Making a distinction between external and internal threats is becoming increasingly difficult and less and less relevant. The issue of internal security threats was highlighted by Geoff Webb's article this week (linked below). As he rightly states, the insider threat may easily outstrip Internet-based cyber attacks in terms of information asset loss or damage, and yet still be the less feared and therefore, less well-defended against, threat.

Whether due to complacency or naivety, the vast majority of organizations have failed to adapt security processes and procedures to reflect the changing threat landscape. As Webb highlights, growing numbers of data theft are inside jobs where users are ‘over-privileged’ in terms of rights and permissions to roam the network and steal data. However, the other significant knock-on effect from these over-privileged users is that they will also be empowered to do far more damage to the organization if they fall victim to a phishing attack or other malware infection.

It is therefore critical that organizations start embracing a higher level of best practice and governance in security processes and procedures and, in particular, extensive internal defenses.

Organizations need a completely infallible way of detecting the presence of malware and to also ensure hardening measures and user access controls are being enforced. Any configuration drift or other breach activity needs to be alerted in real-time to stave off threats and potential damage. Whilst all compliance, governance and regulatory standards require security controls such as a hardened build standard, control of user rights and tight change control, this is too often focused heavily on protecting from external threats with a lack of understanding that the internal threat is potentially of more significance.

File Integrity Monitoring (FIM) is proven to radically reduce the risk of security breaches; it raises an alert related to any change in core file systems or configuration settings. The potential breach is detected regardless of whether this has been instigated by an inside man or an unwittingly phished employee introducing malware or other zero-day threat, blasting unrecognized past the AV defenses. Flagging up changes in this way ensures there is no chance of an APT gaining hold; no risk of the stealth attack that gets in and out leaving no trace – there is a trace and the business is immediately notified.

The fact is that every business is at risk at all times and defenses and detection mechanisms must be implemented on the assumption that traditional firewall and AV measures are fallible – and that the lines between the external and internal threat are now intrinsically blurred.

*http://www.businesscomputingworld.co.uk/preventing-employee-own-goals/

 

 

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.