Insider security threats pose as much of a danger to corporate networks as hacker attacks. And to make matters worse, IT administrators aren't doing enough to guard against these internal threats, according to the CEO of a security start-up.
Don Massaro is the CEO of Reconnex, a network security appliance company based in Mountain View, Calif. Reconnex' product is designed to allow administrators to actually see information flowing across the corporate network. And once managers can see where the traffic is flowing from, as well as where it's going to, they can plug up both accidental leaks made by innocent employees and they can weed out employees with malicious intent.
And the threat from someone inside the company is staggering.
In a survey of 138 Fortune 1,000 companies, executives reported losses between $53 billion and $59 billion due to insider attacks. The survey, jointly done by PricewaterhouseCoopers, ASIS International and the U.S. Chamber of Commerce, also showed that 40 percent reported incidents of known or suspected losses of proprietary information.
Massaro says IT administrators and CSOs need to focus more on the people within the walls of their own companies.
Investing his own money in the venture, Massaro started Reconnex in 2003. Today, with backing from two VC firms, the company is shipping Reconnex G2 Content Analyzer, a network appliance that sits behind the firewall either on a passive tap, router or switch to analyze objects, rather than packets of information, moving on a network.
A self-described serial entrepreneur, Massaro is no stranger to high-tech business. This past May, he was the first to be named ''CEO of the Quarter'' by Trusted Strategies, an analyst firm in the security arena.
In a one-on-one interview with eSecurityPlanet, Massaro discusses what he claims will be the next paradigm shift in the security industry -- a shift that he says will save companies millions of dollars in financial losses.
Q: Your latest venture involves addressing insider security threats. What types of attacks are we talking about?
If you look at major security breaches, most of them start on the inside. Most of them are accidental -- that's to say you have good employees who are well intentioned but they make a mistake. As result of that, confidential information and intellectual property leak out... Anytime knowledge gives companies competitive advantage, it has a financial effect on that company sooner or later.
Most instances are accidental but we do have cases where employees are being malicious for their own gain to sell proprietary information and even cases of cyber terrorism.
Q: What is missing from companies' security portfolios?
There are about 700 companies in the security space. Almost all are concerned with perimeter protection. They're making an assumption that the bad person is on the outside and they're trying to protect their network from that. So products like firewalls, intrusion detection systems, virus detection systems, spam filters, authentication authorization systems are for perimeter protection. Our product is the opposite of that. We don't replace any of these. We sit behind the firewall and look at everything moving outside of the firewall. We look for any proprietary or confidential information leaving the network.
Q: How does the product work?
We look at the objects moving over the network. We don't care about packets. We care about what's in the PowerPoint, Excel or PDF file. We analyze all of those objects flowing out of the network and search for intellectual property being transmitted.
Q: What sort of challenges do administrators face monitoring their own colleagues?
A company has the right to monitor their network like they have the right to monitor their phones, so it's not a legal issue. But they are sensitive to the fact that they're monitoring their employees. They do notify their people about that. The biggest challenge is identifying what is confidential or intellectual property and what is not... Information is all over the place. We see a lot of source code going out.
Q: What should a CIO or CSO be most concerned about in terms of security?
It depends on what industry you're in. If it's financial services, you better make sure you're in compliance with the laws out there. The technology companies are doing a lot of outsourcing offshore to India and China, and want to monitor any intellectual leaks out there. So the security hot button really depends on what industry you're in.
CEO Warns Threats are Coming from the Inside
