Six ways to reliably protect your organization from external and internal threats
Sony, OPM, and more recently MLB. Does anyone know how to protect against data theft? Many ideas are offered, starting with the rejection of modern systems and ending with the ciphering of all data. But unfortunately, they are impractical and unrealistic.
This is what we really know about cyber attacks. According to the latest Verizon security breach, companies need months to detect the very fact of data theft. Another data protection report from the Ponemon Institute states that 71% of employees report that they have access to data that they should not have access to. Moreover, only 22% of employees claim that their organizations are able to provide them with information about what happened to lost data, files and emails.
What will be next? We are doomed? What do we have to do?
It is time to turn our ideas about data protection. Many organizations are investing heavily in protecting the network perimeter. But why do this if there is no certainty that the threats are outside, when all the valuable assets of companies — data, files, and emails — are inside?
It is necessary to allow the possibility that someone has already penetrated the network.
')
Organizations use an innovative solution called User Behavior Analysis (User Behavior Analytics, UBA). This solution provides security from the inside. It monitors user actions: login, running applications, access time to data and files, information about actions with files (copy, move, delete), frequency of accessing files.
“I was very surprised when, at one of the recent events, I learned that 75% of companies that switched to UBA discovered current security breaches in their network,” industry analyst Rob Enderle said in an interview with CIO. “It's amazing how many gaps go unnoticed in companies that do not use this technology ... UBA creates a profile for each employee and sends an alert if he starts to behave strangely.”
Here are six ways to improve your organization's security with UBA.
1. Determine what users do
To apply the new approach, a file system event log is required. So you can know who opens, moves, creates, copies and deletes files. From the file system event log you will not only find out which employees go beyond the usual framework of working with files, but also be able to track lost data, files and emails (think of those 78% of employees who do not have this capability).
2. Identify non-standard behavior
If your UBA solution is able to track file operations at a deep level, you can determine the normal behavior for each user and set an automatic notification when, for example, thousands of copy operations occur within a minute, or the user starts to behave uncharacteristically, or he accesses files after hours.
Gartner analyst Aviva Litan (Avivah Litan), who advises clients on information security, believes that analyzing user behavior from a context could prevent recent security incidents in retail networks and the stealing of classified data from the NSA from Edward Snowden.
3. Identify elevated privileges
Check high-risk groups frequently, such as “domain administrators,” to make sure that only authorized users are in them. Set alerts via SMS or email to add new users to these groups.
It is also worth checking Active Directory so you can know who got access to sensitive information and when. In addition, from the file system event log you can find out what exactly this user did.
4. Eliminate accessibility for global groups, especially secret information stores.
Relying on corporate information (especially secret) users from the category “all” or “domain users” is a big problem. In SharePoint and Exchange, there is the same problem with authorized users. In Exchange, in addition, there is the possibility of access as an "anonymous user."
If secret information, credit card information, intellectual property, legal and personnel data are in folders, access to which is open to all users in the company, this can be a disaster.
Universal access to folders, SharePoint pages and email boxes should be a thing of the past. It should be replaced by rules that provide access to data only to those who need it.
5. Eliminate unnecessary access rights.
When an employee works in a company for a long time, his positions, departments and duties may change. Temporary projects often require temporary access, but temporary access can become permanent. Sometimes access rights are granted randomly.
As a result, users accumulate more access rights than they need. But no one will ever turn to this support service with this problem, so it is extremely important to implement a model of work with a minimum of access rights.
First of all, study the user's actions. If he stopped accessing any data, it means that it may be necessary to close access to it. However, it is necessary to additionally compare the user's activity with the activity of his security group. Even if the user has ceased to request certain information, this does not mean that he no longer needs it.
6. Use the "honeypot"
If your UBA solution has the ability to automatically analyze files, it will be useful for you to create a “honeypot” - a shared folder where fake secret data is stored. So you can see what happens.
This will help you identify overly curious users and identify the threat.
-
Just a month ago, Juniper Research experts predicted that by 2019, global damage from security breaches would amount to $ 2.1 trillion, and according to a 2015 study, Cost of a Data Breach, the average cost of damage from security breaches rose to 3.79 million dollars. Let's take a sober look at things: security breaches will not go anywhere and will lead to great losses. Perhaps you should try UBA because it works.
This is what we really know about cyber attacks. According to the latest Verizon security breach, companies need months to detect the very fact of data theft. Another data protection report from the Ponemon Institute states that 71% of employees report that they have access to data that they should not have access to. Moreover, only 22% of employees claim that their organizations are able to provide them with information about what happened to lost data, files and emails.
What will be next? We are doomed? What do we have to do?
It is time to turn our ideas about data protection. Many organizations are investing heavily in protecting the network perimeter. But why do this if there is no certainty that the threats are outside, when all the valuable assets of companies — data, files, and emails — are inside?
It is necessary to allow the possibility that someone has already penetrated the network.
')
Organizations use an innovative solution called User Behavior Analysis (User Behavior Analytics, UBA). This solution provides security from the inside. It monitors user actions: login, running applications, access time to data and files, information about actions with files (copy, move, delete), frequency of accessing files.
“I was very surprised when, at one of the recent events, I learned that 75% of companies that switched to UBA discovered current security breaches in their network,” industry analyst Rob Enderle said in an interview with CIO. “It's amazing how many gaps go unnoticed in companies that do not use this technology ... UBA creates a profile for each employee and sends an alert if he starts to behave strangely.”
Here are six ways to improve your organization's security with UBA.
1. Determine what users do
To apply the new approach, a file system event log is required. So you can know who opens, moves, creates, copies and deletes files. From the file system event log you will not only find out which employees go beyond the usual framework of working with files, but also be able to track lost data, files and emails (think of those 78% of employees who do not have this capability).
2. Identify non-standard behavior
If your UBA solution is able to track file operations at a deep level, you can determine the normal behavior for each user and set an automatic notification when, for example, thousands of copy operations occur within a minute, or the user starts to behave uncharacteristically, or he accesses files after hours.
Gartner analyst Aviva Litan (Avivah Litan), who advises clients on information security, believes that analyzing user behavior from a context could prevent recent security incidents in retail networks and the stealing of classified data from the NSA from Edward Snowden.
3. Identify elevated privileges
Check high-risk groups frequently, such as “domain administrators,” to make sure that only authorized users are in them. Set alerts via SMS or email to add new users to these groups.
It is also worth checking Active Directory so you can know who got access to sensitive information and when. In addition, from the file system event log you can find out what exactly this user did.
4. Eliminate accessibility for global groups, especially secret information stores.
Relying on corporate information (especially secret) users from the category “all” or “domain users” is a big problem. In SharePoint and Exchange, there is the same problem with authorized users. In Exchange, in addition, there is the possibility of access as an "anonymous user."
If secret information, credit card information, intellectual property, legal and personnel data are in folders, access to which is open to all users in the company, this can be a disaster.
Universal access to folders, SharePoint pages and email boxes should be a thing of the past. It should be replaced by rules that provide access to data only to those who need it.
5. Eliminate unnecessary access rights.
When an employee works in a company for a long time, his positions, departments and duties may change. Temporary projects often require temporary access, but temporary access can become permanent. Sometimes access rights are granted randomly.
As a result, users accumulate more access rights than they need. But no one will ever turn to this support service with this problem, so it is extremely important to implement a model of work with a minimum of access rights.
First of all, study the user's actions. If he stopped accessing any data, it means that it may be necessary to close access to it. However, it is necessary to additionally compare the user's activity with the activity of his security group. Even if the user has ceased to request certain information, this does not mean that he no longer needs it.
6. Use the "honeypot"
If your UBA solution has the ability to automatically analyze files, it will be useful for you to create a “honeypot” - a shared folder where fake secret data is stored. So you can see what happens.
This will help you identify overly curious users and identify the threat.
-
Just a month ago, Juniper Research experts predicted that by 2019, global damage from security breaches would amount to $ 2.1 trillion, and according to a 2015 study, Cost of a Data Breach, the average cost of damage from security breaches rose to 3.79 million dollars. Let's take a sober look at things: security breaches will not go anywhere and will lead to great losses. Perhaps you should try UBA because it works.
Source: https://habr.com/ru/post/262891/
All Articles