Crunchy on the Outside, Chewy on the Inside – Eliminating Insider Threats
Sixteen years ago, when we set out to build the first commercial inline Intrusion Prevention System (IPS), the OneSecure IDP, there was a lot of consternation and concern that deploying a solution inline would never happen on enterprise networks. Fast forward to now. We have multiple successful companies like Palo Alto Networks, Fortinet, SourceFire, and others. that have integrated IPS technologies into their NG Firewalls.
Today, with the numbers of breaches and insider threats on the rise, the same question is being asked inside the enterprise network: Will enterprises be willing to deploy prevention solutions that could eliminate insider threats? The answer is, without a doubt, yes. Hear me out:
- Security is mainstream and businesses don’t want to be identified as those that have been breached
- There are just not enough security personnel to follow up on every alert
- Loss of customer trust, and hence business, is a big concern
The state of User Behavior Analytics (UBA) products is exactly where IDS’ were a decade+ ago before the introduction of IPS’ that could not only detect but actively enforce policies. This response mechanism is vital to closing the loop in eliminating threats. Mature and mainstream technologies like Multi Factor Authentication (MFA) and Machine Learning (ML), make enforcement inside the network feasible. MFA is required as incumbent technologies like NG Firewalls that can only block or allow are too blunt for confirming suspicious activity. Being able to validate identity of a user on the fly, without intervention from the security team, is possible with technologies like MFA. This ensures security without impacting the business process.
Machine Learning, on the other hand, allows systems to automatically baseline normal behavior without the assistance of the scarce security expertise. As employee roles change and evolve, the system automatically updates the baseline. ML solves the other challenge of identifying breaches.
Combining breach detection with active responses like MFA will make internal enforcement mainstream before long. These technologies were not as widely deployed when we built the first IDP. Now, with a policy based approach and using technologies like ML and MFA, businesses can finally eliminate insider threats.
Posted by Kowsik Guruswamy on July 14, 2016 11:01 AM