By John Wald
The retention of Intellectual Property (IP) is critical for companies to maintain a competitive advantage in the digital age. The ideas and services a company provides need to be protected from loss through digital intrusion. Data storage costs have continued to plummet and allow companies the ability to maintain more data and monitor systems through concepts such as Network Security Monitoring (NSM).
In the past, security systems were geared toward trying to keep attackers out by creating a fortress around the system and sifting through log information to find a past intrusion, but now with the number of devices and connection methods for access it is critical to know who is on the system and what information they accessed. NSM allows a better picture of the overall system because of the amount of data which can be stored, so rather than looking for a needle in a haystack; a security analyst can follow the trail from beginning to end and start to have a complete picture of the intrusion.
While there are no magic bullets, NSM provides an opportunity for employees to monitor mountains of data with visual dashboards that can provide timely alerts. While these systems – like any others – are only a component and should not be relied on for protection, it still requires skilled employees to recognize the validity of the alerts and follow the trail to determine if information was removed from the system or packages such as malware were left behind for future attacks.
NSM provides a link between real-time packet capture and storage of logs where the employee may only be able to understand a few pieces of the puzzle, where NSM gives them a more complete trail to follow because the information can be sorted and sifted. Even with the ability to store increased amounts of network traffic, there are still limits based on fiscal constraints. Is it a reasonable expectation to store every transaction on the network? The answer would certainly be no.
Risk analysis enters the framework to identify important IP information which makes the company competitive in their given marketplace. Information Technology employees must work collaboratively with business operations to provide a complete risk assessment so appropriate levels of protection can be allocated. After an evaluation of the current risks to identify key assets, business and fiscal decisions can be grounded in data to make a compelling case for funding needs, along with the ability to identify areas that may become priority areas in the future.
As identified in the following technical report (http://www.sei.cmu.edu/reports/12tr008.pdf), Insider Threat is a key component to be monitored by NSM. It outlines the fact that most IP information is stolen from the company in the last 30 days of employment. With the current model of business using contractors to minimize costs, it is not just the regular employees of the company that must be monitored. Contractors are granted access to the network and could sell that critical IP which erodes at the company’s competitive advantage.
Profit margins in the digital age are razor thin and Edward Snowden was an extreme case of information being accessed by a contractor, yet it shows that even an entity like the NSA which has numerous protections and controls in place to monitor information can still be compromised. It should be assumed by leadership that any IP information stored digitally can be accessed and stolen from the company.
Although storage of information can help analysts quickly sift through vast amounts of logs and data, it can create additional complications with compliance issues. In a recent article by Dark Reading (http://www.darkreading.com/management/how-enterprises-can-use-big-data-to-impr/240157674), it begins to explore how big data can provide an opportunity but also create other issues. A detailed report can be found at the bottom of the article and accessed by filling out the registration. Some of the questions asked are what type of information will now be captured, and if it is Personally Identifiable Information (PII), will it cause larger problems by not complying with existing laws for the protection of this type of data?
Increased storage opportunities will create better protections by providing improved analytical information for decision making, but it is not a substitute for the talent needed for prioritization. IP will continue to be a commodity in the digital age, so companies must plan for the inclusion of tools which can analyze and make sense of massive amounts of big data in near real-time. NSM can play a role in protecting these assets if supported and applied using risk analysis in an efficient and timely manner that is able to adapt to the organization’s needs.
John Wald is a Project Manager and Team Leader at the Maryland Department of Natural Resources. Mr. Wald received a MS in Cybersecurity from UMUC in 2012 and is actively seeking a technical or Product Manager position. Acquired skills over the years are in fostering relationships with diverse groups to seek common goals while keeping the bottom-line front and center.