While automated technology, network sensors, and behavioral analysis are crucial to helping security professionals detect attacks against their network resources, sometimes nothing can beat good old-fashioned human observation. Security team members can only do so much to personally observe aberrant behavior, but fortunately, they may have a ready source of eyes and ears in what some jaded pros might consider an unlikely pool of candidates: end users.

The fact is that end users are at the front lines of attacks—most outside incursions to the network usually involve some form of social networking or another. Instead of simply putting up posters and sending out multiple-choice questions once a year about how to avoid phishing dangers altogether, social engineering experts say organizations should seek a more realistic and robust training goal. They should be teaching employees to spot suspicious activity and report it without fear of recrimination, whether they fell for a ploy or not. Ultimately, the goal is to turn employees into a sort of human perimeter to help the security team detect attacks more quickly.

"There are many more human sensors on a network than any intrusion detection system can ever hope to have, because every employee can be one," says Rohyt Belani, CEO of PhishMe. "If you look at the way security responders work today, they're picking leads off of either their IDS systems or their network logs and then they are going through a similar process to find suspicious behavior. Given the right mechanisms or right sorts of tools, the humans who are resilient to these attacks actually become great reporters."

The fact is that security has always been a game of reducing the odds of exposure rather than eliminating it. And yet, when it comes to the human element of security too many security pros are quick to disparage all end users as stupid because attacks continue to get through, says Mike Murray, managing partner for MAD Security. But that's like saying any other piece of detection technology is worthless because it doesn't work 100 percent of the time. Read full story on Dark Reading


Post a comment to the original version of this story on Dark Reading