One person with an administrator password and access to critical systems can cause chaos within a business.

The time has arrived to crack down before something really sensitive gets compromised.

Back in September, a simulated remote attack on an electrical generator left the machine a smoldering wreck.

With enough access to such critical systems, one person could cause a lot of damage.

Multiply that potential by the national power grid, and you get the kind of responses CNet cited from Rep. Jim Langevin (D-R.I.), who wants much more stringent controls and security standards for the nation’s infrastructure.

On the topic of infrastructure, Xceedium CEO Cheryl Traverse said in a chat with SecurityProNews the real threat comes from the high risk users who can touch many parts of an enterprise system.

Administrators, developers, and anyone whose access rights cross systems and structures poses a risk.

Traverse claimed 86 percent of internal attacks come from insiders or outside people brought in and given too much access.

It’s a situation that her company believes it can address through technology.

In this case, infrastructure virtualization will serve to compartmentalize what people can see in the system, limiting them to where they are authorized to be.

Traverse said the control takes place at the socket layer, so if an insider tries to jump from an authorized place to an unauthorized one, that access will be stopped.

Various tracking tools show what people do in the system.

Traverse noted that reporting functions will show compliance with established policies is in effect, an important piece of the compliance puzzle for publicly traded firms in particular.

Corporate losses to insider actions should make Xceedium and competitors that will certainly follow a business decision to be considered.

If the technology can work on a practical level as advertised, its benefits should outweigh the costs of implementation and ongoing monitoring needed to benefit from it.

More: continued here

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!


This entry was posted on Tuesday, November 6th, 2007 at 1:11 am and is filed under Internet Security News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.