I just read Brian Contos’ new book “Enemy at the water cooler”. It is a compilation of his war stories from the field regarding security. It is a must read for anyone who worries about the fact that they have extended almost complete trust to those that have the most power to do damage: insiders. While a lot of Brian’s experience comes from his position as CSO of Arcsight and he often uses his stories to demonstrate the power of Security Event Management and its ability to discover misbehavior and provide after the fact forensics, there is no heavy marketing message in his book. Rather, it is an eye opener to the world of human behavior.
In our weekly IT-Harvest Threatcast I asked Brian to comment on a few of his war stories, starting with the US telecom company that was being targeted by Private Investigators who were attempting to get customer records from their teleoperators. I thought that was pretty topical considering the mess at HP. The telco had a policy against giving out this type of information. But the activity monitoring they were doing indicated that a few operators were getting calls directly to their numbers and they were accessing multiple customer records during that call. This led to finding the insiders that were actually taking money for leaking customer information.
The first chapter of “Enemy at the water cooler” has a section titled “Cyber crime and cyber criminals 101” which struck me as the best depiction yet of what has occurred in recent months to change the security game.