Data leakage prevention tools become more popular
Another angle on preventing insider data breaches is being pursued via the use of so-called DLP (data leakage prevention) tools.

At WebEx, the well-known online conferencing applications vendor, Security Engineering and Operations Manager Mike Machado said that the company is using advanced DLP technologies made by Reconnex to ensure that workers aren't walking out of the building with the company's next big idea.

"Up until now, we didn't have anything in place that could capture everything that goes over the wire, but the ability to use technology do to do this type of testing, versus doing sampling in the past, has given us a much clearer picture of where data is going on the network and who is touching it," Machado said.

"Most of the incidents we find today are people unaware of policies, it's only occasionally that we find something malicious, but typically the result is a simple behavior discussion, and that's helping people expand their own understanding of what they should or shouldn't do," he said.

Another advantage to using DLP to keep an eye on all the data being transmitted out of WebEx's network is that the tools serve as another proof point to show external auditors when those groups are testing to see if the firm is employing comprehensive information protection.

Perhaps the best use case for the technology yet, however, is when WebEx used the tools to catch an employee attempting to participate in a malware-distribution ring.

In addition to joining sides with the malware gang, the employee had also agreed to allow the group to use excess WebEx network capacity to harbor potential attacks -- a problem that would have reflected poorly on the entire company if it were discovered and publicized, said the expert.

"It's taught us that a lot that goes on that we know didn't about and verified things we suspected. Overall, it's been a valuable tool for detecting problems and putting us in position to prevent bigger problem down the road," Machado said. "In the rare case we find something to investigate, the technology gives us a much more credible case."

The tools have also proven useful for helping the WebEx 's IT security team closer ties with the company's traditional security unit, which has helped the firm coordinate efforts to look for suspicious employee user behavior and policy violations.

"Because we were able to help them shed light on some valuable issues, the technology has really closed the loop in that sense," Machado said. "The relationship wasn't always very good, but now, they're willing to be more forthcoming with us, and we can rely on each other more to reach our common goals, which is a big advantage."

Some experts contend that companies will spend the next several years loading up on technologies that can help control insider threats now that they have invested so heavily in network defense protections.

Brian Contos, chief security officer at ArcSight, an IT security management specialist, said that businesses must consider the insider problem as a dynamic, ever-changing issue, much like protecting against malware, if they hope to stay ahead of major incidents.

"The network security side of things has increased at a much faster rate, but it's still the Wild West to a certain extent inside many large companies when it comes to protecting applications, databases, and other systems with a lot of rich data stored in them," said Contos, who previously authored the popular insider threat tome Enemy at the Watercooler.

"To be successful, you can't ever be more concerned with internal or external threats. In reality you have the very real chance for either type of attack on a daily basis," he said. "The vast majority of employees, almost all, are not malicious, but you have to constantly watch for that one person who obtains employment deliberately to cause harm or who becomes disgruntled and decides to use what they know against you."