Untitled Document
|
From the Blogosphere Managing Internal Threats
Remember that every employee has the ability to be an insider threat
Feb. 2, 2013 11:00 AM
By InfoSec Institute
The number of annual security incidents caused by insider threats continues to increase. In The CERT Guide to Insider Threats, Capelli et al writes, “Insider threats are an intriguing and complex problem. Some assert that they are the most significant threat faced by organizations today.” Disgruntled system administrators damage data and systems, skilled professionals steal intellectual property, and inferior employees use information to achieve political or financial objectives for their self-gain. Any of these can constitute a critical national defense breach or breach of public trust.
 To defend against the damage or theft caused by insiders, an organization must hold every employee responsible for detecting and reporting both behavior and technical evidence indicating a possible employee defection from policy and compliance. In addition, technical controls can help monitor suspected offenders and the overall network for evidence of criminal behavior.
Behavior Monitoring
In a 2008 article I wrote for CBS Interactive/TechRepublic, I listed employee characteristics that warn of potential defection from organizational and social policy and norms, including:
- Appearing intoxicated at the office
- Actual or threatened use of force or violence
- Pattern of disregard for rules and regulations
- Attempts to enlist others in illegal or questionable activity
- Pattern of lying and deception of co-workers or supervisors
- Argumentative or insulting behavior toward work associates
- Attempts to circumvent or defeat security or auditing systems
In general, any negative change in an employee’s behavior is concerning. Furthermore, actions taken by management can trigger a borderline defector to cross into criminal behavior. For example, an already disgruntled employee might feel justified in stealing and selling intellectual property after being passed over for promotion. Any potential-employees are candidates for additional monitoring.
Terminating an employee is one way to deal with a potential problem. However, we often value employees who are simply going through rough personal times. If terminating an employee is your preferred choice, keep in mind that you need to have attempted to resolve the issues with the employee or have clear evidence of a violation in policy; otherwise the termination can result in a lawsuit. It is often better to remediate than to terminate an employee.
First, we should ensure all employees understand organizational policies regarding the use of information resources and workplace behavior. Second, management should have a clear and fair process for a workplace infraction. The response should match the level of the offense. Furthermore, every employee, without exception, should understand the consequences of defection.
Finally, problem employees will usually not commit an infraction in front of management. This means we must train employees, as well as managers, to detect suspicious behavior and report it to someone higher-up. Since many employees would rather not become personally involved, an anonymous tip line is a possible solution. For example, a large organization for which I worked had a toll-free number any employee could call to report policy violations or any other concern or complaint. In addition, if you don’t want to set up a phone line, you could set up an anonymous website where you achieve the same result. Weekly, a compliance committee met to go over all reports, and there were many. Anything that appeared critical did not wait for the weekly meeting but was handled immediately.
Technical Monitoring
While behavior monitoring can alert us to many possible incidents, it often fails when dealing with network and server administrators who go rogue. We can easily miss behavior signals when an employee does his or her best to hide them. When behavior monitoring fails or is insufficient, technical monitoring should fill the gap.
Non-administrators
For non-administrators, we can control how much information an employee can access (and what they can do with it) by enforcing need-to-know, least privilege, and separation of duties. Organizations enforce all three by properly managed authorization policies and processes.
The first two are closely related. Need-to-know restricts the information a user can access only to that required for daily task completion. Least privilege controls what a person can do with the information accessed. For example, need-to-know might allow me to see electronic information classified as top secret, but least privilege would prevent me from changing or deleting it unless my role in the organization requires it. Together, they strictly limit insider threat damage.
Separation of duties, when properly implemented, prevents any one person from performing all tasks associated with a critical process. To illustrate, separation of duties prevents a software developer from creating malware and placing it in a production environment. In other words, developers should not be able to place their work into production systems.
Next, organizations must control the movement of sensitive information. If not possible using direct means, such as data rights management, then you should use indirect means. One of the most effective indirect monitoring methods is NetFlow analysis. NetFlow, emerging as the IPFIX standard, collects network traffic flow information at various points across the network. Information gathered and aggregated to an analysis and management server provides insight into anomalous traffic flow. If, for example, an employee decides to copy a large number of documents to an Internet location, NetFlow statistics would alert security to unusual behavior at one or more points on the network. This near-real-time identification of technological infractions happening on the network enables the possibility for a quick and effective response: stopping the employee or mitigating their effects on the organization.
In addition to NetFlow, security information and event management (SIEM) provides additional information about anomalous server or network behavior. SIEM solutions gather logs from various devices and systems, aggregating them into a correlation server. An event correlation application then mines unusual patterns or patterns known to be related to malicious behavior. Questionable activity is reported to security via email, SMS, or a Web portal.
Finally, employment termination and job change processes must include immediate revocation of all rights and privileges to previously accessed information resources. During a job change, removing all access and then granting access for the new role is a good approach. Failure to adequately perform these tasks is a significant cause of many insider incidents, especially those caused by administrators.
Administrators
While the previous controls also work for malicious activities by administrators, they tend to fall short. Administrators can alter logs or create backdoor accounts for use after hours or post-termination. Monitoring all employees and using separation of duties can help eliminate these vulnerabilities.
Administrator monitoring must extend to changes applied to special purpose files. One example includes log changes. Operating systems or other third-party solutions can track changes to logs, including who made the change and when. Security teams can identify unplanned changes and respond appropriately. This also applies to other files that might contain critical system management information and applications in the production environment.
In addition to file changes, any creation of a privileged account should raise a warning. For example, one security team ran a script every morning to determine if any accounts had been added to any Windows Active Directory administrator group. If so, the addition was reviewed against change management documentation to ensure it was approved. Any questionable account was removed and the offending employee was reported to his manager. A periodic audit of all privileged accounts, whether disabled or active, is another good way of identifying possible rogue IDs.
Sharing of administrator passwords also requires special attention. Each time a shared admin account is used, log it. Each time an administrator leaves the organization, change all shared passwords. If your budget allows it, consider implementing a privileged password management solution that logs who checks out shared account passwords and changes the passwords after use.
Finally, remember that every employee has the ability to be an insider threat. The most impactful threats are caused by those at the top – managers, administrators, programmers, and security experts. Insider threats are real, and they will eventually cause an incident in every organization. Proper preparation, training, and vigilance can prevent or alleviate related consequences.
Tom Olzak is a security researcher for InfoSec Institute. InfoSec Institute is a security certification company that provides popular ccent training. Read the original blog entry...
About Bob GourleyBob Gourley, former CTO of the Defense Intelligence Agency (DIA), is Founder and CTO of Crucial Point LLC, a technology research and advisory firm providing fact based technology reviews in support of venture capital, private equity and emerging technology firms. He has extensive industry experience in intelligence and security and was awarded an intelligence community meritorious achievement award by AFCEA in 2008, and has also been recognized as an Infoworld Top 25 CTO and as one of the most fascinating communicators in Government IT by GovFresh.
Untitled Document
| Virtualization Expo Looms Large on SYS-CON.TV |
 |
Cloud Expo 2010 East Opening Keynote by Oracle
View this Keynote, recorded live at the Jacob Javits Center, featuring Richard Sarwal, CSVP of Development and Hasan Rizvi, Senior Vice President of Oracle Fusion Middleware Products.
|
|
The Science of Doing Business in the Clouds
During this Cloud Expo Day Two Keynote, Tony Bishop will describe Adaptivity’s systematic and prescriptive approach that combines Fit-for-Purpose infrastructure technologies and management capabilities in order to create the optimal economics, environment and autonomics needed for the business to leverage cloud services.
|
|
Pete Malcolm, CEO of Abiquo Live From New York City
Join Pete Malcolm, CEO Abiquo, for this vendor-neutral keynote, where you will learn about the next chapter in the Virtualization story. What it is, what it means, why open standards are key, and most importantly, how it will revolutionize the way your organization manages IT.
|
|
The Time is Right for Enterprise Cloud Computing
During his keynote, Rich Marcello, Senior Vice President of Unisys, will discuss the latest technologies and approaches that help knock down these barriers, creating the opportunity for attendees to now consider cloud managed services as part of their data center journey to secure "IT as a Service".
|
|
Accelerating Innovation with Cloud Computing
Join Shelton Shugar, Senior Vice President of Cloud Computing at Yahoo! for a keynote elaborating on how Yahoo! and consumers benefit from Yahoo! Cloud Services and will describe Yahoo! Cloud Services and technologies. |
 |
Virtualization Articles & Feature Stories By Pat Romanski  At pennies per virtual machine-hour, the economics of cloud computing are both compelling and daunting to replicate. Whether you are building your own cloud infrastructure, building a public cloud or choosing a cloud service, there are key strategy and technology decisions that make the difference between success and failure.
In his General Session at the 12th International Cloud Expo, Jason Waxman, VP in the Intel Architecture Group and general manager of the Cloud Platforms Group within Inte... May. 25, 2013 10:00 AM EDT | By Elizabeth White  You're getting pitched every day from your legacy enterprise software and hardware vendors about "cloud." They're doing an amazing job of convincing your CIO and CTO about what cloud is and how you should use it. The reality is they're defending their shrinking market share and keeping you on the legacy treadmill for as long as they can by selling you solutions that aren't "cloud."
In her session at the 12th International Cloud Expo, Niki Acosta, Cloud Evangelista for Rackspace, will talk thro... May. 25, 2013 10:00 AM EDT | By Maureen O'Gara  CollabNet, the enterprise cloud development concern, figures the new version of CloudForge it’s put together kicks butt, leapfrogging GitHub and BitBucket by offering the broadest, freest toolkit around, while romancing developers by taking the shackles off its use.
The multi-tenant development-Platform-as-a-Service (dPaaS) is now unrestricted even though it’s free. It can build web sites, mobile, cloud and web applications, and rapidly prototype and deploy business software.
CloudForge can n... May. 25, 2013 10:00 AM EDT |
Latest Virtualization Conference News By Jeremy Geelan  With Cloud Expo New York | 12th Cloud Expo [June 10-13, 2013] hurtling towards us, let's start to take a look at the distinguished individuals in our incredible Speaker Faculty for the technical and strategy sessions at the conference coming up June 10-13 at the Jacob Javits Center in New York City.
We have technical and strategy sessions for you all four days dealing with every nook and cranny of Cloud Computing and Big Data, but what of those who are presenting? Who are they, where do they ... Feb. 21, 2013 09:30 AM EST | By Jeremy Geelan  What changes in the cloud computing and big data landscape should we be expecting in 2013? In this article we offer a round-up of industry experts' opinions as they were asked by Cloud Expo Conference Chair Jeremy Geelan to preview the year ahead. Dec. 18, 2012 01:00 AM EST | By Elizabeth White  What does Cisco's Cloud CTO have in common with the CTOs of Rackspace, Progress Software, Eucalyptus Systems, SOA Software, and the Cloud CTO of Symantec, as well as the CEOs of Nebula, Cordys, Adaptive Computing, and Virtustream, and the Executive Director of the OpenStack Foundation?
The answer is that they are all speaking here in Silicon Valley from today, at 11th Cloud Expo | Cloud Expo Silicon Valley - are you joining them?
The high-energy event is a must-attend for senior technolog... Nov. 5, 2012 08:20 AM EST |
Best Recent Articles on Cloud Computing & Big Data Topics  By Jeremy Geelan The Arlington, Virginia-based National Science Foundation has just released its "Report on Support for Cloud Computing" - in response to the America Competes Reauthorization Act of 2010, Section 524.
It is an absolute must-read for all concerned with current and future research projects in Cloud Computing. Reads: 8,404  By Jeremy Geelan "The volume of data we're generating now from machines pales in comparison to the volume of data we'll soon generate from our own bodies," says data security expert Dave Asprey. Writing in a Trend Micro blog, Asprey - who is one of the leaders in the emerging Quantified Self movement - explains his vision of a world in which personal biometrical data is shared via the cloud. Reads: 14,495  By Wolfram Jost Cloud computing has caught the attention of business leaders around the world in every
industry because of its enormous transformative potential. Visionary companies know that
the value of the cloud is far greater than the current focus solely on technology and operating
costs: when combined with a collaborative approach to designing processes, cloud computing
will change how we do business.
Reads: 20,146  By Elizabeth White Want to make sense of the hottest new concept in Enterprise IT?
Want to understand in just hours what experts have spent many hundreds of days deciphering?
Cloud computing is a technology that has rapidly evolving peppered with a lot of hype along the way. Customers find it hard to navigate through this and make sense of what aspects of this technology will give them real business benefit.
Cloud Computing Bootcamp, led by our 2013 Bootcamp Instructor Larry Carvalho, is a great way to get a practical understanding of this technology. We offer multiple days of actionable insight into what vendor offerings are currently available and help you comprehend their strategy.
The ever-popular Bootcamp, which is now held regularly around the world, is being held in conjunction with the 12th Cloud Expo, June 10-13, 2013, at the Javits Center, New York, NY. Reads: 10,520  By Larry Bettino Did you know that ninety percent of the data in the world has been created in the last two years? Every day, we create 2.5 quintillion (or 2.518) bytes of data, according to IBM.
As corporations across all industries globally are struggling with how to retain, aggregate and analyze this mounting volume of what the industry refers to as Big Data, it also provides a unique opportunity for innovative startups that recognize the business prospects Big Data presents. Big Data is not just unlocking new information but new sources of economic and business value.
Interactivity is driving Big Data, with people and machines both consuming and creating it. Digital companies focused on becoming good at aggregating and analyzing the data created by the end users of their product, who then provide their customers with solid insights taken from that data are at a distinct competitive advantage over others in the marketplace. Reads: 8,346  By Elizabeth White Industry-specific clouds are those PaaS, IaaS, and PaaS services that are tailored for a specific vertical, such as transportation, retail, finance, and health care. IDC sees a $65 billion market in these industry solutions for 2013, rising to $100 billion in 2016.
The value of industry-specific clouds is that businesses within a vertical can connect to applications, processes, and databases that are pre-defined for that vertical within a public or private cloud. They can extend processes and databases into the business domain, versus defining the data and processes within a generic cloud-based platform.
So, are industry specific clouds right for your business? What options are out there? How do you figure out the ROI? Reads: 6,198  By Pat Romanski SYS-CON Events announced today that Rackspace Hosting, the open cloud company, has been named "Platinum Plus Sponsor" of SYS-CON's 12th International Cloud Expo, which will take place on June 10-13, 2013, at the Javits Center in New York City, New York.
Rackspace® Hosting (NYSE: RAX) is the open cloud company, delivering open technologies and powering more than 205,000 customers worldwide. Rackspace provides its renowned Fanatical Support® across a broad portfolio of IT products, including Public Cloud, Private Cloud, Hybrid Hosting and Dedicated Hosting. Rackspace has been recognized by Bloomberg BusinessWeek as a Top 100 Performing Technology Company, is featured on Fortune's list of 100 Best Companies to Work For and is included on the Dow Jones Sustainability Index. Rackspace was positioned in the Leaders Quadrant by Gartner Inc. in the "2011 Magic Quadrant for Managed Hosting." Rackspace is headquartered in San Antonio with offices and data centers around the world.  By Liz McMillan 10th International Cloud Expo, held on June 11-14, 2012 at the Javits Center in New York City, featured four content-packed days with a rich array of sessions about the business and technical value of cloud computing led by exceptional speakers from every sector of the cloud computing ecosystem.
The Cloud Expo series is the fastest-growing Enterprise IT event in the past 10 years, devoted to every aspect of delivering massively scalable enterprise IT as a service.
We invite you to enjoy our photo album of the show - we'll be adding new images all week. Reads: 8,979  By Carmen Gonzalez Ulitzer.com announced "the World's 30 most influential Cloud bloggers," who collectively generated more than 24 million Ulitzer page views. Ulitzer's annual "most influential Cloud bloggers" list was announced at Cloud Expo, which drew more delegates than all other Cloud-related events put together worldwide. "The world's 50 most influential Cloud bloggers 2010" list will be announced at the Cloud Expo 2010 East, which will take place April 19-21, 2010, at the Jacob Javitz Convention Center, in New York City, with more than 5,000 expected to attend. Reads: 45,930  By Kevin Hartig Cloud computing is becoming one of the next industry buzz words. It joins the ranks of terms including: grid computing, utility computing, virtualization, clustering, etc.
Cloud computing overlaps some of the concepts of distributed, grid and utility computing, however it does have its own meaning if contextually used correctly. The conceptual overlap is partly due to technology changes, usages and implementations over the years.
Trends in usage of the terms from Google searches shows Cloud Computing is a relatively new term introduced in the past year. There has also been a decline in general interest of Grid, Utility and Distributed computing.
Likely they will be around in usage for quit a while to come. But Cloud computing has become the new buzz word driven largely by marketing and service offerings from big corporate players like Google, IBM and Amazon. Reads: 199,756  By Elizabeth White SYS-CON Events announced today that Dell Inc. has been named "Silver Sponsor" of SYS-CON's 12th International Cloud Expo, which will take place on June 10-13, 2013, at the Javits Center in New York City, New York.
For more than 28 years, Dell has empowered countries, communities, customers and people everywhere to use technology to realize their dreams. Customers trust Dell to deliver technology solutions that help them do and achieve more, whether they're at home, work, school or anywhere in their world. Learn more about Dell's story, purpose and people behind its customer-centric approach. Reads: 2,729  By Liz McMillan One of the most compelling promises of the cloud is that you can pull out a credit card and be working in minutes. No purchase orders to fill out, no equipment to wait for on the loading dock. Just instant access to the resources you need, when you need them. But accessibility comes at a price, and an unintentional consequence may be that you create yet another orphaned identity silo. Enterprise IT has spent years consolidating its mishmash of directories, only to discover that cloud now threatens to turn back their hard-won victories.
In his session at the 12th International Cloud Expo, Scott Morrison, CTO and Chief Architect at Layer 7 Technologies, will look at strategies to incorporate identity into cloud applications. Enterprise identity or social login can both be a part of your go-to-cloud strategy, but you must plan for this upfront, rather than try to retrofit identity and access control at a later date. Reads: 3,093 By Roger Strukhoff Cloud Expo, Cloud Expo East, Cloud Expo West, Cloud Expo Silicon Valley, Cloud Expo Europe, Cloud Expo Tokyo, Cloud Expo Prague, Cloud Expo Hong Kong, Cloud Expo Sao Paolo are trademarks and /or registered trademarks (USPTO serial number 85009040) of Cloud Expo, Inc. Reads: 17,026 |
Untitled Document
 |
|
Save $500
on your “Gold Pass” Registration! Call 201.802.3020 or click here to Register Early Bird Expires January 2nd.
|
 |
|
 |
|
|
Please Call
201.802.3021
events (at) sys-con.com
|
 |
| SYS-CON's Virtualization Expo, held each year in California, New York, Prague and Tokyo, is the world’s leading Cloud event in its 4th year, larger than all other Virtualization events put together. For sponsorship, exhibit opportunites and show prospectus, please contact Carmen Gonzalez. |
|
|
|
|
| Senior Technologists including CIOs, CTOs, VPs of technology, IT directors and managers, network and storage managers, network engineers, enterprise architects, communications and networking specialists, directors of infrastructure Business Executives including CEOs, CMOs, CIOs, presidents, VPs, directors, business development; product and purchasing managers. |
|
 |
Virtualization Blogs Live By Doug Bonderud  Although often misunderstood, cloud computing ultimately relies on the same technological underpinnings as traditional server and storage options. While software, platforms and even infrastructure are farmed out to third-party providers, their ability to operate efficiently is constrained by the same physical laws as those which govern local server stacks. IT professionals and service providers, therefore, both have a vested interest in making the best use of the physical hardware available – and that means thinking outside the power box.
One of the most-touted benefits of cloud computing is ... May. 24, 2013 12:44 PM EDT | By Keith Mayer  Hyper-V Replica is our included asynchronous site-to-site VM replication capability for Windows Server 2012 and our free Hyper-V Server 2012 bare-metal enterprise-grade hypervisor. Using Hyper-V Replica, you can quickly implement a cost-effective disaster recovery plan for your business critical VMs without the high costs involved in traditional DR solutions – you just need a Hyper-V host and/or cluster at each site and an IP WAN or Internet connection between them. No expensive shared storage or extra licenses are required!
In this article, you’ll walk through a Guided Hands-on Lab for pla... May. 24, 2013 11:00 AM EDT | By Gathering Clouds  While movement to the cloud keeps accelerating, fears about security hang on. Let’s take a look at the most common myths about cloud security that might be holding businesses back from taking advantage of the flexibility and scalability of the cloud model.
This is the piece of “common sense” that hangs on, but the data just doesn’t bear it out. Alert Logic, a provider of cloud-enabled security solutions, does regular studies of its customers, looking at the actual threats they experienced. For the last few years, they’ve been finding that cloud hosting provider customer are less likely to exp... May. 24, 2013 08:45 AM EDT | By Mark van Rijmenam  Knowing what Big Data is, is one; knowing what a Big Data strategy is two; knowing how to implement that Big Data strategy is even more difficult. At least, that is how a lot of organizations perceive it. It must be said, in large process-directed organizations, what most of the large corporates are, it can be difficult. Convincing the board and defining where to start could be a daunting task, when in fact the steps that need to be taken are clear and straightforward. This roadmap can help you define and implement the right Big Data strategy.
First of all, organizations need to understand wh... May. 24, 2013 08:15 AM EDT |
Untitled Document
|
|
SARWAL
Oracle |
COFFEE
Salesforce |
KHAN
Sybase |
BISHOP
Adaptivity |
MALCOLM
Abiquo |
KHALIDI
Microsoft |
RILEY
AWS |
AZUA
IBM |
BARRETO
Intel |
CHAKRAVARTY
Novell |
CRANDELL
RightScale |
GAUVIN
Virtual Ark |
GROSS
Unisys |
SCHALK
Google |
YEN
Juniper Networks |
WILLOUGHBY
Compuware |
|
|
|
Experts.jpg)
.gif)
