Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Saudi Arabian Oil Cyber Attacks and the Insider Threat

Arbor Networks : 10 September, 2012  (Technical Article)
Arbor Networks explains the connections between network traffic and user identities and how this could have affected the recent attac on an oil company in Saudi Arabia
Saudi Arabian Oil Cyber Attacks and the Insider Threat

In relation to the news that there is speculation about insider involvement in the recent cyber-attacks on Saudi Arabia's national oil company last month, Darren Anstee, Solutions Architect Team Lead at Arbor Networks, has the following comments:

“The Saudi Aramco attack demonstrates why enterprises need network-wide situational awareness to protect themselves from todays’ complex security threats.  

“Organisations need to monitor the traffic on their networks, and associate that traffic with user identities, so that they can establish a baseline of who uses which systems, when and how often.  With this kind of information organisations can monitor the health of their critical business applications, monitor user activities against acceptable use policy and detect malicious insider behaviours and compromised devices before a security breach occurs. Solutions that can track the network conversations made by each network user can be used to harden and segment networks, to proactively prevent unauthorized access to confidential information and prevent known, unknown and zero-day attack vectors from getting a foothold.

“In this particular case a solution of this type may have allowed Saudi Aramco to detect unusual traffic patterns, unusual user access to systems, data exfiltration or other network behaviours which might have been indicative of the virus as it spread – allowing them to react more quickly and minimise the impact of the incident.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo