Historically,
security threats were thought to be from bad guys outside your
network. That resulted in strengthening the perimeter of your
network. Make sure the bad guys didn't get in, and life would be
good.
 | | | | | We can't shut down access, but we
need to control it.
, |
| | | | | |
| |
|
IT managers at small and medium-sized businesses (SMBs) bought
firewalls,
virtual private networks (VPNs), intrusion
prevention tools and, increasingly, antispam gateways to fortify
perimeters. Now these capabilities are starting to show up in an
integrated appliance commonly known as
unified threat management (UTM).
And now it has become clear that the enemy might not only be
"out there." Enemies may be stealing data from the inside,
delivering your intellectual property to competitors or
compromising private data for fraudulent purposes. So was born the
insider threat.
Insiders have been involved in fraud since the beginning of
time. They are in a trusted position and have access to sensitive
data. They need access in order to do their job, so shutting them
down isn't really an issue. So the keyword is going to be
control. We can't shut down access, but we need to control
it.
Technology keeps moving forward, and within the last two years
large enterprises have started to deploy technologies that control
access to networks, as well as monitor content usage both at the
network perimeter and on desktop computers. Both of these
technologies will be available to SMBs, so you should understand
how they work.
Network access control
Network access control (NAC) products ensure
that only devices adhering to a corporate policy are allowed on
the network, while monitoring what the devices are doing when
they are on the network. You can enforce policies on the
configuration (antivirus, patch level, etc.) of devices, or what
they are supposed to get to. Thus, visitors can get to only the
Internet, but someone on the executive team gets free reign --
when they connect in the office. They have restricted access at
home.
If you have a lot of visitors and/or contractors who need access
to your network, or you have mobile employees, NAC is worth a look.
You want something as nonintrusive as possible (so you don't have
to re-architect your network) and that doesn't require each desktop
to have an agent for enforcement.
Over time, NAC will be embedded within the network devices that
you know and love, like your routers and switches. But that will
take a while, so if you have a need to control what connected
devices do now, check out NAC.
Leak prevention
Leak prevention offerings currently target
the large enterprise, but more products for SMB are appearing.
In a nutshell, these products spider your network and figure out
where your sensitive data is (it's in more places than you
thought). They then employ gateways and endpoint clients (that
run on your computers) to govern the use of that content.
The key to these products is the ability to enforce a consistent
policy across your organization. You can turn off USB devices or
monitor the content that is copied. You can scrutinize outbound
emails or check out what folks are sending through their webmail
and other applications. It's a tremendously flexible
technology.
But with that flexibility comes complexity. That's why these
offerings are more enterprise-focused right now. Over time,
prebuilt policies and more portable technologies will make these
offerings a requirement for all organizations.
In the meantime, you can provide similar protection by
integrating a number of existing product sets that you may already
have. Your email gateway can scrutinize email, and your
Web-filtering device can control where users surf. You can also
implement device control products that turn off your USB ports, so
desktop leakage isn't an issue.
The insider threat is something every organization must take
seriously and start working on defenses to make sure the one you
know isn't the one that kills you.
Mike Rothman is president and principal analyst of Security
Incite, an industry analyst firm in Atlanta, and author of The
Pragmatic CSO: 12 Steps to Being a Security Master. Get more
information about The Pragmatic CSO at
http://www.pragmaticcso.com, read Rothman's
blog at http://blog.securityincite.com, or reach him
via email at mike.rothman (at) securityincite (dot) com.