Detecting Insider Threats: Who Is Winning the Game?

摘要: Preventing, detecting, and responding to malicious insider activity poses a significant challenge enterprise organizational security. Studies continue show the threat problem has not abated, may be increasing. We could speculate on cause, perhaps looking at workforce demographics, new information sharing technologies, or evolving policies regarding personal devices in workplace. But regardless of factors driving this trend, trusted individuals causing harm organization by exploiting authorized access is ancient, will remain serious ad infinitum. The cycle familiar security professionals: attackers determine methods attack, defenders develop countermeasures, so on. So where do we stand today? What capabilities are insiders exploiting, how cybersecurity professionals countering those attacks? Is one side significantly "ahead" other? In talk, we'll address questions, trends attacks emerging workplace issues that influence an employee's decision act maliciously. We'll look techniques being published for detecting suspicious activity, including solutions anomalous cyber indicators as well try identify behavioral concerns among workforce. highlight barriers effective research, such limited real data sets include ground-truth share overcoming challenges. talk conclude with discussion key areas future work.