Another tool for monitoring insider risk
The risk to an organization is manifested in many different packages and from many sources. One particularly poignant area of potential risk has been the organization’s own employees and staff, or the insiders. The risk may take the form of simple errors on the user’s part, e.g. clicking on a phishing email or other intentional acts, e.g. planting malware or removing intellectual property. With either avenue, the effects can be significant and detrimental.
Given the nature of the issue, the admins and InfoSec staff have implemented various tools and processes to monitor potential insider issues. The organization may use logs or other analytic tools to detect any of these and the myriad of other issues.
Recently, UNSW Sydney, Macquarie University, and Purdue University have created a new process to assist with securing the enterprise. The researchers have named this Gargoyle. This tool, as with a portion of the others, is network-based. The tool works with four primary actions, to evaluate the user’s access requests, uses the software-defined network (SDN) capabilities, maximizes network controller uses, and instead of a binary approach for authorizations, the new process reviews the context.
The new process has been tested and shown to be viable and a better measure than other role-based access control (RBAC), function-based access control (FBAC), and usage control (UCON) methods. The tests were completed on a limited scale. For the follow-up to measure the scalability, the testing will continue, however with larger networks.
Resources
Shaghagni, A., Kanhere, S.S., Kaafar, M.A., Bertino, E., & Jha, S. (2018). Gargoyle: A network-based insider attack resilient framework for organizations. Retrieved from https://arxiv.org/pdf/1807.02593.pdf
Zorz, Z. (2018, July 13). Gargoyle: Innovative solution for preventing insider attacks. Retrieved from https://www.helpnetsecurity.com/2018/07/13/gargoyle-preventing-insider-attacks
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.