In the news
Securities Industry News: Danger From Within
By Maria Trombly
10.01.07
http://www.securitiesindustry.com/issues/19_33/21540-1.html
When hackers prey on corporate targets, they often have assistance from partners on the inside, says Ellen Libenson, VP of product management at Agoura Hills, Calif.-based Symark International - a trend that is only "just starting to get attention."
Trusted users such as network specialists and database managers can pose a significant threat to the security of a company's data. "These are people who normally have some sort of privileged access, people we normally trust to keep us safe," Libenson says. "This is a group that's increasingly coming under scrutiny," and there have been a number of recent high-profile incidents in which employees of this type were involved.
In many companies, the number of privileged accounts actually exceeds the number of corporate user accounts, she says. Privileged accounts that are created for particular tasks are often not deleted once their purpose has been fulfilled.
Symark offers a device, PowerKeeper, that manages access to particular applications, says Libenson. If a system administrator needs to make changes to the Oracle Corp. financial system, PowerKeeper "will manage the access to that application so that people who want to get into the application have to request a password first. Once they're done with what they're doing, the password is automatically reset - they can't log back in after hours or give the password to someone else."
Another product, PowerBroker, controls access to the root password of Unix and Linux systems. A root password gives users complete access to a system, and can cause untold damage if it falls into the wrong hands.
Both products can be administered centrally, and companies can set policies about who is allowed to access which systems and when. All access is automatically logged.
Call center staffers can present as much of a danger as privileged-account holders. "They are some of the lowest-paid employees, just by the virtue of their jobs, but they have access to absolutely everything," says Jeremy Wunsch, CEO of LuciData in Minneapolis . Wunsch helps companies find their biggest network vulnerabilities, and for brokerages, he says, that's the call center.
Firms can guard against data loss by monitoring the content that staffers access and passing the results to an external party to review. "People try to watch their own employees, but there's always the fear that the people doing the watching are in on it, or their friend is in on it and they don't report it because they're a friend," says Wunsch.
It's hard to protect against an employee reading data off a screen and repeating it on a cell phone - or taking a picture. And it's equally difficult to prevent employees from printing sensitive information. However, firms can monitor how much customer data an employee is accessing, and at what time, and compare it to typical patterns.
An increasingly popular approach to preventing information theft is to create document- or role-based security policies and put software in place that monitors all data as it is accessed. New York-based Orchestria Corp. is one of the leading document management companies catering to Wall Street.
"We analyze identities" when looking at e-mail attachments, says Michael Rothschild, senior director of product marketing at Orchestria. "Who is sending to whom, as well as the content of an attachment, and the context. And if we see something happening improperly, we stop it and tell the user, It looks like you're doing something you're not supposed to be and it's been blocked.'"
Financial firms are already archiving and monitoring, notes Rothschild, but it's important for breaches to be stopped before they take place, not after the fact. Software can monitor when employees move files from one place to another, or attempt to rename or encrypt files. Permissions can be granted on an individual basis, based on workgroups or on the roles indicated in company directories.
San Francisco-based Vontu, which counts seven of the top ten investment banks as clients, stores sensitive files in protected directories and creates a signature for every file. An alert is triggered if someone, say, improperly copies a paragraph on page seven of a document, says Steve Roop, Vontu's VP of products and marketing.
Orchestria determines which files to flag as sensitive by scanning content for key information such as Social Security numbers. "We'll look at things like keywords and proximity of words to one another," examine the context, and then give it a score, says Rothschild.