In the movie Men In Black, appearances often prove deceiving. Sometimes the most normal and innocent looking individuals turn out to be dangerous attackers.
Likewise, in any enterprise, it isn't always easy to spot the 'bad guys'. The person sitting directly across from you could pose a serious threat to the company, even without meaning to. It could be simply someone who is curious about the salaries of the organization's top executives, a curiosity that compels him or her to try to gain access to the corporate financial systems.
CIOs have the daunting responsibility of planning against every type of digital attack, whether its origin is from a malicious entity outside the organization or from Pat in accounting. This challenge is compounded by the fact that many CIOs are so focused on how technology is helping run business operations that they are not aware of chinks in their network access-control armor.
While ensuring that employees have access to the critical information that enables them to do their jobs, are CIOs inadvertently allowing them to access information not meant for their eyes? That's a difficult question to answer. Each day, an organization can log thousands of transactions - a recording of every single transaction that takes place between the company and its constituents and the resources within its network. For IT to track each transaction to determine if it is malicious or legitimate would slow network traffic to a crawl and impact productivity.
A prudent way for CIOs to monitor risks is for them to intimately understand the nature of traffic that typically flows through their networks on a day-to-day basis and create a profile or baseline of good traffic.
By monitoring traffic against this profile and taking an anomaly-based approach to flag abnormal traffic, a CIO can lower the risk of anything "out of the ordinary" going undetected on the network - e.g. Tony in Shipping and Receiving attempting to gain access to the Research and Development database.
A CIO has a few conventional signature-based options to help protect the network from malicious attacks. These include:
1. Setting limits on the amount of traffic that can pass through a network's routers. While this throttling back of traffic can mitigate malicious attacks, it significantly slows down the network, and therefore productivity. And worse, because it can't tell good traffic from bad, it runs the risk of blocking out legitimate requests. If you run an online retail site and it's the day after Thanksgiving, traditionally one of the busiest shopping days of the year, you don't want to lock anybody out of your online store or even make them wait too long in line.
2. Setting generic parameters using filters from your router. Because routers were designed to route traffic their access control lists are not very effective as filters.