Mitigating Insider Threat

insider threatRecent events reminded government and industry of the real and dangerous consequences of insider threats. A cleared, trusted individual inside a government agency was able to gain access to highly sensitive and privileged information with severely damaging results.

One response to such an insider breach is to institute a “two-person rule” whereby two people must sign off (or act together) before certain levels of confidential information can be accessed. This is similar to concepts the US Government has used to protect our nuclear capabilities for prevention of accidental or malicious launch by any one individual. Access to data is much more widespread and frequent than access to weapons, making a two-person rule potentially move critical. As we move to virtualized systems and a cloud-based world, the impact of innocently ignorant or maliciously purposeful compromises scales exponentially with chaotic and damaging results.

With virtualization, thousands of devices, applications and data can be collapsed into a single software layer, creating a significant concentration of risk. This consolidation gives nearly ubiquitous privileges to virtualization administrators. Using a two-person rule combined with other countermeasures can help protect the organization while allowing it to achieve cost savings and agility through virtualization.

Consider the following examples:

• Shionogi Pharmaceuticals: A disgruntled former employee, who left himself a backdoor into the network, logs in from a McDonalds WiFi and deletes every production virtual machine in the datacenter in a matter of minutes.

• Target: Perhaps the largest known breach in history, a Target vendor account is used to enter Target’s network and deploy malware in point of sale devices, resulting in the breach of over 40 million credit cards.

• Large Credit Card Company: A virtualization administrator powers down the wrong system taking creditcard processing down for four minutes and costing the company millions of dollars in lost transactions.

The need to continuously monitor and alert for abnormal administrator behavior, as well as for compliance to security standards, is a requirement for Federal agencies. Greatest effectiveness is achieved when an agency monitors all if its IT infrastructure, including its virtual environment. Businesses should consider the same levels of continuous monitoring and include a focus on its virtual environments.

HyTrust allows an organization to virtualize and migrate IT infrastructure and applications to the cloud safely, bringing the same level of visibility, logging, and accountability to an agency’s virtual environment as found in its physical IT environment. Moreover, HyTrust’s two-person rule provides added protection to prevent malicious insiders from compromising the agency or business.

How does the HyTrust two-person rule work? In essence, the technology requires that a designated approver authorize an administrative operation attempted by a privileged user before a system allows the operation to proceed. This oversight—with minimal overhead or lag–keeps users productive and compliant with regulations, adding a layer of necessary security protection to your environment. It is an integral part of an agency’s Continuous Monitoring strategy and provides a great audit trail.

For more on Insider Threat check out

Related Articles