National Cybersecurity Awareness Month 2019: Securing Against Insider Threats
It’s week two of National Cybersecurity Awareness Month 2019. We believe that it’s overarching strategy, Own IT. Secure IT. Protect IT, is a great way to get closer to a comfortable security state. If you keep this in mind your security journey will be a more successful one. In this blog, our second of the series, we’re taking a look at securing IT against Insider Threats.
The Problem with Privileged Accounts
In many organizations, there are a lot of employees with far more access than they probably need to get their work done. Difficulties in getting a service or program running? The solution is often “elevate their privileges and see if that fixes it” – and it usually does. However, this becomes problematic when privileges are left elevated after the change is no longer needed.
Couple that practice with administrators who give themselves all the keys to the castle to make their jobs easier and you can see how privileged accounts can cause issues down the road. Not only do we need to worry about users or administrators doing something they shouldn’t (either intentionally or unintentionally), but cybercriminals and other attackers will seek out privileged account credentials to make executing their own campaigns easier.
Security leaders must always be asking themselves questions about privileged accounts: “Does this user truly need this level of access to get the job done?” If the answer is yes, it is essential to have tools and technologies in place to monitor for signs of anomalous use. Often that requires automated technologies such as Network Detection and Response (NDR) to build a baseline of behaviors and alert when something out of the ordinary happens.
Dealing with Stolen Credentials
Attackers using stolen credentials is nothing new – it’s been a cornerstone of an attacker’s playbook for many years. Weak encryption of password databases, rampant password reuse by users who can only remember so many passwords, and services not built to withstand brute-force attempts have all been thorns in the side of security teams for a very long time. Perhaps even worse, a survey of workers at large US companies found that a full 27% of them said that they would sell their account credentials for as little as $100.
How can you really combat that sort of insider threat? It’s not easy; your firewall and many of your traditional tools in your security stack can’t tell the difference between Bob in Accounting using his credentials vs. Ivan in Eastern Europe using them. Tools such as NDR, powered by advanced Artificial Intelligence and Machine Learning, can tell the difference.
What can NDR do to help you along your security journey? NDR can detect all sorts of odd or anomalous activity that might tip you off to a malicious insider or an external attacker masquerading as an insider. Has there been a substantially large increase in data moving through your network by a user where there wasn’t in the past? With hyper fast networks inside enterprises coupled with more storage than ever before, it can be very difficult to see that one new blip on your radar screen. Is the user attempting to access other parts of your infrastructure or data stores that they’ve never accessed before… or does it appear that the user is trolling through the network looking for sensitive data? Your NDR solution can detect that abnormal behavior.
Why It’s Time for Network Detection and Response
The network doesn’t lie: an attacker or an insider must use the network in some fashion in order to steal data or gain access to resources. Active monitoring of the juicy middle of your network (as opposed to the more traditional model of monitoring the perimeter and endpoints) must be a prime focus for security teams.
NDR gives you incredible power and ability to monitor every corner of your network looking for telltale signs of malicious or anomalous activity. NDR finds the needles in your network haystacks and dramatically eliminates false positives and increases the fidelity of the alerts your teams need to react to.
Don’t let a malicious or unwitting insider put your organization’s security at risk. See how easily you can deploy Lastline Defender inside your organization and gain true visibility to everything happening inside your environment. A sensor can be deployed and operational in as little as 30 minutes, and you will see results immediately.
Schedule a demo today!