Catching Attacks From The Inside Means Crunching More Data

By Robert Lemos Contributing Writer Dark Reading Dec 03, 2012

Whether by mandate or mission, companies have increasingly focused on creating better systems for managing the identities and access rights of their employees. Such systems can be a goldmine of information on security events that may indicate that an attack is underway.

Yet, it’s not easy. Luck and a sharp eye caught the malicious code left behind by Rajendrasinh Makwana, the contractor convicted of attempting to delete data at Fannie Mae in 2008, after the company fired him. Yet, both technology and processes failed to catch Societe Generale’s Jerome Kerviel, who used other traders’ accounts to evade the safety measures put in place by the trading house, resulting in a $7 billion loss.

“To truly understand whether things are happening that shouldn’t happen, you need to bring together a lot of pieces of data,” says Chris Zannetos, CEO of Courion, an identity and access management provider. “It’s like what Moneyball did for baseball. When you start mining the data, you start to see things that you would not otherwise see.”


______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More!