Monitoring Technologies for Mitigating Insider Threats

The annual Computer Crime and Security Survey for 2008 [1] surveyed 522 security employees from US corporations and government agencies, finding that insider incidents were cited by 44 percent of respondents, nearly as high as the 49 percent that encountered a conventional virus in the previous year. In general, there is an increasing recognition of the significance, scope and cost of the malicious insider problem. Some state-of-the-art defenses focus on forensics analysis and attribution after an attack has occurred using techniques such as sophisticated auditing [2] and screen capture [3]. Other commercially available systems are designed to prevent, detect, and deter insider attack. The ideal case is to devise systems that prevent insider attack. Policy-based mechanisms and access control systems have been the subject of study for quite some time but have not succeeded in solving the problem of preventing insider abuse. Monitoring, detection, and mitigation technologies are realistic necessities.