INSIDER THREAT SECURITY BLOG

AD Security Assessment Active Directory security is a hot topic. Some security professionals have made their living by uncovering vulnerabilities in directory services. Take for instance, Sean Metcalf at ADSecurity.org. He has an entire blog focused on Active Directory security. What tends to be lacking, however, is an easy-to-follow Security Assessment that highlights critical areas of concern in a Microsoft Active Directory and Windows environment. Most organizations aren’t aware they eve…

2017 – A New Hope Protecting your company in 2017 should start from the inside out. Organizations have spent the last decade securing the perimeter from external threats with a fair amount of success. However, in the last couple years one of the most serious threats to cybersecurity stepped to the fore: the Insider.  StaySafeOnline.org recently highlighted the importance of training more of your employees to become security aware. The idea is to have many eyes focused on securing an enviro…

The year 2016 is being called the Year of the Breach. A recent study by the Ponemon Institute shows that two-thirds of organizations affected by a cyber breach are unable to recover from the attack. Imagine these organizations – so many of them – ceasing to operate one by one as wanton and malicious cyber-attacks damage their critical infrastructure, reveal operational strategies or trade secrets to competitors, or even taint the public’s perception of an entire brand! Of course it’s hard to …

The proliferation of Ransomware continues apace, which is no surprise given the motivation is monetary. Wherever there’s something of value that can be exploited, it will be exploited. Every organization has to take the threat of Ransomware seriously and address the risk head-on. Where do you start? You start with the basics: understanding what’s at risk and key ways to protect it. What’s at risk is your organization’s Data and the means to gain access to it, your users’ Credentials. D…

Active Directory Operations and Security As the primary authentication and authorization service for the majority of IT systems, the importance of Microsoft’s Active Directory (AD) cannot be understated. Over time, AD has grown increasingly complex, less secure, and more difficult to manage, resulting in a growing problem for organizations large and small. Given its importance, AD is often viewed from two main perspectives: operations and security. Operations The ultimate goal of an …

‘Millions of Email Accounts Compromised…’ – The Daily Telegraph (UK), May 2016 This was the headline in a UK news outlet discussing a ‘…massive data breach that includes Google and Yahoo’. It’s a catchy headline for sure. However, the line that really caught my attention was from the lead paragraph: ‘More than 270 Million email accounts with major providers around the world have been compromised…’ Try to comprehend that figure. It’s a staggering number and I’m sure worthy of int…

Excessive access to unstructured data is pervasive in enterprise file environments around the world. In a recent report, 62% of the business users surveyed reported having access to content they should not be able to view. In light of recent breaches, malware attacks, and insider theft, many organizations now recognize that Access Governance is critical to protecting their businesses. Here are a few of the top reasons companies are getting serious about implementing a least-privileged approac…

Can They Access Sensitive Data? Businesses are facing unique challenges related to “privileged accounts,” accounts that are built into applications or systems with privileges that normal users do not have. Privileged accounts can also be created by administrators to manage specific applications, run services, execute tasks, and control file systems. Such privileged accounts are necessary for day-to-day operations in environments containing Windows domain-joined systems, standalone Windows ma…

The 2016 Verizon DBIR is an all-encompassing look at a years’ worth of cyber related attacks. The most compelling statistic from the 2016 report states that in 93% of cases it only took an attacker minutes to compromise systems and networks, but weeks or months for the affected company to even realize that an incident had occurred. What does this say about our detection and mitigation strategies as an industry? What we do know is that attackers typically exploit the easiest routes to breach a…

Ransomware is a form of malware currently taking the world by storm. Take for instance the headlines this month about a Kentucky hospital being struck down by a virulent strain, essentially halting all use of company equipment and websites until the malware could be quarantined. Think of ransomware in terms of your data being held ransom by a third party. The way the attacker orchestrates the attack is what ensures total loss of data unless the ransom is paid. The victim’s data is encrypted u…