INSIDER THREAT SECURITY BLOG

Many of the threats discussed in the Verizon DBIR can be addressed with StealthINTERCEPT, and a little-known feature called Investigate makes it easy for users to quickly retrieve the policies they care most about. StealthINTERCEPT’s Investigate feature allows users to easily view specified events across all available Policies. Defining Policies (the Who, When, Where, What, and more) can really help users access the full picture for activity. While this is especially useful for any kind of s…

StealthAUDIT’s File Activity Monitor enables our customers with great visibility into file activity within Windows and most NAS solutions. Although the Access Information Center makes understanding this information easy, SIEM can, at times, be the preferred way to view any and all activity. Enabling Syslog output requires first opening the Stealthbits File Monitor and navigating to the Monitored Hosts tab. From there select ‘Edit’ for the host you wish to have send activity data to your SIEM….

The Local Administrators Report is a great report available to users of our Systems Governance Solution set, but focusing solely on Local Admins may not be the complete picture. The Local Administrators job (SG_LocalAdmins) uses our USERSGROUPS Data Collector. While scoped by default to only look for that local groups members, the Data Collector can be set to bring back other local groups as well. This can simply be done as follows:Within the Jobs tree navigate to System Governance > Privi…

Ransomware has been ‘top of mind’ due to its much deserved media attention. With StealthINTERCEPT for File Systems we can make it easy to keep up with current & emerging versions of this evolving scourge. Version 3.4.1(current) of StealthINTERCEPT has a template available right out of the box (called Ransomware Detection), whereas older versions will require a new File System Policy to be created. Once you have the policy created or copied from a template, set the desired hosts and pat…

Ownership is key to beginning certification routines within your IAM platform of choice. StealthAUDIT can help you begin that process while onboarding a new IAM solution, or with existing solutions you may already have today. Right out of the box we can start identifying Probable Ownership within StealthAUDIT’s Report Index for both AD and unstructured data. The AD solution set shows probable owners for either security or distribution groups in the Probable Owners report (Active Directory &gt…

It is the responsibility of administrators to control the threat surface of their corporate environments. Authentication based attacks, such as pass the hash, are making this harder every day. Learn how to mitigate this risk by reducing the privileged account access of internet-facing machines. StealthINTERCEPT for AD can help you accomplish this in just a few minutes! First create a new Policy by right clicking on your desired Directory, for these I created one called “Authentications”. Se…

If you’re like me, you want to get these new features up and running as soon as possible. Good thing the StealthAUDIT Instant Job Wizard makes adding new solutions a breeze! First, import your new license with the Office 365 options you purchased. Then, with the “Jobs” group selected, click the Instant Job Wizard (it’s the lightning bolt icon located at the top left of the console, just beneath “File”). Once you advance through the Welcome Screen, all your available solutions are displayed. …

StealthINTERCEPT’s Advanced Attack Analytics are integral to understanding potential internal threats through authentication activity. While having this information at your fingertips is great, no one has time to watch a screen all day. Just like our Change Alerting, Analytics can be enabled for all our various alert capabilities as well. Simply select the Configuration option at the top left of the console window, then the Alerts option. Next, select the Analytics set on the left-hand side …

Customers using StealthINTERCEPT often ask the question how to quickly find all the changes made to a user object including all group membership adds and deletes. The Investigation feature can be used to perform this search. Here’s how: first, make sure all policies are selected. Then, under the Other category, click both Class and Attribute. For the changes made directly to a user, for Class enter in User, and under attribute enter in a partial string for the user you want to look for. IE ‘A…