Page 58 - Cyber Warnings
P. 58
protected from tampering and will be able to produce comprehensive record of user
actions, allowing you to efficiently detect insider attacks.
• Monitor privileged users. Users with privileged accounts are usually directly working
with sensitive data or critical system settings and have all the tools necessary to conduct
malicious actions, while disabling any default monitoring. It is important to use monitoring
software that are specifically designed to handle such users and cannot be disabled
regardless of the level of privilege user has.
• Monitor third parties and remote users. Various third parties, such as service
providers and subcontractors are not necessarily have the same level of security from
both insider and outsider threats as your organization. In this case, action monitoring is
your best bet at reliably protecting your data from any misuse. When sensitive data is
accessed remotely, whether by third parties, or by your own employees, make sure that
it is transferred only while encrypted and that all remote sessions are fully monitored.
This will allow you to prevent insider network attacks and make sure that remote
employees are not misusing sensitive data.
• Use custom alerts or behavior analysis tools. One of the biggest challenges of action
monitoring is the efficient processing of a large amounts of data you receive. More
affordable monitoring solutions, such as Ekran System, usually employ customizable
alert systems that can be used to create alerts best suited for your particular situation.
Such alerts will fire upon particular suspicious events, allowing your security personnel to
check for data breaches or misuse. Some solutions use more sophisticated behavior
analysis systems that try to detect suspicious events automatically. Such systems are
convenient to use and can give good results, although they are much more expensive
and tend to produce many false positives.
Conclusion
When creating this practical guide on how to prevent insider threats, we went through many
recommendations and best practices employed by security professionals, as well applied our
own experience in the matter. Resulting six steps are the basic, yet the most important ones you
can take in order to thoroughly protect your company from insider threats. We hope that this
guide was useful to you and gave you a good idea on how to improve security posture of your
organization.
About The Author
Dennis Turpitka is the CEO of Ekransystem, an expert within Digital Security
solution business design and development, Virtualization and Cloud
Computing R&D projects, establishment and management of Software
Research direction. Successful entrepreneur, who organized several security
start-ups. Dennis can be reached online at @Dturpitka and at our company
website https://www.ekransystem.com/en
58 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
