IDC estimates that internal sources are responsible for more than 60% of all security breaches. From deliberately stealing or destroying sensitive corporate data to falling victim to hackers, damage created by insiders can be costly.
In response, organisations around the world are placing a greater focus on finding solutions to safeguard against insider threat that go beyond perimeter protection.
Leon Bouwer, product manager of Bateleur Software, says the growing awareness of the insider threat and the recognition that security breaches by internal, trusted users are at least as risky as malicious outsiders are pushing organisations to take action.
“For years, organisations have been focusing their information security efforts on protecting themselves against external threats posed by growing exposure to the Internet. Deploying an expanding array of solutions such as firewall, anti-virus, anti-spam, intrusion detection and prevention, and anti-spyware, most organisations have built solid walls to protect their perimeters,” he says.
“Today, many of them are realising that these defences will not necessarily help them deal with a different type of threat, which can no longer be seen as less risky – the insider threat.”
Dealing with the insider threat has become more challenging in recent years as organisations now provide internal network access to a broader scope of users, including remote employees, partners, customers, subcontractors and consultants. Because these sources are trusted, they are permitted access to sensitive corporate information. In this situation, organisations are becoming increasingly exposed to insider threats such as resource misuse, privacy violations, destruction of critical data, proprietary information loss, fraud and planting of logic bombs.
One emerging approach is application-level user behaviour tracking, which allows organisations to detect fraud and other misconduct by insiders by tracking user activities in corporate business applications.
This approach enables the tracking of authorised user access to corporate data that normally does not leave any traces, such as queries and other read-only actions that can be misused for personal gain – for example, selling sensitive customer information. By proactively detecting suspicious behaviour at the application level, instant alerts can be generated, and immediate action can be triggered to suspend the suspected user until further investigation is made.
Bateleur helps organisations meet this requirement with IntellinX, a product from the Israeli company of the same name which records all end-user interactions with multiple host applications, creating a finer-grained audit log than applications or platforms provide, and more detailed reporting than system-specific or multi-application security information and event management tools.
According to Bouwer, the product doesn't require anything to be installed on hosts or clients, nor does it impact performance of hosts or networks. Instead, it allows organisations to meet or surpass regulatory requirements for improved auditing without having to touch application code.
“IntellinX helps organisations reduce fraud losses, improve internal audit effectiveness, and achieve compliance with government and industry information-intensive regulations,” Bouwer says.