Intrusion Detection

[Edward Cracknell <edward () securIT net>]

Ok, 

Outsourcing firewalls and security certainly went on for a while. I
don't want to prolong any threads beyond their natural life, nor do I
submit issues to provoke an unhealthy level of debate.......(oh, you
saw this coming......) however, I'd like to make a statement regarding
Intrusion Detection.....

Can *we* call the internal monitoring of networks behind a firewall
'Intrusion' Detection when we are looking to identify 'insider' crime.
Surely this is not an intrusion if perpetrated by someone who is meant to
be there? I'm just concerned that we title this thing incorrectly in the
early stages and mislead customers when selling this.

I accept that the industry pushes forward with a multi-billion dollar firewall
market embrace, when the obvious threat comes from a source which
statistics show to be responsible for only  40% of all reported computer
crime at best. Many surveys state that insider crime accounts for up to
81% of reported crime, others say 60%. My boss and mentor attributes the
change from 81% down to 60% due to an increase in Internet and external
network crime.

So why do businesses appear to 'accept' insider crime when the type of
crime committed by insiders is typically financial, whereas external
crime equates more often than not, to nothing more than the drawing of
spectacles and a moustache on an expensive painting?
-----------------------------------------------------------------
Edward Cracknell - <edward () SecurIT net>