Comment from Erik Hjelmvik
Time: February 27, 2008, 4:54 am

Outbound traffic monitoring can be many different things.

First we have Extrusion Detection, this is a good method for detecting if your systems are infected with malware, if some computer in your net is part of a botnet or of someone is hacking external systems from within your network.

Then we have the concept of Information Leakage Prevention, which is used to block confidential information in outbound traffic.

Sandia should definitively worry about information leakage, but hacking someone’s email account hasn’t got much to do with information leakage. The hacking could on the other hand be detected with extrusion detection.

I do however agree with you that Sandia should be expected to monitor their outbound traffic. It is also important to detect rogue hosts on your networks (through for example extrusion detection) since they might be used to send information out from your network.

Comment from Matthew Franz
Time: February 28, 2008, 9:18 pm

To me this is a (1st level) management failure not a technical network security failure, although one would guess that there isn’t that much content filtering going on (not that Bluecoats or Websense can stop someone determined to get out).

I’d love to know about any network security team that is manually looking at surfing habits (without getting a tipoff from HR to investigate a user) because I’ll send them my resume. They obviously has too much time on their hands and I want to work there.

Comment from Landon Lewis
Time: February 29, 2008, 10:07 pm

I can think of a couple places that have entry/junior level security analysts that review Websense/Surfcontrol, etc and SEM reports. However I agree for the majority of most companies.