In our twelfth edition of the Insider Threat Podcast, we were joined by my STEALTHbits teammate, Adam Laub, the Senior Vice President of Product Marketing. In a reversal of the typical flow of things, Adam had questions for me. With the release of StealthAUDIT 8.1 fast approaching, he wanted to know how some of the headline features fit into the view of the world from an insider threat perspective. 8.1 is a minor release, and, as is usual with a minor release, most of what is in it is there because customers asked for it. There is a lot of insider threat relevant features because so many of you tell us so often how much you want to reduce those threats. So Adam and I had plenty to discuss.
He started out asking about SQL Server since that’s a headline feature for 8.1. Of course, as far back as SQL Slammer, MS SQL has been on the minds of security pros – and not in a good way. We discussed how as threats have evolved on every platform from the “bug to exploit” type to the “credential to exploit” type. SQL Server is no different. We are about to launch a series of blog posts about attacks on the SQL layer to explore this as deeply as we have attacks on the AD and file server layers. Like the series before it, it will focus on exactly those insider threat style attacks that look for, steal, and exploit exposed and weak credentials.
We also went through a list of attack vectors that are all top of mind for people fighting insider threat. The overall message was to look for an eliminate things that are likely pure risk – configurations that serve no real purpose, left over accounts and privileges that make some users too dangerous, settings built in by Microsoft that protect you without any real downside that are mysteriously not activated. In particular, we talked about how weak passwords are a huge threat. You don’t want to find them anywhere, but too often you find them in the worst places, e.g. service accounts. There is also more than one kind of “weak” – a password that is widely known but still meets complexity requirements is not a good password. This stuff always sounds obvious when you say it, but so many customers tell us this is exactly the kind of thing they are still struggling with. So listen in and hopefully you can get some ideas about how you can tackle these issues, too.
To be notified of Insider Threat Podcast episodes, sign up here