INSIDER THREAT SECURITY BLOG

In our fifth edition of the Insider Threat Podcast, we caught up with Gabriel Gumbs who has just spent the week at Black Hat 2017. Gabriel is the STEALTHbits VP of Product Strategy and his mission was to meet with some of our customers and partners at the show as well as bring back any interesting exploits and vulnerabilities that were on display for us to chew on. He certainly found a few. There were, of course, the usual set of topic that have been mainstays for years. Security for cloud an…

Active Directory Attack Blog Series Spending time with customers in Texas last week left me speechless – literally. One customer asked me a question for which I was not prepared. They have been following our Active Directory attack blog series. They found it very interesting, but they had one major question. Why should they spend so much time thinking about what attackers do? If they spend all your time creating good security programs and practices, isn’t that the best they can do? I have …

In our third edition of the Insider Threat podcast, we turn from the bad guys attacking you to auditors attacking you. That’s a joke, but I know it does reflect the way it can feel sometimes. Many folks will ignore NYCRR 500 because they see “NYC” and think that means it isn’t about them, or they know it is being put out there by the New York State Department of Financial Services (DFS) and think that means it will not apply to them since they are not a financial. The scope of NYCRR 500 is li…

File Activity Monitoring Organizations spend thousands, if not millions of dollars, on their data storage infrastructure. However, many lack visibility into file activity on Network-attached storage (NAS) devices like NetApp, Dell EMC, and Hitachi—as well as Windows devices. This is because native auditing can present challenges like configuration complexity, undifferentiated events, and performance issues. As a result, companies are unable to answer basic questions like: Who moved, delete…

During the Cloud Identity Summit 2017 keynote, there was a predictable discussion about the state of our deteriorating security perimeter. Given this is the year’s premiere identity event—and that the speaker was Ping Identity’s CEO—you may expect to hear the now ubiquitous meme: “Identity is the new perimeter.” That is not what we heard, though. I want to quote what he said exactly and spend some time breaking it down. His quote is: “Our perimeter isn’t disappearing – it’s shrinking…and if y…

Service accounts are under managed and overprivileged. Being pushed along by application groups annoyed that they need to deal with any process at all, security or helpdesk folks simply make an account, give it rights, and get it in the hands of the application folks. The application team thinks the account is controlled like any other, but that’s wrong most of the time. The folks in charge of the directories think the application or security team are giving the service accounts special atten…

File Activity Monitoring With Russia’s suspected hacking of the U.S. elections still in the news, our office conversation turned to the topic of Edward Snowden. One of our executives commented that even with the billions the government spent on cybersecurity—including technologies like User and Entity Behavior Analytics (UEBA)—officials still don’t know exactly what information Snowden took. I mention this conversation because we’ve recently had a number of organizations, as well as partners…

We have just done the first episode of our Insider Threat podcast, and it was a little scary. I’m no stranger to doing a show; so that wasn’t scary. What was frightening is how easily the bad guys can exploit our Active Directory and Microsoft platforms. I sat down with Jeff Warren, who wrote our recent blog series, 4 Active Directory Attacks and How to Prevent Them, and asked him how difficult it was to find and deploy the attacks he described. Now, I know it isn’t hard to find ways to explo…

Protect Your Unpatched Systems Against Malware What do the Melissa virus, ILOVEYOU worm and the WannaCry ransomware have in common? After patches were made available, they were still successfully spreading. Secondary storage also played a role in these infections. As malware evolved from nuisance to profit-driven, secondary storage became less of an infection vector and more of an opportunity to ransom data. I choose to highlight Melissa somewhat randomly, but mostly because it was 18 years …

At the time of writing this blog, there are 378 days, 8 hours until the GDPR comes into force. That’s 54 weeks or approximately 270 weekdays, not considering public holidays. Surely plenty of time to get everything in place and ensure your business is compliant. Right? Wrong! Let me back this up by putting some context around the various elements discussed in the previous blogs in this series. The GDPR Project Obviously, no two organisations are identical so for the sake of illustrati…