Assessing the internal threat from rogue system administrators and other IT staff to industry and government organisations may become easier thanks to a new research project run by Royal Melbourne Institute of Technology (RMIT) and funded by CA Labs and the Australian Research Council (ARC).
The research, funded to the tune of $105,000 from CA Labs and $255,000 from ARC, will involve the building of a database of enterprise logs to correlate and analyse suspicious behavioural patterns.
When completed in three years' time the research will be used by CA Labs to develop better threat detection products. However, data from the research project, such as user behaviour patterns, will be made available to public organisations such as the Australian Department of Defence, according to RMIT University Associate Professor, Serdar Boztas.
"Internal threats are the most difficult threat to address and the one that can do the most damage when someone is already on the system," Boztas said of the need for the research.
"With the US Defence Wikileaks that was someone who had top clearance credentials and access to a system who decided to share that information."
Damage could also be done in simple ways such as by an employee taking a screen shot of sensitive information on their smart phone and walking out with it.
"This research will put Australia at the forefront of inside attack prevention and help secure critical IT infrastructure," CA Labs research staff member, Dr Steve Versteeg, said of the collaboration in a statement.
RMIT has partnered with security vendor, CA Labs, for the project. However, this was not the first time the two organisations have worked together. In 2007, the two began collaboration on detection research into malware to reveal the malicious code used to create it. CA Labs was due to publish the findings later this year.
The research was also prompted by an Ernst and Young 2010 Global Information Security Survey which found that 64 per cent of companies rate disclosure of private information as a top five risk.
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.