1000words - Fotolia

Catfish, super users and USB drives: We do the math

The data science that reprogrammed Wall St. trading models may offer lessons for security.

Our industry often looks to the financial services industry for the state of the art in information security programs and emerging security technology. But even in a world driven by money, the human factor remains a riddle.

In the puzzling case of Wall Street programmer Sergey Aleynikov, it's not the code that he encrypted and downloaded to a subversion repository that's surprising. It's that even after giving his resignation notice to his employer, Goldman Sachs, he retained his privileged administrator status, something granted to roughly 45 employees at the time, according to a Vanity Fair report by Michael Lewis who covered the story. This "super user" continued to work for Goldman for six weeks after telling his employer that he was leaving to join a frequency-trading startup. The security team didn't notice that source code related to Goldman's high-frequency trading platform had been downloaded numerous times and, in some instances, copied to a USB drive until months after he left the company. 

That was in 2008. But, in many organizations, not all that much has changed. Simple precautions that all companies should practice fall by the wayside when the human factor (whose responsibility was it to revoke Aleynikov's "super user" status, and why wasn't the security team paying closer attention to his actions?) become part of the equation, even when there are millions of dollars at stake.

The data science that reprogrammed Wall Street trading models -- mathematical algorithms that automated and speeded up the trading process with limited to no human intervention -- is slowly making its way into security technology, however. As machine learning and Hadoop-based architectures unleash more automation and computational power, security analytics may increase the odds of finding rogue insiders or IOCs in a haystack of log, intelligence and contextual data. Of course, if no one really understands these models outside of data scientists and a few elite programmers (the issue at Goldman) that may pose a problem.

As machine learning and Hadoop-based architectures unleash more automation and computational power, security analytics may increase the odds of finding rogue insiders.

One area that's receiving renewed focus is user behavior analytics (UBA), as I report in my article this month about the growing urgency of tracking user credentials and insider threats. As UBA technology has improved, several vendors have introduced innovative approaches to an age-old problem: monitoring individuals' data and their activities once inside the network -- a challenge that gets even harder with a sprawling workforce that uses countless company- and employee-owned devices.

Automated remediation is also playing more of role in endpoint detection and response. As technology journalist Steve Zurier reports, finding the right mix of tools is helping some organizations find better workflows, quicker remediation and move closer to the tipping point for automated incident response. In an odd twist of fate, he interviewed the CSO at telecom IDT Corp., Aleynikov's employer before Goldman.

Finally, our cover story this month looks at malware and how it has adapted to virtual machines (VMs). Longtime contributor Dave Shackleford explains the technicalities and notes that many companies are more likely to have VMs infected than physical systems as enterprise environments continue to adopt virtualization technology. Should you be scared? The answer is yes.

Kathleen Richards is the features editor of Information Security magazine. Follow her on Twitter: @RichardsKath.

This was last published in June 2015

Dig Deeper on Data security technology and strategy