Enemy at the Water Cooler: True Stories of Insider Threats and Enterprise Security Management Countermeasures

Posted on by Ben Rothke

Enemy at the Water Cooler: True Stories of Insider Threats and Enterprise Security Management Countermeasures explores an important, yet often neglected topic. 

Even though hacker Kevin Mitnick's notorious exploits are more than a decade old, the media, and even some security professionals, continue to be obsessed with him. In early October 2006 alone, his name came up a few dozen times in a search of the prior month of Google News. Those obsessed with hackers are missing the far greater threat: trusted insiders. 

The insider threat shouldn't be a surprise: employee theft takes a bigger bite out of retailers than does shoplifting, and company personnel give away more secrets than are stolen by spies. 

On average, authorized network users gain access to 10 to 20 times more resources than they need to perform their jobs, and this extra access leads to most network security breaches. With that as its starting point, Enemy at the Water Cooler looks at the problem of the trusted insider and how to reduce both the threat and the vulnerability. Author Brian Contos astutely notes that insider attacks are the hardest ones to defend against, detect, and manage. 

The first part of the book sketches the risks that insiders pose to an organization. It also details mechanisms that can be used to control these risks. 

One such solution is ESM (Enterprise Security Management) software. (Full disclosure: the author is the CSO for a leading ESM vendor and some of the illustrations in the book are screenshots from this vendor's product.) ESM software centrally collects and analyzes log data from various entities within a network. When correctly deployed, ESM can be used to discover internal risks, in addition to correlating security information and performing other valuable tasks. 

The final chapters of the book run through real-life case studies in which Contos shows how ESM mitigated, or could have mitigated, the risk.

Although the book has a lot of information, at $49.95 for fewer than 250 pages, the book is overpriced. Even though it can come across as self-serving, the book should be commended for tackling a vital and often neglected topic.

Ben Rothke

Senior Information Security Manager, Tapad

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs