Browsed by
Author: STEALTHbits Technologies

Top Five Ways You End Up With Open Shares: Part 2

Top Five Ways You End Up With Open Shares: Part 2

In the first post of this series, we explored two ways you can end up with dangerous open shares. Open shares are essentially folders that everyone in your company can access. Sharing what is in those folders isn’t a threat by itself, but securing those documents can be tough. In this post, we’ll discuss three equally important, but less common ways to end up with dangerous open shares. Learn more about open shares here. Reason 3: End Users Are Given…

Read More Read More

Top Five Ways You End Up With Open Shares: Part 1

Top Five Ways You End Up With Open Shares: Part 1

Open shares are evil. Sure, there are cases you may need a read-only share open to everyone in the organization. How else will they grab benefits forms or company calendars to print and hang in their cubes? But it’s amazing how often those simple use cases grow into ugly messes. All it takes is one person with the right (or wrong) rights to add write access to that same share, and you have a huge problem. Learn more about open…

Read More Read More

Pragmatic Data Security Best Practices: Part 2

Pragmatic Data Security Best Practices: Part 2

The last post, we started discussing the importance of protecting Active Directory and your unstructured data. Today, we’ll continue our discussion with the next three data security best practices to ensure the security of your data. Pragmatic Data Security Best Practice #2: Monitor Activity Monitoring activity is an essential capability, but be careful not to bite off more than you can chew. The best way to make effective use of your monitoring efforts is to focus on specific scenarios you’d…

Read More Read More

Pragmatic Data Security Best Practices: Part 1

Pragmatic Data Security Best Practices: Part 1

Data security is a major issue for any company that has valuable information to protect. Breaches of that data can cost an organization dearly in the form of business disruption, loss of revenue, fines, lawsuits, and perhaps worst of all, the loss of trust between the organization and its customers and partners. But the challenge of securing all that data is daunting. It’s easy to lose sight of the fact that some small changes can have a major impact. Just…

Read More Read More

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 5

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 5

Now that we understand how monitoring authentication patterns and authentication-based attacks can lead to an overwhelming amount of data which prevents any meaningful analysis, we can focus on our fifth, and final challenge of monitoring critical systems. Challenge 5 – Permission Changes and Object Changes Some of the most important changes to monitor within Active Directory are the changes to the security of the containers and objects.  Permissions control who can elevate privileges by changing group policies, adding members to…

Read More Read More

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 4

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 4

The last post, we discussed monitoring directory reads. One of the limitations of Active Directory is it offers no easy way to monitor suspicious read events, which can help you detect reconnaissance activity and stop an attack before it happens. Now let’s look at the next challenge, tracking authentication events. Challenge Four – Tracking Authentication Events With the recent surge of credential-based attacks, monitoring authentication patterns is critical to identify compromised accounts, signs of pass-the-hash and pass-the-ticket attacks, forged Kerberos…

Read More Read More

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 3

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 3

So far in this series, we’ve learned that changes to groups with extensive privilege within an Active Directory (AD) environment are the target for many hackers. We then looked at how Active Directory isn’t able to log the changes made to Group Policy settings, which can lead to an attack or production outage. Challenge 3 – Monitoring Directory Reads Another aspect of detecting Active Directory attacks is understanding how users are reading and enumerating AD objects.  When attackers are looking…

Read More Read More

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 2

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 2

In the first blog of this series, we discussed how changes to groups with extensive privilege within an Active Directory (AD) environment are the target for many hackers. However, this is just one of the problems with monitoring critical systems. Challenge 2 – Group Policy Changes Group Policies are used to control and manage settings across all computers joined to Active Directory.  This includes critical security settings such as who has administrative access to systems and numerous others.  A simple…

Read More Read More

15 Cases for File Activity Monitoring: Part 3

15 Cases for File Activity Monitoring: Part 3

Today, we continue our discussion on real-life use cases for STEALTHbits file activity monitoring solutions. The cases outlined in the previous blog post provided examples of malicious access by internal users, administrators, and external bad actors. Case 11: Stale File Clean-Up Knowing which files are being actively accessed helps identify stale data for removal from active management, reclaiming storage space and reducing an organization’s risk surface. The file activity monitor allows organizations to identify stale data and files that have…

Read More Read More

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 1

Five Challenges with Monitoring Active Directory Security Using Event Logs: Part 1

As the methods that attackers use to compromise credentials and data continue to evolve, it is increasingly important to monitor critical systems such as Active Directory (AD) for signs of malicious activities. Most customers turn to security information and event management (SIEM) products to provide this monitoring.  While these solutions may be extremely powerful, they ultimately depend on the Windows event logs that are populated by Active Directory.  Event logs can be very complicated to work with, and ultimately do…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.