How are your computer assets being used? Have you considered the variety of methods data can be transferred to and from your workstations? What can be done to audit and control data movements throughout your enterprise?
Q: What is an Insider Threat?
A: An Insider threat is a generic term for a threat to an organization’s security or data that comes from within. Such threats are usually attributed to employees or former employees, but may also arise from third parties, including contractors, temporary workers or customers.
Insider threats due to malicious actors are found throughout all industries including government institutions. Regardless of the sector your organization operates within, it is important that you protect it from damaging attacks that may come from your inside your enterprise.
Q: What are causes for concern?
A: Many cases of insider threats are due to a lack of appropriate employee education. For instance, communicating to employees to not upload company data to an unapproved Cloud storage system or emailing sensitive data files. Another easily preventable source of insider threat are former employees whose account(s) remain active and thus invite unwanted behaviors. However, without attention to these and more potential threats, the likelihood of an unwanted compromise grows.
Q: How can it happen?
A: The abundance of attack surfaces available to Windows® clients are often unguarded. There are many considerations in reviewing potential attack surfaces for insider threats.
Is there is a policy to consistently educate personnel of expectations? Does your organization have an acceptable use policy that sets expectations of what people can do with business data (copy it, share it, how long to retain, etc.) on their ‘BYOD ‘ devices such as iPads, iPhones, and Android devices?
Q: Could you tell us more about ‘attack surfaces’?
A: The following potential attack surfaces are of consideration:
- Copying of files from remote devices such as a server to the local desktop/laptop
- Copying of files from any remote or local device to a removable device. Removable devices include CDs, DVDs, USB, SDRAM card, mobile phone, Windows Portable Devices (WPD) and more. Most removable devices are facilitated by USB ports.
- Threats can also occur when files are copied from any removable device to a remote (server) or local device.
- Uploading of files via a web browser.
- Uploading of files via an FTP connection.
- Attaching files to an email.
Q: What makes CPTRAX by Visual Click Software one of the best solutions available for Insider Intelligence and managing Insider Threats?
A: We have created a robust solution for Windows® desktops and laptops that provides numerous beneficial abilities:
- Email alerts when a USB device is plugged in
- Email alerts on excessive data copying to USB and other removable devices
- Block creation and copying of files to USB and other removable devices
- Audit unusual file activity, for instance, when Outlook is used to open a spreadsheet
- Audit when files are copied from a remote device including network servers
- Audit files being uploaded via a web browser
- Audit files being attached to an email
- Report all USB devices connected including specialty devices such as credit card scanners
- Audit failed workstation/laptop logon attempts including account name attempted
- Audit when failed password changes were attempted
If your enterprise includes computers and laptops used while offline from your networks, other than instant email alerts, all of these abilities are maintained, and each are securely journaled for later reporting.
Q: How can you help if the audit reports show employees or former employees copying files which they should not have access to?
A: You can use our DSRAZOR for Windows product to help prevent insider threats. Some of the features included are:
- Find unused accounts (former employees) and then disable or delete the account directly from the report
- Report on effective NTFS security permissions
- Manage NTFS security permissions
- Find and remove unwanted file security permissions
- Modify existing permissions directly from a trustee report
- Find and delete orphaned SID trustees
- Report where NULL ACLs exist (where everyone has full access)
- Report on files where no owner is defined (orphaned SID)
- Report how effective file permissions were obtained
For more details and a no obligation evaluation, connect with www.visualclick.com today.
Review CPTRAX for Windows on SourceForge.
Related Category: Audit Software