In its 2011 Data Breach Investigations Report, Verizon Business reported that 17% of all data breaches in 2010 were due to internal agents. It is true that represents a relative decrease of 31% compared to 2009, but this is mainly due to the exploding number of breaches having external agents as an origin (+22%), which is not a surprise. The bottom line is that the absolute number of such internal breaches didn’t change much over the last couple of years, meaning that you still have to pay high attention to this phenomenon.
Not all of the insider breaches are deliberate although according to Verizon they do count for 93% of all them. The rest is due to awkward, thoughtless or untrained employees, making mistakes and acting inappropriately. Let me give you a quick example. Let’s consider an employee working time to time from home using his company laptop. Because this is a company rule, he gets connected to his organization’s network through a SSL/VPN session, ensuring both confidentiality and integrity. Establishing such secured connection is the only way for him to get access remotely to his company resources, so he doesn’t have the choice actually. Furthermore, a host checker scans his laptop, making sure notably that nothing malicious is present before the VPN session is established, and also that nothing infects his machine during the session. Some while later our employee has done with his work and wants to quickly book tickets for a concert. As a conscientious person, and because this is for private usage, he terminates the SSL/VPN session and browses the Web from his laptop. And then guess what ? Just his luck ! His machine gets infected… No host checking running in background anymore, no significant evidences that something went wrong, and the result is you end up with an infected host without being aware of it at all. The next morning our employee returns to his office, bypasses all the most proven firewalls and other detection systems, and re-connects naturally his laptop to the network. Because there is no specific local access control mechanism in place, right after the laptop has been switched on, the malicious code is spread across the entire organization, causing major damages.
Can we really blame this employee? Did he adopt a risky posture? Did he act carelessly? Probably not. We could eventually make him aware of this risk, give him some extra training, but that’s more or less it. No, the reality is that it is the IT organization’s responsibility to put in place a system mitigating this type of risks.
Another interesting element highlighted in the Verizon report is that you don’t need super user’s privileges to deliberately steal data or to cause major problems on the network.
So what’s the challenge here? Traditional security assumed that the threats which enterprises needed to protect against came from somewhere outside of their network. As a result, security deployments focused mainly on providing perimeter-based protection. And this where we begin to weaken, as the insider threat opens up a whole new attack vector which completely bypasses the perimeter security strategy, so strong could it be, as my little example above has demonstrated it.
Another factor that must be seriously considered is the proliferation of smart phones and tablets we can observe now. By nature these new devices are meant to be used first and mainly on the public domain, but also more and more on the internal network (known as the BYOD effect). This multiplies then the risk of bringing malicious codes into your organization.
Whatever is the cause of the insider threat – good employees unknowingly doing bad things or bad employees exhibiting bad behavior – and regardless of the motivation behind an employee committing the threat, the results can be devastating to your organization. The remedy consists of putting in place a comprehensive solution to address and mitigate these insider threats, by notably:
Keeping critical data safe and secure
Ensuring that only the “right” people can access sensitive applications and data
Protecting your network, applications, users and data from contamination
and safeguarding your business and reputation.
The good news is that Juniper Networks has done the heavy lifting when it comes to securing your business against the insider threat. We can deliver this comprehensive security approach with our Adaptive Threat Management and Network Security Access Control solutions. The key features and benefits are:
Ensure that only the “right” people can access the network, sensitive applications and data by verifying the identity and role of individuals and devices before they are allowed access to the network, applications, and data
Prevent infected devices from accessing and contaminating the network
Detect anomalous or malicious behavior on a network, and taking fast, explicit action before the threat can proliferate
Log and report on who is accessing specific applications, when, and from where, simplifying insider threat tracking.
This will ensure a global identity aware networking, both for local and remote users, users that could be employees, partners, contractors, and guests – just to name a few – and using any kind of devices and accessing from anywhere.
Just a suggestion: try to apply my little example to your own organization and see what the result is. If you come to the conclusion that your existing security defense cannot effectively stop such insider threat, there is a matter of urgency to take some quick actions. Otherwise you expose yourself and your organization to major risk.
Imagine your company’s name being inserted in this headline: “Data Breach at (name) results in 3 day business outage costing millions”
And this is not going to decrease over time with the big BYOD wave surging these days. Finally, don’t expect your users to always behave appropriately – they are just human beings…
Ben has been working with service providers around the world for the last 15 years developing business cases for a variety of product concepts and new ventures.
Ben holds an MBA from MIT and a BS & MS in Mechanical Engineering from Johns Hopkins University.
A Marketing and Business Development professional with 24 years extensive Sales/Business Development, Marketing and Technical experience in the Networking/Telecoms/Datacomms and Mobile market segments, focused on selling to Service Providers.
Fomerly VP Marketing at the Metro Ethernet Forum (MEF)
David Noguer Bau is the head of Telco Vertical Marketing at the SP Strategic Marketing team in Juniper Networks. He has extensive experience in Service Provider network evolution and regularly runs executive sessions with technical and marketing teams of important telecom operators to accelerate the adoption of virtualisation.
David is based in Barcelona and has over 15 years of experience in the telecommunications sector. Prior joining Juniper Networks, Mr. Noguer Bau spent seven years at Nortel where he was a Business Development Manager specializing in Carrier Ethernet and Broadband areas. Before Nortel he worked at Eicon-Dialogic as Technical Manager in Spain. David has been the Country Marketing Chair at Metro Ethernet Forum for Spain.
Mr. Noguer has wide experience speaking at international Conferences. He was graduated as Computer Engineer by Universitat Autonoma de Barcelona (UAB) and has an executive MBA from EADA Barcelona and executive education at the Thunderbird School of Global Management (Arizona) and the Henley Business School (UK).
The views expressed here are my personal opinions , have not been reviewed or authorized by Juniper Networks and do not necessarily represent the views of Juniper Networks.
I’ve been 29 years in the industry, first as a trainee IBM operator at Barclays Bank, later starting my own business which was ultimately acquired by French listed company EasyVista – [giving me great insight into working as part of an internationally focused company alongside organisations like Reuters, UBS Warburg, GlaxoSmithKline and London Electricity].
I am Sales & Marketing Director at Netutils – a specialist IT Networking and Security solutions provider. My passion continues to be making enterprise more efficient via the intelligent deployment of technology, with a view to delivering real value for my clients.
Donyel Jones-Williams is Senior Product Marketing Manager overseeing SDN and Core Service Provider Product line for Juniper Networks. In this role, he leads all of the internal and external marketing activities for T-Series, PTX, IP/MPLSView and NorthStar SDN Controller.
Prior to joining Juniper Networks in January 2014, Donyel was a Senior Product Line Manager for Cisco Systems with in the High End Optical Routing Group managing product lifecycle for multiple products lines helping telecom providers operate efficiently and effectively including; ONS 155xx Product Family, ONS 15216, ONS 15454 MSTP, Carrier Packet Transport Product Family, ME 2600x, & ASR 9000v. He also negotiated favorable agreements with 3rd-party vendors furnishing components and parts and conducted both outbound and inbound marketing (webinars, case study-development, developed and delivered both business & technical at Cisco Live 2005-2012).
Donyel graduated from California Polytechnic State University-San Luis Obispo with a Bachelor of Science in Computer Science. While attending Cal Poly SLO he was a collegiate student athlete playing football as a wide receiver and a key member of the National Society of Black Engineers. Donyel is now an active volunteer for V Foundation.
With 20+ years of global IT management experience, Gary Clark oversees all technology services to support 9,600 employees at Juniper Networks, a $4.5 billion networking innovator with operations spanning 123 offices in 47 countries. Prior to Juniper, Gary held senior IT management roles at BlackRock/Barclays Global Investors and Deutsche Post/DHL.
Senior Systems Engineer for NEC NZ. Focused on Juniper Networking equipment, SDN and NEC compute platforms. Busy studying for the JNCIP-SP and ENT.
Outside of work I enjoy the great outdoors: Mountaineering, Bouldering, Rock or Ice climbing, Tramping (hiking to non-Kiwis) and Snowboarding.
I have been in the networking industry for over 30 years: PBXs, SNA, Muxes, ATM, routers, switches, optical - I've seen it all. Eleven years in the US, over 20 in Europe, at companies like AT&T, IBM, Bay Networks, Nortel Networks and Dimension Data. Since 2007 my focus has been on services at Juniper: support services, professional services, service automation. Our market is characterized by amazing technological innovations, but technology is no use if you cannot get it to work and keep it working. That is why services are so exciting: this is where the technology moves out of the glossy brochures and into the real world!
Follow me on Twitter: @JoeAtJuniper
For more about me, go to my LinkedIn profile: http://fr.linkedin.com/pub/joe-robertson/0/4a/34a
Jon joined Fujitsu UK&I as Chief Technology Officer in January 2011 from the public sector, where he was Chief Information Officer, Transformation Director and SIRO at the Valuation Office Agency. Prior to this he was Her Majesty’s Revenue and Customs’ first Chief Technology Officer, leading the integration of the former Inland Revenue and Customs & Excise organizations.
His roles in both organizations drove out savings in excess of £600m, as well as bringing about significant technology transformation, building high performing teams in the process.
Jon was a founding and core member of the UK Government Chief Technology Officer Council and recruited and led a team creating Public Services Network, XBRL mandation and cross government channel strategy.
Jon’s client side board level experience is built on 11 years at Accenture, with clients including Barclaycard, Legal & General, BP, Castrol and BG Group.
Jon now leads the UK & Irelands 1,200 strong Architecture Community, driving standard solutions, reinforcing rigorous re-use and a collegiate collaborative community and culture, leading with courage and conviction.
Jon is a firm believer in the 4Ps – Pace, Passion, Pride and Professionalism. He is a Chartered Engineer, Fellow of the British Computer Society, founding Fujitsu Fellow and a member of the Advisory Board for AppDynamics.
I'm a Distinguished Systems Engineer at Juniper Networks. My main technical interests are routing protocols, MPLS, PCE/WAN Controllers, automation, and optical integration. Before joining Juniper Networks in 1999, I worked at BT for several years, at first in the Photonics Research Department and later in the data transport and routing area. I have a PhD in ultrahigh-speed optical transmission and processing and an MA in Physics, both from Cambridge University. I co-authored the book "MPLS-Enabled Applications: Emerging Developments and New Technologies", with Ina Minei. The book is now in its third edition.
Marcel Wiget is Consulting Engineer Specialist and member of the Advanced Technology team for EMEA. His career within Juniper started back in 2009 as a Senior Systems Engineer driving one of the first MX based Broadband Edge deployment to success. Prior to Juniper, Marcel held various positions in pre-sales, professional services and development at Chantry Networks, Spring Tide, Nortel Networks and Wellfleet.
I love the intracacy and intimacy of succesful communications. Why and how people engage with each other is fascinating. I am also consumed with the way IT changes behaviours, values and expectations in society.
I bring this sense of wonder to my role in EMEA Service Provider Marketing Programs at Juniper Networks.
Down time: My passions are music, reading, politics, Derby County and playing the guitar (and the harmonica).
You can follow me elsewhere:
my personal blog: http://neilpound.tumblr.com/
my LinkedIn account: Neil Pound
I am one of a small team of Network Engineers working for Lumison Ltd, a UK ISP/MSP based in Edinburgh, Scotland. I have been with the company for almost 6 years moving from frontline support to the Managed Services team dealing with customer network design and implementation before talking up the role of Network Engineer. As well as the JNCIE-ENT certification.
I am currently a Sr. Product Marketing Manager specializing in Juniper's Security Portfolio in the Service Provider industry. I am an experienced senior technical leader, technical marketing engineer, solutions architect, and product marketing manager with over 20 years of Internet and Enterprise industry experience developing solutions from scratch often in relation with business units and technology groups, my projects ranged from product, solution, and technology development to corporate technology strategies. I have strong analytical skills and I am able to crunch and articulate complex technology to a variety of audience knowledge levels. I possess a deep hands-on technology and business knowledge of Service Provider and Enterprise architectures with deployment hands-on skills. I also bring a unique perspective of open source philosophy, including but not limited to open innovation, software development methodologies, open source monetization and business models, and licensing and compliance in software integration. I am a strategic leader with proved ability to empower a team to improve their product, themselves, their team, and our company’s market position.
An inspirational marketing leader working across the entire marketing mix to transform brand into business value, activity into results and thought leadership into measurable pipeline. You can follow me on Twitter at @PaulGainham
I have been at Juniper Networks since 2004, focused on Corporate Communications (media relations, analyst relations, customer reference progam) for the Europe, Middle East & Africa region.
I have worked in the networking industry since 1988.
Raghu Subramanian is VP of Sales Engineering for Asia-Pacific at Juniper Networks. Prior to this, he has served Juniper as chief strategist for the security business, product evangelist to channel partners, and product manager for M-series routers.
In past lives, Raghu was a chip designer at Hewlett Packard, and an R&D manager at a start-up acquired by PMC-Sierra.
Raghu has an MBA from the MIT Sloan School of Management, Ph.D. in Computer Science from the University of California at Irvine, and a B.Tech.in Electrical Engineering from the Indian Institute of Technology at Kanpur. In his spare time, he enjoys reading non-fiction, coaching kids for the Math Olympiad, and traveling with his family to other countries to learn about their ways.
Russell is the global leader of the Advanced Technologies team specializing in Data Center Virtualization and Automation. Russell leads the team that provides Juniper’s major customers with solutions to provide the network underpinnings for highly virtualized and automated data centers.
Stephen is currently a Partner Acccount manager at Juniper Networks, and has held this role for 3 years. Prior to Juniper, he worked at Extreme Networks for 11 years in a variety of roles.
Stephen is a Father of 3 children, a keen cricket fan and enjoys cooking, reading and theatre in his free time.
Stephen Liu is Senior Director of Product Marketing for Juniper Networks. In this role, he leads product marketing for Juniper’s industry-leading service provider portfolio of high-performance routing and switching products. These products include Juniper PTX Series, T Series, MX Series, and ACX Series platforms along with software and security.
Prior to joining Juniper in 2013, Stephen served as Director of Service Provider Marketing at Cisco Systems. In that role, he led product and solution marketing worldwide for the service provider routing, switching, optical, and software portfolio. Products included NCS, CRS, ASR, and ONS platforms.
Stephen attended the University of California, San Diego, where he received a bachelor’s of science degree electrical engineering – communication systems.
Hobbies include restoring old Volkswagens and coaching competitive youth soccer. He is based in Sunnyvale, California.
About Stuart Borgman, Business Systems Architect
Having spent many years in the telecommunications and networking industry, I understand just how complex networking technology can be, and equally, just how important it is for today’s fast-moving business.
Making the right IT choice for any organization is paramount, especially when it is helping drive business strategy. In my role at Juniper, I’m committed to helping all organizations plan and design their IT systems to make sure that each part works together to fully meet the needs of the business. Together with my colleagues in Professional Services, our aim is to ensure that all you need focus on is your business strategy, not the technology.
I'm currently working on a number of Service Provider projects focusing on Identity Management. These range from Mobile Operator WiFi offload projects & 3G SCADA device management to broadband authentication encompassing quota and service management for P2P and video traffic control.
I have over 15 years progressive experience designing complex RADIUS platforms to meet the demands of the most multifaceted businesses. One of the most successful projects focused on the consolidation of 22 separate RADIUS platforms spread over a large estate onto a single pair of RADIUS servers, offering the same functionality and business logic as the prior estate.
In addition I have spent a number of years observing and implementing solutions for the enterprise space in the BYOD and NAC market. It's a keen area of interest for me as it combines the whole concept of identity management and business needs together. My largest project in this space was for a UK company with global offices providing a NAC solution for over 200 sites, with over 150,000 staff.
Over the last 10 years Netutils have invested heavily in developing a technical team to support me and the business on these key areas. I strongly believe that a solution designed by Network Utilities should be the right solution technically and commercially for the customer, so my over-riding focus is on customer satisfaction. This follows on in the technical support service the Netutils team offer post implementation.
Not making tea, NAC, RADIUS, Quota Management, Diameter, full life cycle of the subscriber management. Working with large organisations taking a concept through to delivery around identity management whether authentication or Quality of Service.
An accomplished network engineer with 14+ years’ experience, and a Juniper employee since 2004, Tony leads the IT team focused on deploying “Juniper on Juniper”, using Juniper technology to run the business and deliver core business services across the enterprise. Tony holds a double JNCIS certification in Enterprise Routing, Security (JNCIS-ER, JNCIS-SEC) and a BS degree from California Polytechnic State University. Outside of work, Tony serves on a School Advisory Council, loves biking and good coffee.
Zoe Sands is Head of Digital Marketing at Juniper Networks and is responsible for digital marketing and social media across EMEA. She is an experienced Digital Marketer since 1997 with PRINCE2 practitioner status, during this period Zoe has successfully launched many new online innovations for Juniper Networks, Cisco, Dialogic, the Chartered Institute of Marketing (CIM) and Hyundai, including content managed and e-commerce based websites to integrated social media programmes. She has International exposure running projects globally, regionally and at a country level.
Zoe’s approach is to create an environment where those around her can share her passion for the Internet and the opportunities it presents. She says sharing knowledge, championing and communicating the benefits of digital capabilities enhances both the user experience and offers additional online communication channels and business opportunities. Zoe has a blog ‘Learning and sharing...’ to share her experience of all things online marketing, social media, chat online, SEO, SEM and mobile related content. You connect with Zoe via LinkedIn or find her on Twitter: @zoe9 and @ZoeSands.