Catching Attacks From The Inside Means Crunching More Data

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/insider-threat/167801100/security/perimeter-security/240143733/catching-attacks-from-the-inside-means-crunching-more-data.html

By Robert Lemos
Contributing Writer
Dark Reading
Dec 03, 2012

Whether by mandate or mission, companies have increasingly focused on 
creating better systems for managing the identities and access rights of 
their employees. Such systems can be a goldmine of information on 
security events that may indicate that an attack is underway.

Yet, it's not easy. Luck and a sharp eye caught the malicious code left 
behind by Rajendrasinh Makwana, the contractor convicted of attempting 
to delete data at Fannie Mae in 2008, after the company fired him. Yet, 
both technology and processes failed to catch Societe Generale's Jerome 
Kerviel, who used other traders' accounts to evade the safety measures 
put in place by the trading house, resulting in a $7 billion loss.

"To truly understand whether things are happening that shouldn't happen, 
you need to bring together a lot of pieces of data," says Chris 
Zannetos, CEO of Courion, an identity and access management provider. 
"It's like what Moneyball did for baseball. When you start mining the 
data, you start to see things that you would not otherwise see."

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org