INSIDER THREAT SECURITY BLOG

If you have been using StealthAUDIT for your data access governance (DAG) and compliance needs, then you have likely come across situations where you would like to purge data pertaining to a specific host being monitored. In addition, when you upgrade to a newer release of StealthAUDIT, there might be a need to drop all the tables related to a specific job. While the StealthAUDIT back-end database uses SQL Server with a published and open data model, it is not advisable to delete data or d…

The Techniques Attackers Use and Best Practices for Defending Your Organization Introduction An attacker who gets into your network is seldom content with their initial foothold. To achieve their ultimate objective, whether that’s stealing sensitive information or planting malware, they need to leverage the account they have compromised to move laterally through your environment and escalate their privileges until they gain access to more data or resources. In other words, the accoun…

A data subject access request (DSAR) is a common requirement in privacy regulations today. It grants individuals the right to request all the personally identifiable information (PII) an organization has gathered about them, along with how the organization is using that data and who they’ve shared it with. Responding to DSARs can be a daunting task for any organization. In fact, Gartner reports that manually processing a single request costs organizations more than $1,400 and takes most o…

Microsoft recently updated their guidance for organisations. The guidance includes some significant changes to how organizations should approach privileged access, so Stealthbits (now part of Netwrix) is here to provide advice and guidance on what this means for you. Tiered access model and the red forest To protect our most privileged credentials, for the last several years Microsoft has described using the tiered access model (TAM), coupled with the Enhanced Security Admin Environment…

Privilege Account Management (PAM) has been around in some shape or form for decades now. Whether that’s vaulting passwords, session management, reducing privilege, or any combination of privileged management workflows, there’s been no shortage of vendors to choose from. Then why, with such a rich history and breadth of software to choose from, does the term PAM still make admins shudder? Surely it should be enjoyable to have a PAM solution humming along, reducing your organization’s risk …

While you’re more likely to be familiar with accessing network file shares via Server Message Block (SMB), or the Windows implementation of SMB (CIFS), the Network File System (NFS) is still prevalent in modern production environments, such as on Unix servers like NetApp ONTAP and Dell EMC Isilon/PowerScale OneFS. Originally designed in 1984 at Sun Microsystems with roots in Unix, NFS is an open standard for distributing a file system across a network for multi-client access. Currently at …

The Importance of Cloud Storage – From SMBs to the Enterprise With the release of Version 11.0, StealthAUDIT’s Sensitive Data Discovery tools now include our AnyData connector, which allows users to scan any storage repository for sensitive data. This is an incredibly powerful workflow, as it gives StealthAUDIT users the ability to scan cloud data repos in addition to traditional, on-premises data storage. Year after year, the number of cloud storage vendors is increasing and their use…

Sysmon is an important tool within Microsoft’s Sysinternals Suite, a comprehensive set of utilities and tools used to monitor, manage, and troubleshoot the Windows operating system. Per Microsoft’s own definition, Sysmon “provides detailed information about process creations, network connections, and changes to file creation time. By collecting the events it generates using Windows Event Collection or SIEM agents and subsequently analyzing them, you can identify malicious or anomalous acti…

Understanding the Risk of Active Directory Permissions and Shadow Access I recently covered the topic of Active Directory permissions by giving an overview on how to apply them and view what already exists in your organization. In this blog, I’ll be taking a deeper dive into Active Directory permissions, outlining potential risks that exist when certain permissions are applied to certain objects. Why Do Active Directory Permissions Create Risk? So how do Active Directory permissions …

A Data Subject Access Request (DSAR), a common term amongst data privacy regulations, is an individual’s right to request information on personally identifiable information (PII) an organization has gathered about them, how that organization is using that data, and who that data has been shared with. Responding to a DSAR could be a daunting task for organizations, which often lack the necessary plumbing to be able to identify exactly where a given individual’s PII exists within their environm…