|
|
|
|
|
Id-based UTM Solution to Tackle Insider Threat
By
L. K. Pathak
Ahmedabad, Dec 09, 2008 1455 hrs IST
A common misconception concerning network security is that the enterprise network is at considerable risk from external attackers only. In fact it is the phenomenon of Insider threats, which form the largest security threat to enterprises. With access to a significant portion of the enterprise resources, insiders pose the greatest risk to enterprise data and systems. Insiders, including current and former employees, temporary workers, partners, and customers, may be the unsuspecting threat carriers for external and internal attackers - who use them and their lack of security awareness to gain access to enterprise data. IDC research shows that a majority of large enterprises are more concerned about insider threats than external threats.
As many security architects know, their networks resemble what is known as 'Coconut security': hard on the outside, soft in the inside. All of the protection and security resources are directed towards the perimeter, keeping the bad guy out by disabling access to any of the network using firewalls and network IDP. However, the soft inside is what the attackers are really after and the security solution is ultimately about getting to the crux of it all i.e. knowing the insider threat source for instantaneous action against security breaches
Cases of insider threat
The well known case of David Lennon launching an e-mail attack on his former employer, Domestic & General Group hogged headlines in IT publications illustrates it well. Lennon caused chaos for Domestic & General by generating millions of hoax e-mails. The insurance company's router and mail server crashed and the cost was in the tens of thousands of pounds.
More recently, a system administrator, dissatisfied by his diminished role in a thriving defence manufacturing firm, planted a logic bomb, which detonated, deleting the only remaining copy of a critical software from the company's server. The company estimated the cost of damage in excess of $10 million, which led to the layoff of some 80 employees.
In fact the insider threat proliferation is touching newer heights. Often criminal gangs infiltrate a company by becoming members of staff or by bribing or threatening a member of the company's staff or its security or cleaning service providers.
Identity-based security solution: revealing the end user identity
Addressing insider threats requires a combination of incident prevention, detection and response. Since the user is proving to be the weakest link in the security chain today, linking user identity to security is the solution to ensuring high levels of security and to fight against insider threats.
Cyberoam is a third generation of UTM that has weaved identity controls in its solution, in timely apprehension of user emerging as the weakest link in today's threat scenario. It also puts a complete lid on the internal threats by tracing the source of threat right up to the exact user and not just the IP address of a machine.
Special features
In fact the very deployment of Cyberoam acts as a deterrent for potential internal threat sources. Thus, linking user identity to security is the key to current security, which it delivers. Cyberoam embeds user identity in firewall rule matching criteria, eliminating IP addresses as intermediate components to identify and control the user.
This offers instant visibility and proactive controls over security breaches even in dynamic IP environments. User Identity binds the security features: - Firewall-VPN, Anti-virus, Anti-spam, IDP, Content Filtering - to create a single, consolidated Cyberoam security unit enabling the administrator to change security policies dynamically while accounting for user movement- joiner, leaver, rise in hierarchy and more - through easy to configure policies. Ultimately, it delivers effective security by instant identification and immediate corrective action.
The author is from Cyberoam.
(## Tushar Sighat, VP - Operations, Cyberaom, will be available online as Spotlight Chat Guest, tomorrow at 11 am. Resellers may log in to interact with him directly.)
Related Links:
Cyberoam Adds New Features to its UTM Appliances
Gartner Report Strengthens Cyberoam's Reputation
|
Disclaimer |
UNML and its sites:
www.channeltimes.com, www.techtree.com
and www.cxotoday.com provide
Comments and discussion boards as a professional medium
for the various businesses of the IT industry to discuss
business problems. Gossip, personal attacks and unsubstantiated
charges are prohibited. Messages posted on this Web site
as discussion threads or Comments (Content) are solely the
opinions of their creators and do not necessarily reflect
the opinions of UNML or its sites
www.channeltimes.com, www.techtree.com
and www.cxotoday.com.
All individuals who post material to this web site are solely
responsible for all Content that they upload, post or otherwise
transmit via the Web Site. |
| UNML
cannot vouch for the authenticity of the user or company
names or e-mail addresses associated with posted messages.
Under no circumstances will UNML
or ChannelTimes
be liable in any way for any Content, including, but not
limited to, for any errors or omissions in any Content,
or for any loss or damage of any kind incurred as a result
of the use of any Content posted or otherwise transmitted
via the Bulletin Boards. |
| UNML
reserves the exclusive right to edit or remove messages
containing inappropriate language or other material that
could be construed as libelous, potentially libelous, or
otherwise offensive or inappropriate. Discussion forums,
bulletin boards and chat facilities are provided by UNML
solely for the convenience of those who make use of the
service. UNML does not endorse the products and services
or other offerings mentioned in messages. |
|
|
|
|
|
