Supporting Insider Threat Identification with Continuous Monitoring

The following interview with Chris LaPoint, Group Vice President of Product Management at SolarWinds, is an excerpt from our recent guide, Securing Government: Lessons from the Cyber Frontlines. In this guide, we review five tactics government organizations are using to enhance their cybersecurity.

The risk of insider threats isn’t anything new – recent breaches like WikiLeaks and Edward Snowden’s exposé highlight the extreme risk of these types of security issues. However, Chris LaPoint of SolarWinds, an IT management and monitoring software provider, said that nevertheless, agencies are continuing to overlook insider threats when creating their cybersecurity strategy and technology architecture.

Prioritize Cyberthreats
“If you look at where most agencies’ budgets are aligned and where visibility is placed, the focus is really in response to high-profile, external attacks,” said LaPoint. “One of the biggest risks is that there’s so much focus around the external that people are forgetting about the internal. The conversation needs to consider all types of substantial threats and do so from both a tools and budget perspective.”

According to a recent survey on cybersecurity threats by SolarWinds and research firm Market Connections, while agencies may not be focusing enough on the topic, cybersecurity personnel do recognize the risk of insider threats. Fifty three percent of federal IT professionals identified careless and untrained insiders as the greatest source of IT security threats at their agencies. More than half of respondents also said they believed the damage caused by malicious insider threats could be the same or greater than that caused by external threats.

Inadvertent insiders are also a significant risk. “Even if someone clicked on a link and inadvertently created an issue inside the network, that could lead to an inability to actually perform agency functions. That is a huge risk,” said LaPoint.

“For external threats, you’re obviously trying to keep the bad guys out of your networks, whereas internal threat prevention tactics tend to focus on training,” he added. “But the common tactical thread for both is the ability to understand who, what, when, and where suspicious activity is taking place across the entire network.”

Deploy Integrated Security Software
Network monitoring is performed at many – if not all – agencies. However, LaPoint said that too often we only see compliance and security audits performed on a periodic basis – maybe twice a year – when monitoring should be continuous. “Agencies need to implement tools that allow for continuous monitoring so that those audits of access control and configuration are performed on an ongoing basis,” he said.

<SolarWinds’ software provides the necessary tools to monitor and secure agency networks. These tools span three categories. First, “User and device tracking software offers the ability to understand where users are connecting to that network, where they’ve been, and what device they are using to connect, allowing for quick detection of any rouge devices that are connecting to the network,” said LaPoint.<

To consolidate this information, “Security information and event management software allows IT pros to collect data from all of the different systems, devices, and security appliances throughout a network,” LaPoint explained. These capabilities alleviate the burden on agencies to independently capture and organize security data.

Then, “IP address management software helps IT understand where there are potential conflicts or issues on a network,” said LaPoint. This functionality allows security staff to focus on high priority areas for remediation.

Reap Additional Benefits
“Continuous monitoring software allows IT pros to take a more proactive and persistent approach in the same way that attackers are taking more advanced, persistent approaches to getting into the network,” LaPoint said. Agencies can move beyond simply responding to threats by consistently monitoring behavior for indicators of future insider vulnerabilities.

LaPoint also explained how this last feature could aid non-security focused IT staff: “What an IT organization might be doing for continuous monitoring of security can actually complement what they’re already doing on the operations side. The notion of being able to collect the data once and then use it for many different purposes is something we focus on.” In other words, data collected with SolarWinds’ software can be used to strengthen networks and operations at government organizations.

An integrated suite of monitoring solutions can help bridge the gap between IT and security personnel – a division which often hinders cyber strategies. “One of the things that we’ve really been trying to encourage IT professionals within government to understand is the need for IT operations and information security to work better together to reduce the number of tools and amount of data they’re working with, while still understanding what’s going on,” said LaPoint.

The risk of insider threats has never been higher. For agencies to become truly secure, they will require integrated tools that not only protect the perimeter of the organization but continuously monitor internal cohorts and systems as well. Integrated software solutions are one way to consolidate security efforts, achieve continuous monitoring, and protect against insider threats.


Leave a Comment

Leave a comment

Leave a Reply