Mohegan Sun won’t gamble on insider threat

The Mohegan Sun casino is a business built on risk. But when it comes to the threat posed by rogue employees and internal hackers, the Connecticut mega complex, owned by the Mohegan Tribe, isn’t taking any chances.

Mohegan Sun is trying out new technology by Intrusic, a Waltham, Mass., start-up that promises to spot the surreptitious behavior that may indicate the workings of a rogue employee, malicious external hacker or compromised computer, according to Intrusic, which will announce the deal on Monday.

Mohegan Sun will use Intrusic’s Zephon software, which studies communications between users and the computer network, looking for violations of what Intrusic calls the “physics of networks,” fundamental laws that govern the way legitimate network traffic looks.

Mohegan Sun is deploying one Zephon system at its network core. That device will capture, store and analyze all traffic to and from key servers in the data center, said Jake Starr, vice president of information technology at Mohegan Sun.

The casino maintains a large network with a number of critical systems that track Mohegan Sun’s more than 2.5 million customers, their winnings and credit worthiness, and loyalty program points that can be used to purchase items at the Casino and its shops, he said.

Mohegan Sun is waiting for the results of a 30-day trial before making a commitment to buy the Zephon product, but says that a full deployment could involve as many as 26 separate Zephon devices – one for each of the Casino’s network segments. Those devices would monitor not only client-server communications, but traffic between clients, or between servers, he said.

The casino uses perimeter defense products like firewalls, intrusion detection and intrusion prevention systems, but is increasingly concerned about insider threats or external compromise as a result of fast-moving worms and viruses, Starr said.

“We’re losing the battle to try to keep that stuff updated, so you almost have to assume you’ve been had,” he said.

A number of companies have appeared in recent years with products that promise to spot malicious behavior by network insiders, said John Pescatore, vice president of Gartner.

Companies such as Vontu of San Francisco and Verdasys, also of Waltham, promise to stop everything from pirated software distribution to intellectual property theft, using both client- and network appliance-based products. Check Point Software Technologies also sells a hardware appliance, InterSpect, that protects an enterprise’s internal network from worm outbreaks and other threats, Pescatore said.

However, despite a plethora of choices, enterprise demand for insider threat detection products is still low, he said.

Regulatory compliance and concerns about legal liability for employees hosting pirated software or storing pornography on company servers may drive some investment in internal threat detection products. But most executives are satisfied by the protection offered by various perimeter defense products such as firewalls, and widespread demand for products to snare unauthorized intruders may be years off, Pescatore said.