http://gcn.com/articles/2011/11/17/oak-ridge-lab-stop-insider-exfiltration.aspx By William Jackson GCN.com Nov 17, 2011 Researchers at the Energy Department’s Oak Ridge National Laboratory are developing a tool to identify malicious insiders and stop them from sending sensitive information outside the enterprise. The system, which is being tested in a lab environment, uses a host-based agent to “learn” a user’s behavior and to look for anomalous behavior or other signatures, said computer scientist and project leader Justin Beaver. “It turns out there is a lot of data on each host you can leverage if you know what to look for,” Beaver said. He said his team’s work has demonstrated that profiles of normal behavior can be built from low-level system data on a user’s computer over a relatively short time and that signatures for exfiltrating data can be recognized. The system responds to these events by seamlessly switching the malicious user to a honeypot environment where he is isolated from data but his actions can be studied. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Fri Nov 18 2011 - 02:05:55 PST
This archive was generated by hypermail 2.2.0 : Fri Nov 18 2011 - 02:07:55 PST