INSIDER THREAT SECURITY BLOG

The release of the highly anticipated Stealthbits Activity Monitor 3.0 brings some new and innovate features and functionality, which users will appreciate. The addition of SharePoint activity support will instantly add value to existing SharePoint solutions through the receiving of activity information in StealthAUDIT reports along with the ability to send real-time SharePoint events over to a SIEM device. Also included in the Stealthbits Activity Monitor 3.0 release is support for Nasuni mo…

Now that EU GDPR has arrived, it is important to understand how to configure groups of criteria to the compliance standards your organization is concerned about most. StealthAUDIT’s Sensitive Data Discovery allows you to identify file content that matches your set criteria. This can be done for keywords or regular expressions, as well as groups of any of those criteria sets. The configuration for this is found within the Criteria Editor. To get there navigate the Job Tree to the 1-SEEK Sys…

The latest release of StealthDEFEND 1.1 brings us a new highly anticipated feature, Investigations. This brings a new custom experience to the threats and alerts you see in the product by allowing you to define your own threats by specifying the: who, what, where, and when. By navigating to the “Investigate” page in the menu, you are presented with the file activity events for the current day along with the top hosts, top users, and event details. I really like utilizing this page to h…

StealthINTERCEPT provides great threat hunting capabilities, so naturally, the health of our systems is paramount.  StealthINTERCEPT Health Alerts give us the information we need to ensure we keep getting the data we care about. Agent connectivity is my main concern, although SI Agents will cache a fair amount of events, I want to get them communicating again ASAP to prevent any delay in my security awareness.  Our first step is to navigate to our alerts controls located in the top menu ba…

With our focus on SQL Attacks this month, I naturally think about what data is being attacked as well.  StealthAUDIT’s SQL Solution Set can show us a lot of valuable information but collects even more than what immediately shows. StealthAUDIT Data Views are my go-to tool when I want advanced manipulation of data for an export.  Some of these are immediately available, and others must be “turned on” for viewing in the job tree. First, an analysis must be configured; here I’ve chosen the …

With each iteration, StealthINTERCEPT shows more value to our customers. StealthINTERCEPT 5.0’s AD Security focused data means alerting will become even more essential, and those alerts should contain what’s important to you.  Let’s take a moment to learn how your organization can configure and benefit from StealthINTERCEPT 5.0 Notifications. First, navigate to the Alerts section found under Configuration > Alerts: Once in the System Alerts section, click on the Email tab and toggle th…

This time of year is typically a time of giving, and I am here to give the gift of report security!  StealthAUDIT v8.1 has new data to discover, and new report management to keep that data secure. Version 8.1 of StealthAUDIT now equips users with Role Based Access (RBA) to control who has access to reports from the Web Console.  This is a great way to isolate reports to only the users who should be able to see the sensitive information we are making available in your organization. F…

With compliance standards driving more and more organizations to directly tag their data, StealthAUDIT’s Sensitive Data Discovery allows you to easily locate and understand the data that was important enough to tag in the first place. The configuration for sensitive data discovery is located within the Criteria Editor.  To get there navigate the Job Tree to the 1-SEEK System Scans job located in Jobs > FileSystem > 0.Collection.  Open the Query Properties as shown below: From …

Identifying Active Directory Attacks Hacking Active Directory is most often associated with the process of elevating domain user access to domain admin access.  Monitoring domain controller events can help identify when this process has started. The first phase of any attack is reconnaissance.  The attacker must learn about the environment to identify high-value targets.  For Active Directory, this starts with LDAP queries. StealthINTERCEPT has built-in policies for monitoring LDAP…

Stealthbits File Activity Monitor The Stealthbits File Activity Monitor has multiple configuration options to filter out noisy event operations from file servers. For example, Windows® native logs are typically big offenders when it comes to logging these noise events, creating more than 200 log entries when a user creates, reads, modifies, and then saves a file. The sFAM utility filters those operations into a more human-readable, event audit trail for those file operations. The sFAM uti…