Security pros are constantly being warned about insider threats. We’re told our companies need next-generation software, integrated threat intelligence, and the ability to correlate massive amounts of event logs and context to arm ourselves against these threats.
We’re told that these tools are necessary to block attacks and to recover from attacks, should they be successful. Unfortunately, when companies eventually figure out that they’ve been compromised, they also discover their systems had been compromised for an extended period of time.
As I discussed this topic with a number of people during the recent BlackHat conference in Amsterdam, I realized there must be some way for companies to see that could be a victim of an insider attack well before the authorities come knocking on their front door.
Thank You Contributors!
A huge thanks goes to the group of experts, representing many companies and technologies, that contributed to this article:
- Arno Meulenkamp, systems engineer at Infoblox
- Yonathan Klijnsma, senior threat intelligence analyst at Fox-IT
- Nagraj Seshadri, vice president of marketing at Recorded Future
- Wade Williamson, director of product marketing at Vectra Networks
- Itsik Mantin, director of security research at Imperva
- Haroon Meer, founder/researcher at Thinkst
- Fabien Perigaud, security expert at Airbus Defence and Space – CyberSecurity
- Mark Schloesser, security researcher at Rapid7
- Johan den Hartog, sales engineer at Tenable Network Security
- Greg Day, vice president and CSO, EMEA at Palo Alto Networks
- Ralph Pisani, executive vice president of Field Operations at Exabeam
Read the full article on Network World