Dr. Paul Vixie
Chief Executive Officer at Farsight Security
Today the insider is not just a person, it's also the fruits of complexity and chaos. Very few companies fully understand what their digital infrastructure is built from and what its’ capabilities are. To me, the new Insider Threat is anyone and anything inside your perimeter that you have to be able to trust and depend on, where that trust must be auditable and revocable.
The Insider Threat risk can be managed at low-to-moderate cost and kept at non-existential levels. Comparatively, external threats such as supply chain poisoning, or market instability, or customer health and continuity, or obsolescence or competition, remain existential even when managed at medium-to-high cost.
Old-think tells us that Insider Threats come from agents who are people rather than complex digital hardware/software systems who can, in fact, also behave as agents, for example, by making online information more vulnerable to external threats than offline information previously was.
Ignorance, which is sometimes willful, especially concerning estimates of TCO, is the underlying menace.
Insider Threats which come from digital system complexity, where dangerous agency might not be human, almost always take the form of Internet communications. On the Internet, almost all work requires DNS. So, a successful defense against Insider Threats must include monitoring the enterprise's own DNS lookups, and also monitoring of the enterprise's brands and IP address from a global DNS perspective. To be responsible in managing Insider Threat risk, an enterprise must be able to detect, in real-time, any malicious DNS content that a bad actor might create or access -- whether that bad actor is inside or outside, human or digital.
To manage Insider Threat risk in 2017, compliance auditing must take a back seat to live drills and peer review. Whereas in the past the personal and financial health of key employees were audit items, we must now concern ourselves with the financial incentives of our supply chains. BYOD will require a rethink as to office network topologies, and the end result of that thinking may be that no device should be expected to be secure, or that only company-owned devices with up-to-date end system agents should have access to company data and systems, or something worse. Every technology investment now needs the same level of TCO planning that hiring and firing of key personnel have always demanded -- digital systems are very powerful, and that power must be accounted for both in the capability AND the risk and depreciation categories. An honest and transparent investment and growth plan will either include a large sum of insurance money or a large sum of auditing and rapid replacement money. Too often, investment for growth accounts for benefits but overlooks risks and inevitable down-line costs.
Stay in touch, subscribe to the Farsight Security Newsletter