Detecting Insider Theft of Trade Secrets
Greg Stephens - Mitre
Feb 03, 2010Size: 429.3MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractTrusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if access controls are set properly, they don't protect against rogue employees who legitimately need to access sensitive information. Since 2002, researchers at MITRE have investigated methods for detecting insiders who misuse their legitimate access to steal information. A three-year, internally funded research effort developed and evaluated a research prototype of a system called Elicit (Exploit Latent Information to Counter Insider Threats) to help analysts identify insider threats. Work on Elicit prompted a team of engineers and social scientists to experimentally explore how malicious insiders use information differently from a benign baseline group. This talk presents results from the research prototype evaluation, discusses preliminary results from the double-blind study of malicious insiders, and offers some essential aspects for detecting insider threats gleaned from these efforts.
About the SpeakerSince joining MITRE in 2001, Greg has been consulting and researching in the area of enterprise security operations. His areas of expertise include security operation center (SOC) architecture and management, the effective implementation of intrusion detection and audit systems, and the effective use of security information management systems (SIMs). Since 2003, his focus has been on detecting insider threats. He led successful R&D efforts within MITRE and for the Institute for Information Infrastructure Protection (I3P) that yielded an effective, novel detection approach and significant insight into insider threat behavior. He is currently extending his insider threat research, adapting it for cyber threat detection.
Prior to joining MITRE, Greg helped architect the managed security monitoring service provided by Counterpane Internet Security and managed the security of a mid-sized defense contractor.
Greg holds a B.S. in Materials Science from U.C. Berkeley and an M.S. in Information Technology from George Mason University.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.