From: InformationWeek/DarkReading
SANS report shows gaps in insider detection and response.
Enterprises today are still on their heels when it comes to preparing for insider attacks. A recent survey conducted by SANS Institute on behalf of SpectorSoft shows that while organizations are gaining awareness of the risks, they still lack visibility and response planning into threats coming from the inside.
***
SANS reports that the primary focus on insiders has been on detection rather than prevention. The survey showed that the most leaned-on tool for detection is an internal audit, followed by network monitoring, centralized log management and SIEM tools. However, in spite of these tools, only about 10 percent of organizations said they could detect an insider attack within an hour.
Leave a Reply