My Photo

Archives

More...

About

OASIS-08

  • 27a

Got the NAC

« NAC now? NAC later? How about both? | Main | Silly SNAC's, part Duex »

June 25, 2008

The Threat Inside

Another summertime stalwart for me is Mark Twain.  Whether it's due to the super-cool white suit, the fact that most stories were set during summer, or just his cool-glass-of-lemonade style of storytelling, Mark Twain stories were a mainstay of my surviving the inevitable 18 hour car trips on summer vacation.  Of course, Twain had a famous quote on statistics, and I was reminded of that quote when reading the recently released databreach report from Verizon's Business Risk Team.  Nathan McFeters was apparently reminded of similar things given his recent entry on zdnet.  Nathan asks some reasonable questions in his entry, but it seems that the bulk of the coverage of this report has centered around the idea that the insider threat has been misoverestimated.  A reasonable impression, if you read the Executive Summary.  But the "Insider Threat" in the report seems to be limited to internal people (most often IT people) doing bad things for whatever reason.  So, really, the report's main finding is that most of your people are good people, rather than bad people.  Good to know.  Not exactly groundbreaking, but still good to know.

What's missing from the report (as well as the coverage of it that I've seen) is any discussion of the role played by botnets and keystroke loggers in accomplishing the initial breach.  At least in my experience, this has been a major, critical factor in what ultimately ends up in data loss/corruption.  To me, this is really where NAC comes in.  In addition to walling off your partners and securing your critical assets, it just seems to make good whitewash-your-fence sense to put in place "reasonable" desktop policies and procedures that (a) deploy patches and AV/AS updates regularly, (b) enforce access policies around the consumption of those deployed updates, and (c) watch what users do even when they're patched and updated.  A combination of those basic, non-rocket-science things would, I'm willing to bet, have prevented the overwhelming number of breaches investigated by Verizon's team.  Then instead of fighting databreach fires, we could all have a cool glass of lemonade.

And Verizon could focus on making my phone work.

Posted by Grant Hartline on June 25, 2008 at 06:38 PM in Network Access Control |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e550a981ff883400e5538cc7828834

Listed below are links to weblogs that reference The Threat Inside:

Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment