Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

RMIT behavioural analytics to target rogue IT staff

Three year project kicks off with funding from CA Labs, ARC

Assessing the internal threat from rogue system administrators and other IT staff to industry and government organisations may become easier thanks to a new research project run by Royal Melbourne Institute of Technology (RMIT) and funded by CA Labs and the Australian Research Council (ARC).

The research, funded to the tune of $105,000 from CA Labs and $255,000 from ARC, will involve the building of a database of enterprise logs to correlate and analyse suspicious behavioural patterns.

When completed in three years' time the research will be used by CA Labs to develop better threat detection products. However, data from the research project, such as user behaviour patterns, will be made available to public organisations such as the Australian Department of Defence, according to RMIT University Associate Professor, Serdar Boztas.

"Internal threats are the most difficult threat to address and the one that can do the most damage when someone is already on the system," Boztas said of the need for the research.

"With the US Defence Wikileaks that was someone who had top clearance credentials and access to a system who decided to share that information."

Damage could also be done in simple ways such as by an employee taking a screen shot of sensitive information on their smart phone and walking out with it.

"This research will put Australia at the forefront of inside attack prevention and help secure critical IT infrastructure," CA Labs research staff member, Dr Steve Versteeg, said of the collaboration in a statement.

RMIT has partnered with security vendor, CA Labs, for the project. However, this was not the first time the two organisations have worked together. In 2007, the two began collaboration on detection research into malware to reveal the malicious code used to create it. CA Labs was due to publish the findings later this year. The research was also prompted by an Ernst and Young 2010 Global Information Security Survey which found that 64 per cent of companies rate disclosure of private information as a top five risk.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: ARC, Australian Research Council, Australian Research Council, CA Technologies, Department of Defence, MIT, RMIT, Technology
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Australian Research Council (ARC), CA Labs, RMIT
Latest Blog Posts
Whitepapers
  • 5 Best Practices for Achieving Peak Performance in SAP Environments
    Given how deeply businesses rely on their SAP systems, it’s simple to see that maximizing performance and uptime is critical. What’s not so simple is figuring out how to understand, let alone optimize, performance in these complex, dynamic, and interrelated ecosystems. This paper offers five best practices that can help administrators more effectively measure and improve SAP performance.
    Learn more »
  • EMC 15-Minute Guide to Smarter Backup Transform your future
    Backup and recovery has become fundamental part of business and an essential element of information management. Information is useless to customers, employees, or business partners can't access it when it is needed. Availability and integrity of information, of the lack of, can directly impact revenues and profits - as well as company reputations. Read more.
    Learn more »
  • Spear Phishing Attacks - Why they are successful and how to stop them
    There's been a rapid shift from broad, scattershot attacks to advanced target attacks that have had serious consequences for victim organisations. The increased use of spear phishing is directly related to the fact that it works, as traditional security defences simply do not stop these types of attacks. This paper provides a detailed look at how spear phishing is used within advanced attacks and the key capabilities organisations need in order to effectively combat these emerging and evolving threats.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments