INSIDER THREAT SECURITY BLOG

AD Cleanup – A Place for Everything, and Everything in its Place Occasionally, it pays to get some extra husband points, so last week I decided to spend some time downstairs with my kids cleaning up their playroom. My wife and I were both tired of picking our way along the different toys, DVD cases, pillows, and little kid chairs, and somehow it had gotten messy *again* – it was my turn to herd cats and “help” the kids get it cleaned up. There were toys on the floor, bins full of mismatched …

Ted is an application developer who lost his job in the IT sector due to company downsizing. Ted was displeased at being laid off just before Christmas, and expressed his displeasure by launching a systematic attack on his former company’s network. Three weeks following his termination, the insider used the username and password of his colleague to gain remote access to the network and modify several of the company’s files, web pages, and customer information. He also sent an email to …

The “heartbleed” bug recently discovered is the type of bug that security experts often discuss within the context of doomsday scenarios but truly never want to experience. The bug isn’t platformed specific; e.g. Patch Tuesday – Windows “fixes”; this bug targets the very fabric of secure communications across the Internet and all of those “things” that communicate across it. The flaw at its very fundamental level steals information from SSL/TLS encrypted communications which is a core secu…

You can call it PIM (Privileged Identity Management); you can call it PAM (Privileged Account Management); you can call it PUM (Privileged User Management). The one thing you can’t call it is boring. I’ll go with PIM for now. It seems every customer we’re speaking to either has a PIM solution in place, is rolling one out, or is trying to find one. Considering the way auditors have been giving so much attention to administrative rights, this is no surprise. If you have IT systems, you have adm…

Lately I’ve gotten a few questions from prospective clients about AD security group scope. I wanted to take a minute to give an overview of what group scopes are and why they’re meaningful. I’ll also talk a little bit about Microsoft’s best practice models for using group scope and discuss some of the positives and negatives of each. Group scope is important to understand if you want to effectively control risks in how you use AD groups. The scope of a group determines where the group can be…

As media outlets broadcast security breaches with household names like Target and Home Depot, hundreds of less-famous breaches are occurring every day. Most of these have one thing in common; they come from the inside. As a result, IT organizations and the industry at large are beginning to shift their threat mitigation strategies. One such recent shift occurred when Microsoft drew attention to a small Israeli startup, Aorato. The promise of threat detection technology that sees insider be…

Right now the headlines in the security world are on fire with hacks and breaches. There is a nasty number brewing at DHS involving federal employees, and there is the alleged largest hack of username and password data ever as well. I say “alleged” because some in the security world have called some of the numbers being thrown around into question and I think they make some good points. Much of this has made it into mainstream news. People will be doing the Heartbleed dance and changing all t…

One of the continually fascinating parts of my job is talking to customers and understanding how they decide to pursue some goals over others. Last week I had the chance to sit with a modest size department of a fairly large city. They have just brought on a new CIO and his top priority item is Data Access Governance (DAG). How did that become his top priority? The story his team told me was funny and scary at the same time. They are in the middle of a big project to clean up their citizen re…

Risk reduction is often associated with prevention only. Effective security, however, also needs detection and response. Those three (prevention, detection, response) are the fundamental pieces of the process oriented approach to IT security, which allows us to effectively reduce the risk and is the subject of this article. Risk and Countermeasures Let’s assume that the risk has been identified. Then the decision about risk handling needs to be made. The risk can be: a) reduced (counterm…