Security Samizdat

Interesting article on “counterintelligence” initiatives to proactively stop insider attacks and information leaks: “Insider Attacks Put IT Security on the Offensive” by Tim Wilson at DarkReading.com

“Companies are beginning to see that most of the tools they are using — firewalls, intrusion prevention, log analysis, even a lot of the data leak prevention tools — are really only useful after you’ve been compromised,” says Kevin Harvey, senior sales engineer at Fidelis, who has participated in hundreds of insider threat assessments for large enterprises. “What they’re looking to do now is develop ways to proactively seek out the threats and prevent them, rather than just find out who did it.”

I wonder if it’s possible to implement this without companies misunderstanding it and turning their IT environments into Orwellian “ubiquitous law-enforcement” tools?

Another key piece of the “counterintelligence” puzzle is monitoring employee activity. “In our environment, any employee can use an online form to report suspicious activity,” says an IT security officer at a large banking company, who asked not to be identified. “That alerts corporate security, which then investigates.

[…]Many experts also recommend using employee monitoring tools, which can help identify unusual behavior and activity at odd hours.