Executive Order on Insider Threats: Driving Big Data Challenges

President Obama issued an executive order, establishing an Insider Threat Task Force to prevent potentially damaging and embarrassing exposure of government secrets or classified information, such as those made public by WikiLeaks. This is a huge step in the right direction – providing both a framework for building out agency programs and specifics for cross-agency, centralized guidance and assessment of progress being made to address this threat.

That said, getting from here to there won’t be easy. Let’s peel back the technology involved in situational awareness and the detection of an insider attack. In order to watch where people are going, what information they are accessing, and what they are doing with it, you have to collect lots of data. For a single government agency, this is no small task. IT teams deal with thousands of government personnel who have incredibly complex access rules based on the missions or programs they are on. At a granular level, user permissions across systems, applications and data can change daily. What might be legitimate access today could actually become a suspicious activity tomorrow.

What makes matters even more complex is that the typical insider attack occurs over extended periods of time: whether it is because the insider moves slowly to avoid detection all along, or because they stumble on an opportunity and gain confidence to capitalize on it over time. In order to effectively detect these long-lead attacks, data has to be collected and retained for longer periods of time.

How can security teams identify which user profiles and activities, buried in this vast landscape of event data, are worth noting, isolating and investigating?

Two things are clear:

-A combination of both real-time incident alerting AND longer-range forensic technologies are required across a vast landscape of data

-An open approach to analyzing – and sharing – security intelligence will accelerate progress across the board

Find out more about the Executive Order, and what technologies are involved in this important new development!