (CINDER) called for proposals for better systems to detect attackers who have already compromised a network. Two months later, DARPA launched Anomaly Detection at Multiple Scales (ADAMS), to detect insiders just before or after they go rogue.

The proposed ADAMS technology will likely model typical user behavior and alert managers when a user is acting off-profile. Such a system, for example, could have caught Bradley Manning, the U.S. intelligence analyst who is alleged to have leaked the diplomatic cables, by warning officials that Manning had suddenly accessed thousands of cables from his computer.

"If I'm trying to get information out of my company, I'm probably going to start at the simplest level and work my way up—I would try to e-mail it to myself, I would try to post it to a website, or upload the file to a peer-to-peer network," says Daniel Guido, a consultant with iSec Partners, who frequently tests firms' security to identify potential weaknesses. "They are going to approach exfiltrating information outside the company in a very particular way, and if you think like they do, you will be much more effective" as a defender.

Related Articles

Breached Companies Say They Did All They Could 

Executives for Sony and Epsilon, an e-mail marketing company, insist that they had tight security before they lost consumer data.

Making the Case for Security

Data security scholar Eugene Spafford argues that the subject needs to be taken more seriously at the highest levels of companies.

 The Costs of Bad Security

Mounting threats to the security of information are forcing companies to make more sophisticated cost-benefit analyses when they craft their security strategies.

 Newscribe : get free news in real time
Enhanced by Zemanta