Greg Stephens - Mitre
Feb 03, 2010
Download: MP4 Video
Watch in your Browser
Watch on YouTube
Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if access controls are set properly, they don't protect against rogue employees who legitimately need to access sensitive information. Since 2002, researchers at MITRE have investigated methods for detecting insiders who misuse their legitimate access to steal information. A three-year, internally funded research effort developed and evaluated a research prototype of a system called Elicit (Exploit Latent Information to Counter Insider Threats) to help analysts identify insider threats. Work on Elicit prompted a team of engineers and social scientists to experimentally explore how malicious insiders use information differently from a benign baseline group. This talk presents results from the research prototype evaluation, discusses preliminary results from the double-blind study of malicious insiders, and offers some essential aspects for detecting insider threats gleaned from these efforts.
About the Speaker
Since joining MITRE in 2001, Greg has been consulting and researching in the area of enterprise security operations. His areas of expertise include security operation center (SOC) architecture and management, the effective implementation of intrusion detection and audit systems, and the effective use of security information management systems (SIMs). Since 2003, his focus has been on detecting insider threats. He led successful R&D efforts within MITRE and for the Institute for Information Infrastructure Protection (I3P) that yielded an effective, novel detection approach and significant insight into insider threat behavior. He is currently extending his insider threat research, adapting it for cyber threat detection.
Prior to joining MITRE, Greg helped architect the managed security monitoring service provided by Counterpane Internet Security and managed the security of a mid-sized defense contractor.
Greg holds a B.S. in Materials Science from U.C. Berkeley and an M.S. in Information Technology from George Mason University.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...