National Cybersecurity Awareness Month 2019: Securing Against Insider Threats

National Cybersecurity Awareness Month 2019: Securing Against Insider Threats

Securing Against Insider Threats

It’s week two of National Cybersecurity Awareness Month 2019. We believe that it’s overarching strategy, Own IT. Secure IT. Protect IT, is a great way to get closer to a comfortable security state. If you keep this in mind your security journey will be a more successful one. In this blog, our second of the series, we’re taking a look at securing IT against Insider Threats.

The Problem with Privileged Accounts

In many organizations, there are a lot of employees with far more access than they probably need to get their work done. Difficulties in getting a service or program running? The solution is often “elevate their privileges and see if that fixes it” – and it usually does. However, this becomes problematic when privileges are left elevated after the change is no longer needed.

Couple that practice with administrators who give themselves all the keys to the castle to make their jobs easier and you can see how privileged accounts can cause issues down the road. Not only do we need to worry about users or administrators doing something they shouldn’t (either intentionally or unintentionally), but cybercriminals and other attackers will seek out privileged account credentials to make executing their own campaigns easier.

Security leaders must always be asking themselves questions about privileged accounts: “Does this user truly need this level of access to get the job done?” If the answer is yes, it is essential to have tools and technologies in place to monitor for signs of anomalous use. Often that requires automated technologies such as Network Detection and Response (NDR) to build a baseline of behaviors and alert when something out of the ordinary happens.

Dealing with Stolen Credentials

Attackers using stolen credentials is nothing new – it’s been a cornerstone of an attacker’s playbook for many years. Weak encryption of password databases, rampant password reuse by users who can only remember so many passwords, and services not built to withstand brute-force attempts have all been thorns in the side of security teams for a very long time. Perhaps even worse, a survey of workers at large US companies found that a full 27% of them said that they would sell their account credentials for as little as $100.

How can you really combat that sort of insider threat? It’s not easy; your firewall and many of your traditional tools in your security stack can’t tell the difference between Bob in Accounting using his credentials vs. Ivan in Eastern Europe using them. Tools such as NDR, powered by advanced Artificial Intelligence and Machine Learning, can tell the difference.

Warning Signs

What can NDR do to help you along your security journey? NDR can detect all sorts of odd or anomalous activity that might tip you off to a malicious insider or an external attacker masquerading as an insider. Has there been a substantially large increase in data moving through your network by a user where there wasn’t in the past? With hyper fast networks inside enterprises coupled with more storage than ever before, it can be very difficult to see that one new blip on your radar screen. Is the user attempting to access other parts of your infrastructure or data stores that they’ve never accessed before… or does it appear that the user is trolling through the network looking for sensitive data? Your NDR solution can detect that abnormal behavior.

Why It’s Time for Network Detection and Response

The network doesn’t lie: an attacker or an insider must use the network in some fashion in order to steal data or gain access to resources. Active monitoring of the juicy middle of your network (as opposed to the more traditional model of monitoring the perimeter and endpoints) must be a prime focus for security teams.

NDR gives you incredible power and ability to monitor every corner of your network looking for telltale signs of malicious or anomalous activity. NDR finds the needles in your network haystacks and dramatically eliminates false positives and increases the fidelity of the alerts your teams need to react to.

Don’t let a malicious or unwitting insider put your organization’s security at risk. See how easily you can deploy Lastline Defender inside your organization and gain true visibility to everything happening inside your environment. A sensor can be deployed and operational in as little as 30 minutes, and you will see results immediately.

Schedule a demo today!

Richard Henderson

Richard Henderson

Richard Henderson is Head of Global Threat Intelligence, where he is responsible for trend-spotting, industry-watching, and evangelizing the unique capabilities of Lastline’s technologies. He has nearly two decades of experience and involvement in the global hacker community and discovers new trends and activities in the cyber-underground. He is a researcher and regular presenter at conferences and events and was lauded by a former US DHS undersecretary for cybersecurity as having an “insightful view” on the current state of cybersecurity. Richard was one of the first researchers in the world to defeat Apple’s TouchID fingerprint sensor on the iPhone 5S. He has taught courses on radio interception techniques multiple times at the DEFCON hacker conference. Richard is a regular writer and contributor to many publications including BankInfoSecurity, Forbes, Dark Reading, and CSO.
Richard Henderson