Hello, my name is Buck French, and I'm the CEO of Securify.And today I'm going to talk to you about the network security gaps that existwithin most enterprises, and their ability to have real-time detection of whatusers are doing with their critical business systems.
In most organizations, they've opened up their networks to awhole host of different user groups - for a great business reason -outsourcers, partners, different employee groups, providing them access tothese key business systems, so you can drive efficiencies within yourorganization.
The challenge, though, comes that this creates a securityrisk for you because most organizations today do not have real-time visibilityof what users are doing to those key business systems. They don't have anability to verify the trust in which they're providing those different usergroups. The only way they've been able to achieve any level of visibility todayis through log-analysis. The challenge with log-analysis, as many of you know,is extremely time consuming and costly, and it's always after the fact.
So what I'd like to speak to you today about is about thisgap that exists. An interesting statistic to help support that this gap existstoday, is that 78% of inside abuse that happens within an organization today isby an authorized user to a key business system. And in 75% of these instances,the abuse is reported by a non-IT person. So, we know the gap exists, so how dowe fill it?
Well, first, it's important to have a real-time monitoringdevice that monitors the traffic between different user groups and these keybusiness systems. There's three critical components that need to be monitoredfor within this interaction to ensure that these users are doing theappropriate things. First, you have to understand the relationship between thatuser and the system. Based on that relationship, you need to understand whatservices that system can offer. So the second key component is, given thesystem to that user, what services are allowed? And finally, the third componentis, based on that user, to that type of system, with those types of services,what transactions are allowed within those services?
For example, let's say that this is a general intranet user.Then, has access to a web server. That, at the highest level, is therelationship. Based on the fact that this is a general intranet user to a webserver, that system is allowed to provide HTTP. Based on the fact that it's ageneral intranet user with a web server, getting HTTP, the service is onlyallowed to provide Gets and Connects as a transaction for that user. If a usertries to do a WebDAV or a Change command on this web server, or this keybusiness system, you'll be alerted on it. So the core component ofunderstanding and mitigating the risk of insider abuse within your enterprisetoday is having the ability to have real-time visibility and control of how auser is interacting with those key business systems, all the way up to theapplication layer.
