INSIDER THREAT SECURITY BLOG

I’m often asked by fellow engineers why they can’t seem to communicate or even ping their newly created VM lab on their personal workstation or laptop. There are few MS caveats that play into the problem and a few easy steps to make everything work. For my demonstration, this BLOG is going to be catering to a user who is leveraging VMWare Workstation and created a host-only virtual network for the purpose of having a private lab. The common issue people run into would be making any network co…

With all the attention the world can muster for information security squarely focused on Sony Pictures Entertainment, a small but significant breach went mostly unnoticed at Morgan Stanley right at the end of last year. In case you have not heard about it, you can read about it here. There are a couple interesting things about this breach worth noting. First, there is kudos for the Morgan Stanley team at every level for how this was handled. “But they were breached! Why would you congratul…

Shutting down an attack before it’s too late Practically every device on the network produces logs of activity and these logs contain records of authentications, changes, software installs, etc. Companies have invested in technologies like SIEM to help digest these logs and raise alerts. So, why are we seeing these breaches on the rise? Data does not equal intelligence, and intelligence is what’s used to detect problems. You’ll never detect the threat using generic tools and technologies,…

The best way to tell the difference between a threat and a risk is to ask a simple question: can I control it? The reason is that a threat always comes from the outside, while a risk is exposed from the inside. Just think about the way we talk about them. Someone “takes a risk” but it is always someone else who “makes a threat.” Some risks are absolutely required. Every retail store has cash in every register because the risk to revenue of not being able to make change for a purchase is great…

Selection bias often leads us to pick out details that are advantageous for us. The classic example: soon after buying a new car one begins to seemingly see that car and that make of car much more often. You don’t actually see it more often, but you notice it more often. When I was at the Gartner IAM Summit last week in Las Vegas, I was pretty sure that I was suffering from selection bias on day one. As I went from session to session, it seemed that there were hints of unstructured data every…

There are lots of rumors about the Sony Pictures GOP hack right now, but only two things we can say for sure: there was a ton of badly protected unstructured data taken and they used privileged accounts to pull it off. There were documents emerging from as far back as 2000. What were these documents doing in the open? Are there even Sony employees who need access to that stuff on a day to day basis? Before this starts to sound like Sony bashing, I should point out that they are just the unfor…

I’ve been to dozens of conferences over the past decade, but this year’s Gartner IAM Summit was perhaps the most interesting and educational event I’ve been to. One of the things that makes the IAM Summit so great every year is its intense focus on a single subject; Identity & Access Management. While there are certainly many subtopics that make up the IAM arena like single sign-on, authentication, privileged account management (PIM), governance, and more, everything at the IAM summit is …

Getting it Clean In my house when the playroom gets to the point where something needs to be done, my wife or I rally the family, we assign tasks, and after grumbling and complaining (not just the kids!) it gets done. Many companies are in the same place – they want to be successful with their new project roll-ups, they want to save costs in time and effort and licensing, and they want to get it cleaned up now before it gets worse. They’ve put it off long enough, but now they want to get thi…

Why Bother? The problem with cleaning up isn’t that we don’t want to do it, we’re just busy. When it’s my basement and my house, the project is contained and has a finite end – when you’re able to finish vacuuming, its pretty much done. I can turn that project around pretty quickly, but even then it needs to be scheduled with all of the other stuff that’s going on in the house that minute, that day, that week. When we’re working with clients and helping to sort out their AD issues, it’s much…