PlayStation Network security tracking staff and user behavior

PlayStation Network's major breach last year, and subsequent hacking attacks on other publishers, put a spotlight on just how weak the security at some game companies has been - ironic, given the tech-focused nature inherent in video games. Now Sony has one of the top security experts on their side - former McAfee Chief Security Officer Brett Wahlin - and he's looking to ensure that Sony never gets hacked and embarrassed again.

Wahlin, speaking to Secure Business Intelligence, outlined some of the key aspects of the new and improved security for Sony Entertainment Network. The entire security operations center (SOC) run by HP and Arcsight, reports to Wahlin, who also served as a counter-intelligence officer in the US Military for eight years during the Cold War.

For Wahlin, one of the crucial aspects of securing the network is to understand the enemy. "The types of attacks we see are by groups with social agendas," he said, referring to the infamous group known as Anonymous. "The methods they use aren't the same as the state-sponsored guys."

An important distinction is that groups like Anonymous aren't in it for money; they simply want to do damage and make a statement. "At Sony, we are modifying our programs to deal less with state-sponsored [attacks] and more with socially-motivated hackers. It will be different," Wahlin noted.

So what does this mean? It means that Sony's security experts have to think more like social engineers. That entails constantly monitoring staff and users across the globe. Each Sony staffer is viewed as a potential target with varying levels of access to the network and different levels of vulnerability.

To combat the threat, Wahlin is aiming to craft a new strategy based on psychological behaviors. As the report puts it, "The strategy combines social engineering psychology with data analytics and user education, using Wahlin's counter-intelligence, FBI-inspired human behaviour profiling methods and advanced fraud detection systems."

"We are looking to see if there are there key elements within a person's interaction with their environment. That could be interaction with badging systems, with telephones - when and who do they call- and with systems like browser habits and applications used," he explained. "All these things allow us to set up a pattern for users, so when something different happens we can respond."

All of this information would be quickly streamed to the SOC where it's analyzed. The normal would have to be separated from the abnormal in an automated process that would put up red flags in case something unusual is detected.

"If we detect unusual activity, it may be that someone's been owned by a Trojan that we don't know about, and we can stop data flying out the door," said Wahlin.

At least last year's attack did appear to send a wake-up call to Sony - and hopefully - the industry at large.