Home' Defense Systems : March and April 2015 Contents BY CHRIS LaPOINT
There are accidents – and then
there are accidents.
A dog eating a kid’s homework
is an accident. Knocking over a glass of
water is an accident. A fender-bender at
a stop sign is an accident.
The incorrect use of personal de-
vices or the inadvertent corruption of
mission-critical data by a government
employee can turn out to be more than
simple accidents, however.
These activities can esca-
late into threats that can
result in national security
These accidents hap-
pen more frequently than
one might expect — and
they’ve got DOD IT pro-
fessionals worried. Be-
cause for all of the media
and the government’s focus on external
threats — hackers, terrorists, foreign
governments, etc. — the biggest concern
continues to be threats from within.
As a recent survey by my company,
SolarWinds, points out, administrators
are especially cognizant of the potential
for colleagues to wreak havoc — induc-
ing through simple mistakes. They are
just as concerned about the person next
to them as they are of an external Anony-
mous-style group or a rogue hacker.
Given this, it’s fair to ask whether agen-
cies are focusing their security efforts ap-
propriately. According to the survey, the
answer is “maybe not,” as respondents say
their agencies’ investments remain pri-
marily focused on the external problem.
So, what are agencies doing to tackle
internal mistakes? Primarily, they’re
bolstering federal security policies with
their own policies for end users. This in-
volves gathering intelligence and provid-
ing information and training.
While this is a good initial approach,
it’s not nearly enough.
Additional policies and training alone
don’t address the root of the problem,
which is the sheer volume of devices and
data that are leading to mistakes in the
IT professionals need more than just
intuition and intellect to address com-
promises resulting from internal acci-
dents. Networks are simply too complex
for that type of exclusive approach. Any
monitoring of potential security issues
should include the use of technology that
allows admins to pinpoint threats as they
arise, so they may be addressed immedi-
ately and without damage.
Thankfully, there are a variety of best
practices and tools that address these
concerns and complement the policies
already in place, including:
• Monitoring connections and devices
and maintaining logs of user activity—
where on the network certain activity
took place, when, what assets were on
the network, and who was logged in.
• Identifying what is or was on the
network by monitoring for anomalies,
tracking devices, offering configuration
and change management, managing IT
assets and monitoring IP addresses.
• Implementing tools identified as
critical to preventing accidental insider
threats, such as those for identity and
access management, internal threat
detection and intelligence, intrusion
detection and prevention, SIEM or log
management, and Network Admission
Survey respondents called
out each of these tools as useful
in preventing insider threats.
Together and separately, they
can assist in isolating and tar-
geting network anomalies.
Log and event management
tools, for example, can moni-
tor, detect any unauthorized
(or, in this case, accidental)
activity, and generate instant analyses
and reports. They can help correlate a
problem — say, a network outage — di-
rectly to a particular user. That user may
or may not have inadvertently created an
issue, but it doesn’t matter. The software,
combined with the policies and training,
can help administrators attack it before it
goes from simple mistake to “Houston,
we have a problem.”
The fact is, data that’s accidentally lost
can easily become data that’s intention-
ally stolen. You can’t afford to ignore
accidental threats, because even the
smallest error can turn into a very large
Chris LaPoint is group vice president of
product management at SolarWinds.
of human error
Preventing a minor accident from becoming a security catastrophe
34 MARCH/APRIL 2015 | DefenseSystems.com
accidentally lost can
easily become data
3/10/15 12:31 PM
Links Archive January and February 2015 May and June 2015 Navigation Previous Page Next Page