Skip to content

Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures

*** **Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures. By Brian Contos; published by Syngress Publishing, (Web); 302 pages; $49.95.

Even though hacker Kevin Mitnick’s notorious exploits are more than a decade old, the media, and even some security professionals, continue to be obsessed with him. In early October 2006 alone, his name came up a few dozen times in a search of the prior month of Google News. Those obsessed with hackers are missing the far greater threat: trusted insiders.

The insider threat shouldn’t be a surprise: employee theft takes a bigger bite out of retailers than does shoplifting, and company personnel give away more secrets than are stolen by spies.

On average, authorized network users gain access to 10 to 20 times more resources than they need to perform their jobs, and this extra access leads to most network security breaches. With that as its starting point, Enemy at the Water Cooler looks at the problem of the trusted insider and how to reduce both the threat and the vulnerability. Author Brian Contos astutely notes that insider attacks are the hardest ones to defend against, detect, and manage.

The first part of the book sketches the risks that insiders pose to an organization. It also details mechanisms that can be used to control these risks.

One such solution is ESM (Enterprise Security Management) software. (Full disclosure: the author is the CSO for a leading ESM vendor and some of the illustrations in the book are screenshots from this vendor’s product.) ESM software centrally collects and analyzes log data from various entities within a network. When correctly deployed, ESM can be used to discover internal risks, in addition to correlating security information and performing other valuable tasks.

The final chapters of the book run through real-life case studies in which Contos shows how ESM mitigated, or could have mitigated, the risk.

Although the book has a lot of information, at $49.95 for fewer than 250 pages, the book is overpriced. (Editor’s note: Though the cover price is $49.95, the book is advertised on the Syngress Web site for $24.97.) Even though it can come across as self-serving, the book should be commended for tackling a vital topic.

Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), is a New York City-based information security director with a multinational financial services firm. He is a member of ASIS International.