The Defense Advanced Research Projects Agency (DARPA) has launched a project for detecting and responding to insider threats on Department of Defense networks.
Under the Cyber Insider Threat (CINDER) Program, DARPA will explore new approaches for improving the speed and accuracy of insider threat detection. The agency last week sought proposals for ways to identity hostile insider activity by monitoring specific user and network behaviors.
In the initial stage of the project, the goal is not necessarily to develop new ways of detecting individual malicious insiders themselves. Instead, DARPA hopes to figure out the tell-tale signs and network activities that organizations should monitor to accurately detect malicious activity.
“If we were looking for the insider actor himself, we might not detect someone who performs a single, isolated task and we run the risk of being inundated with false positives from events being triggered without context of a mission,” DARPA said. “To this end, CINDER starts with the premise that most systems and networks have already been compromised by various types and classes of adversaries. These adversaries are already engaged in what appear to be legitimate activities, while actually supporting adversary missions.”
In the next two phases of the three-part CINDER effort, DARPA will develop systems that can monitor networks and user activity and spot malicious activity more quickly.
From ComputerWorld: http://www.computerworld.com/s/article/9183238/DARPA_launches_insider_threat_detection_effort_for_military
At any moment, your organization could be seriously compromised by the actions of a single employee – working in the office, on the road, or from home. While billions of dollars are spent each year on security hardware and software, most data breaches are based on the weak link in the security chain: people. Despite lip service paid to the importance of information security, major breaches are still occurring in organizations large and small. A report from consultants PriceWaterhouseCoopers says that organizations should make employees their first line of defense against potential information security breaches.