top of page

Another tool for monitoring insider risk

The risk to an organization is manifested in many different packages and from many sources. One particularly poignant area of potential risk has been the organization’s own employees and staff, or the insiders. The risk may take the form of simple errors on the user’s part, e.g. clicking on a phishing email or other intentional acts, e.g. planting malware or removing intellectual property. With either avenue, the effects can be significant and detrimental.

Given the nature of the issue, the admins and InfoSec staff have implemented various tools and processes to monitor potential insider issues. The organization may use logs or other analytic tools to detect any of these and the myriad of other issues.

Recently, UNSW Sydney, Macquarie University, and Purdue University have created a new process to assist with securing the enterprise. The researchers have named this Gargoyle. This tool, as with a portion of the others, is network-based. The tool works with four primary actions, to evaluate the user’s access requests, uses the software-defined network (SDN) capabilities, maximizes network controller uses, and instead of a binary approach for authorizations, the new process reviews the context.

The new process has been tested and shown to be viable and a better measure than other role-based access control (RBAC), function-based access control (FBAC), and usage control (UCON) methods. The tests were completed on a limited scale. For the follow-up to measure the scalability, the testing will continue, however with larger networks.

Resources

Shaghagni, A., Kanhere, S.S., Kaafar, M.A., Bertino, E., & Jha, S. (2018). Gargoyle: A network-based insider attack resilient framework for organizations. Retrieved from https://arxiv.org/pdf/1807.02593.pdf

Zorz, Z. (2018, July 13). Gargoyle: Innovative solution for preventing insider attacks. Retrieved from https://www.helpnetsecurity.com/2018/07/13/gargoyle-preventing-insider-attacks

About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

Featured Posts
Check back soon
Once posts are published, you’ll see them here.
Recent Posts
Archive
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
bottom of page