Keeping Porn and Malicious Insiders at Bay

What do pornography and the insider threat have in common? On the surface, not much. But, if you take a closer look, they're two sides of the same coin. Most, if not all, enterprises, I'd say, want to keep their employees from surfing porn.

Not just for legal reasons, but also for security reasons. Despite the spread of mainstream sites hosting malware, porn sites continue to be mainstream hosters of malware, as well. So, in a sense, although porn-surfing isn't an insider threat by itself, it's just one of those bad things malicious insiders might attempt.

In this SearchSecurity article on TechTarget's web site, David Mortman describes the two mainstays for fighting porn in the enterprise: web content filtering and content logging for forensics and policy enforcement.

In an unrelated article in eWeek, Jeff Nielsen provides some nice tips for combatting malicious insiders. The article talks about process-based systems for managing privileged accounts, the key to the entire store, which, if abused or stolen, make a company wide open and vulnerable to attack. The next step is audit trails for tracking malicious behavior and, finally, integrating policy controls with an identity and access management tool such as Active Directory.