14 DAY TRIAL // The Internal Threats Encyclopedia was launched by the Israeli security company Promisec. According to the company, most of the threats which can put a network at risk are actually internal rather than external. The encyclopedia is an effort to list and rate the applications that can pose a threat to a corporate network.
The idea of security threats coming from the inside is backed up by the recent data loss events over the world which resulted in personal and sensitive information about individuals being leaked out. Amir Kotler, Promisec CEO, gave as example the Pifzer incident when data about 15700 employees at Pifzer was disclosed due to a file sharing program installed on a company laptop.
USB sticks, unlicensed software, instant messaging or file sharing software, various file types can all pose a threat to a company's network according to Mr. Kotler. The encyclopedia lists these applications and gives them a risk score from 1 to 5, with 5 being extremely critical. Applications like Skype, GTalk, MySpace are listed as extremely critical. Each application has a complete description, information about licensing and affected systems. A detailed reason why it is considered a threat is also available. The threats can be sorted by category or name; they can be searched and, in addition, the website features a block that lists the current top 5 internal threats and a block that lists the latest five entries in the database.
The encyclopedia is part of the company's Risk Center and the data gathered is used to create monthly charts showing changes in threat trends. The project is likely to help the company increase its sales but Mr. Kotler is convinced that it represents more than a marketing tool. "This tool helps us make sense of internal threats and actually beg companies to draw comprehensive policies and action plans to deal with these threats. It is set to include thousands of terms and enable IT professionals to post feedback and comments," he commented.
Some professionals are skeptical regarding the accuracy of the information. Anna Yen, vice president of marketing and corporate development at PacketTrap Networks, viewed as suspicious the listing of their PacketTrap network management software in the top 5 threats. The product has been listed because of a vulnerability in one of its components, but a patch was issued months ago and comparing with the rest of the software listed in the top 5, their product only had 80000 downloads, out of which only 106 downloaded the vulnerable package, according to Ms. Yen.