Thursday, January 24

The Insider Threat: News & Info

Some recent news of malicious insiders:

Some interesting reading on the insider threat:

  • Are Insiders Really a Threat? - An article from the Software Engineering Institute at Carnegie Mellon discussing the reality of the insider threat and outlining thirteen practices for preventing insider attacks. Incidentally, I think the 30% stat they provide is low. I think 30% may be the percentage of reported malicious attacks perpetrated by insiders. A far greater number of security breaches happen every day by non-malicious insiders. And here's an article on research suggesting that many insider breaches aren't reported (and why).

  • The CERT Insider Threat Research page - Lots of useful information on insider breaches, including the source of the article above.

What does all that mean?

Well, the insider threat is real. I don't think that's controversial news. But I would argue that there are far more light security breaches by insiders than malicious attacks -- something I haven't seen much data on. But a breach is a breach and in many cases can be prevented with the right policies, processes and tools. I like the SEI article and I think it provides a good place to start thinking about how to approach the challenge.

The Year of Virtual Directory?

I have blogged quite a bit on the value of Virtual Directory technology in directory services infrastructure. I was pleasantly surprised yesterday while attending a Burton group webinar titled VantagePoint 2008: The End of Command and Control is Near (you must be a client for access). The fifth and final agenda item was Trends for Directory Services in which the speaker focused almost entirely on the evolution toward (and value of) virtualization of identity information. That is, virtualizing the data structure, access protocols, server locations, etc. and presenting the same useful data from its original source in real time (or cached) in virtually any format and over most common data interfaces. It's nothing new to long-time readers of this blog, but seeing it as the center of the Trends section in Burton's webinar probably means that customers are telling them that Virtual Directory is moving up the prioritization ladder. That's a good thing -- it means Virtual Directory vendors will be able to continue to invest in this very cool technology and implementation teams have a better chance of getting this very useful tool to leverage in their bag of tricks.

Wednesday, January 16

A couple of quick things

A quick tactical point:

Thanks Mark for pointing out NetVision's ability to police the IDM environment. Specifically, Mark mentions the combination of NetVision with Novell's ZENworks Endpoint Security Management. I also wanted to point out that we already have customers who have deployed and are excited about our ability to add value to Novell Sentinel as well. Sentinel does security event monitoring and logging. NetVision adds value by providing advanced filtering capabilities for eDirectory events at the event collection side. So, the database doesn't fill up with unwanted or unneeded information. And by filtering it on the way in, we simplify the reporting process as well by organizing data in your terms according to your policies.

Also, if you're in LA tomorrow, stop by the CSO PCI Compliance Seminar. I'll be presenting a high level PCI compliance reference architecture and drilling down on policy management, encryption and key management, and the role of identity audit in PCI compliance.