CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Detecting Insider Theft of Trade Secrets

Greg Stephens - Mitre

Feb 03, 2010

Size: 429.3MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if access controls are set properly, they don't protect against rogue employees who legitimately need to access sensitive information. Since 2002, researchers at MITRE have investigated methods for detecting insiders who misuse their legitimate access to steal information. A three-year, internally funded research effort developed and evaluated a research prototype of a system called Elicit (Exploit Latent Information to Counter Insider Threats) to help analysts identify insider threats. Work on Elicit prompted a team of engineers and social scientists to experimentally explore how malicious insiders use information differently from a benign baseline group. This talk presents results from the research prototype evaluation, discusses preliminary results from the double-blind study of malicious insiders, and offers some essential aspects for detecting insider threats gleaned from these efforts.

About the Speaker

Since joining MITRE in 2001, Greg has been consulting and researching in the area of enterprise security operations. His areas of expertise include security operation center (SOC) architecture and management, the effective implementation of intrusion detection and audit systems, and the effective use of security information management systems (SIMs). Since 2003, his focus has been on detecting insider threats. He led successful R&D efforts within MITRE and for the Institute for Information Infrastructure Protection (I3P) that yielded an effective, novel detection approach and significant insight into insider threat behavior. He is currently extending his insider threat research, adapting it for cyber threat detection.

Prior to joining MITRE, Greg helped architect the managed security monitoring service provided by Counterpane Internet Security and managed the security of a mid-sized defense contractor.

Greg holds a B.S. in Materials Science from U.C. Berkeley and an M.S. in Information Technology from George Mason University.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.